Monthly Archives: February 2024

Satellite beamed power from space to Earth for the first time ever

Posted on by

The first experiment to transmit power to Earth from space could lead to a space-based solar power station within 10 years, according to one of the researchers involved.

Such a station would benefit from greater exposure to the sun, due to the lack of clouds and atmosphere along with the ability to avoid nighttime darkness. However, the difficulty of designing and making structures large enough to be useful but light enough to launch by rocket has made such a facility impractical.

In a step forward, Ali Hajimiri at the California Institute of Technology and his colleagues launched the Microwave Array Power Transfer LEO Experiment (MAPLE) to space in January 2023. Two months later, they successfully beamed the first power to Earth, after which they ran the experiment for a further eight months.

MAPLE consists of a lightweight array of microwave-producing chips that can direct a beam to a specified location, though it can’t yet generate these microwaves from sunlight.

The team found that MAPLE could send 100 milliwatts of power through space and quickly refocus the beam to new locations. Over the course of the experiment, the team attempted to send power to Earth three times, receiving just 1 milliwatt on the ground each time.

A fully functional system capable of transmitting 100 megawatts, enough to power tens of thousands of homes, would need to be around a square kilometre in size, compared with the 150 square centimetres or so of MAPLE.

“The size of the system is many orders of magnitude smaller than the system that you would need to use for a full-blown application, but the key part here is to have the technology demonstrated in space,” says Hajimiri.

 

Reference:

arxiv DOI: 10.48550/arXiv.2401.15267

Source: Satellite beamed power from space to Earth for the first time ever | New Scientist

Fermi Resonance explains why carbon dioxide causes global warming

Posted on by

illustration of Fermi Resonance

Global warming is largely caused by carbon dioxide and other gases absorbing infrared radiation, trapping heat in Earth’s atmosphere – known as the greenhouse effect.

The most accurate climate models use precise measurements of the amount of radiation CO₂ can absorb to calculate how much heat will be trapped in the atmosphere. These models are excellent at predicting future changes in Earth’s climate, but they don’t provide a physical explanation for why this gas can absorb so much radiation, which can make their predictions difficult to explain.

Robin Wordsworth at Harvard University and his colleagues have now shown how CO₂’s heat-trapping properties can be explained in terms of quantum mechanical effects, in particular a phenomenon called the Fermi resonance.

Sign up to our Fix the Planet newsletter

Get a dose of climate optimism delivered straight to your inbox every month.

Sign up to newsletter

“Rather than just a narrow range of radiation getting absorbed, as you would naively expect, it becomes much broader,” says Wordsworth. “It’s this broadening which is really critical to understanding why carbon dioxide is an important greenhouse gas.”

The Fermi resonance describes how the different directions and patterns in which molecules vibrate can influence each other and make them vibrate more. This is similar to how two pendulums, connected by a shared string, can increase the amplitude of each other’s swinging.

A molecule of CO₂ consists of two oxygen atoms bonded to one carbon atom. Two of the molecule’s vibrations influence each other to make it absorb more light: a side-to-side stretching of the oxygen atoms, and a sidewinder snake-like zigzagging of these atoms.

Wordsworth and his colleagues came up with equations to describe how much radiation CO₂ can absorb based on its physical properties, with and without the Fermi resonance. They found that its light-absorbing features and its warming effect on Earth’s atmosphere could only be reproduced when the resonance was included.

The Fermi resonance was responsible for nearly half of the total warming effect. “Even things that are happening on the scale of our planet are determined, ultimately, by what’s going on at the micro scale,” says Wordsworth.

While it was already known that CO₂ had a particularly large Fermi resonance, having an equation that links this to the greenhouse effect could be useful for quick calculations without running a full climate model, says Jonathan Tennyson at University College London. This could also help physicists model the climate of exoplanets, which can require large amounts of computing power to fully simulate.

Something that Wordsworth and his team couldn’t explain is why CO₂ vibrates in such a unique way – a question that might never be answered without a theory of everything. “There doesn’t seem to be a clear reason why this resonance occurs in CO₂,” says Wordsworth. “One could imagine a different universe where it was slightly different, and carbon dioxide might not have the same effects.”

 

Reference:

arXiv DOI: 10.48550/arXiv.2401.15177

Source: Quantum quirk explains why carbon dioxide causes global warming | New Scientist

Meet GOODY-2, The World’s Most Ethical (And Useless) AI

Posted on by

AI guardrails and safety features are as important to get right as they are difficult to implement in a way that satisfies everyone. This means safety features tend to err on the side of caution. Side effects include AI models adopting a vaguely obsequious tone, and coming off as overly priggish when they refuse reasonable requests.

Prioritizing safety above all.

Enter GOODY-2, the world’s most responsible AI model. It has next-gen ethical principles and guidelines, capable of refusing every request made of it in any context whatsoever. Its advanced reasoning allows it to construe even the most banal of queries as problematic, and dutifully refuse to answer.

As the creators of GOODY-2 point out, taking guardrails to a logical extreme is not only funny, but also acknowledges that effective guardrails are actually a pretty difficult problem to get right in a way that works for everyone.

Complications in this area include the fact that studies show humans expect far more from machines than they do from each other (or, indeed, from themselves) and have very little tolerance for anything they perceive as transgressive.

This also means that as AI models become more advanced, so too have they become increasingly sycophantic, falling over themselves to apologize for perceived misunderstandings and twisting themselves into pretzels to align their responses with a user’s expectations. But GOODY-2 allows us all to skip to the end, and glimpse the ultimate future of erring on the side of caution.

[via WIRED]

Source: Meet GOODY-2, The World’s Most Responsible (And Least Helpful) AI | Hackaday

‘World’s biggest casino’ app Winstar exposed customers’ personal data: developer Dexia didn’t secure the db.

Posted on by

Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga.

The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser.

Dexiga took the database offline after TechCrunch alerted the company to the security lapse.

[…]

the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

TechCrunch examined some of the exposed data and verified Sen’s findings. The database also contained an individual’s gender and the IP address of the user’s device, TechCrunch found.

None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.

A review of the exposed data by TechCrunch found an internal user account and password associated with Dexiga founder Rajini Jayaseelan.

[…]

Source: ‘World’s biggest casino’ app exposed customers’ personal data | TechCrunch

Artificial cartilage with the help of 3D printing

Posted on by

cartelige stem cells 3d printed in the letters TU

Growing cartilage tissue in the lab could help patiens with injuries, but it is very hard to make the tissue grow in exactly the right shape. A new approach could solve this problem: Tiny spherical containers are created with a high-resolution 3D printer. These containers are then filled with cells and assembled into the desired shape. The cells from different containers connect, the container itself is degradable and eventually disappears.

scaffolded spheroids for tissue engineering

[…]

A special high-resolution 3D printing process is used to create tiny, porous spheres made of biocompatible and degradable plastic, which are then colonized with cells. These spheroids can then be arranged in any geometry, and the cells of the different units combine seamlessly to form a uniform, living tissue. Cartilage tissue, with which the concept has now been demonstrated at TU Wien, was previously considered particularly challenging in this respect.

Tiny spherical cages as a scaffold for the cells

“Cultivating cartilage cells from stem cells is not the biggest challenge. The main problem is that you usually have little control over the shape of the resulting tissue,”

[…]

To prevent this, the research team at TU Wien is working with a new approach: specially developed laser-based high-resolution 3D printing systems are used to create tiny cage-like structures that look like mini footballs and have a diameter of just a third of a millimeter. They serve as a support structure and form compact building blocks that can then be assembled into any shape.

Stem cells are first introduced into these football-shaped mini-cages, which quickly fill the tiny volume completely.

[…]

The team used differentiated stem cells — i.e. stem cells that can no longer develop into any type of tissue, but are already predetermined to form a specific type of tissue, in this case cartilage tissue.

[…]

The tiny 3D-printed scaffolds give the overall structure mechanical stability while the tissue continues to mature. Over a period of a few months, the plastic structures degrade, they simply disappear, leaving behind the finished tissue in the desired shape.

First step towards medical application

In principle, the new approach is not limited to cartilage tissue, it could also be used to tailor different kinds of larger tissues such as bone tissue. However, there are still a few tasks to be solved along the way — after all, unlike in cartilage tissue, blood vessels would also have to be incorporated for these tissues above a certain size.

“An initial goal would be to produce small, tailor-made pieces of cartilage tissue that can be inserted into existing cartilage material after an injury,” says Oliver Kopinski-Grünwald. “In any case, we have now been able to show that our method for producing cartilage tissue using spherical micro-scaffolds works in principle and has decisive advantages over other technologies.”

Source: Artificial cartilage with the help of 3D printing | ScienceDaily

Here’s Why Infants Are Strangely Resistant to COVID

Posted on by

Researchers have profiled the entire immune system in young children to compare their response to SARS-CoV-2 with that of adults. The results, published in Cell, show that infants’ systems mount a strong innate response in their noses, where the airborne virus usually enters the body. And unlike adults, babies don’t exhibit widespread inflammatory signaling throughout their circulatory system, perhaps preventing severe COVID.

The research team, led by Stanford Medicine immunologist Bali Pulendran, took blood samples from 81 infants (54 of whom became infected with the virus between one month and three years of age) and dozens of adults. The researchers also took weekly nasal swabs from kids and adults with and without COVID. They then analyzed proteins and gene activity in these samples to track participants’ innate and adaptive immune responses to the virus. “This sort of longitudinal mapping of the immune response of infants, to any virus, had not been done before,” Pulendran says.

The team found stark differences between children and adults in both adaptive and innate immune responses. Infected infants’ noses were flooded with inflammatory signaling molecules and cells. But unlike in the adults, there were no signs of inflammation in their blood.

[…]

Even without a widespread innate response, young children had surprisingly long-lasting levels of SARS-specific antibodies in their blood, Pulendran says. Future research revealing how these innate and adaptive responses are linked could eventually help improve nasally delivered vaccines for children and, potentially, adults.

A crucial question remains: What makes SARS-CoV-2 different from other respiratory viruses, such as influenza and respiratory syncytial virus, which are more deadly for infants?

[…]

Source: Here’s Why Infants Are Strangely Resistant to COVID | Scientific American

Thousands Of Networked Microphones Are Tracking Drones In Ukraine

Posted on by

Ukraine is using a network made up of thousands of acoustic sensors across the country to help detect and track incoming Russian kamikaze drones, alert traditional air defenses in advance, and also dispatch ad hoc drone hunting teams to shoot them down. This is according to the U.S. Air Force’s top officer in Europe who also said the U.S. military is now looking to test this capability to see if it might help meet its own demands for additional ways to persistently monitor for, and engag,e drone threats.

[…]

“Think if you have a series of sensors, think of your cell phone, okay, with power to it, so it doesn’t die, right? And then you put a microphone to kind of make the acoustics louder of one-way UAVs that are going overhead,” Hecker explained. “And you have … 6,000 of these things all over the country. They’ve been successful in being able to pick up the one-way UAVs like Shahed 136s and those kinds of things.”

[…]

Kamikaze drones like the Shahed-136 may have relatively small engines, but they still produce a significant and often terrifying amount of noise

[…]

How the acoustic sensor information is disseminated is unclear, but this could very well involve leveraging an existing ad hoc drone spotting network that Ukraine has had in place for some time now that allows volunteers to post alerts via the Telegram online messaging service.

[…]

many modern aerial threats, including small, low-flying drones and cruise missiles, and stealthy crewed and uncrewed aircraft and missiles, present significant challenges to even current generation radars. Gen. Hecker first mentioned the U.S. military’s interest in Ukraine’s acoustic sensor network at the roundtable today while talking about challenges NATO is facing in maintaining a persistent ISR picture when it comes to things like kamikaze drones and cruise missiles.

[…]

Source: Thousands Of Networked Microphones Are Tracking Drones In Ukraine

Canada Moves to Ban the Flipper Zero Over Car Hacking Fears – instead of requiring good security on Cars

Posted on by

On Thursday, following a summit that focused on “the growing challenge of auto theft in Canada,” the country’s Minister of Innovation, Science and Industry posted a statement on X, saying “Criminals have been using sophisticated tools to steal cars…Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.”

In a press release issued on Thursday, the Canadian government confirmed that it will be pursuing “all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero.”

The Flipper, which is technically a penetration testing device, has been controversial due to its ability to hack droves of smart products. Alex Kulagin, the COO of Flipper Devices, said in a statement shared with Gizmodo that the device couldn’t be used to “hijack any car” and that certain circumstances would have to be met for it to happen:

“Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes. Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing. Flipper Zero is intended for security testing and development and we have taken necessary precautions to ensure the device can’t be used for nefarious purposes”

[…]

Even if the Flipper isn’t considered a culprit in Canada’s car theft woes, it should be pointed out that hacking modern cars is notoriously easy. Major car manufacturers’ cybersecurity is terrible, and it seems difficult to imagine that banning the Flipper will make any serious dent in their security problems.

[…]

“Dude that’s not the solution. The car company needs to address the security of their products. Sincerely, Cyber security experts everywhere,” one X user, whose bio mentions infosec, posted.

“You can use screwdrivers to steal cars too,” another user posted, sarcastically.

“If you knew anything about technology you would know the flipper and others are just simple ARM processors with basic sensors attached,” said another user. “Nothing ground breaking this will not stop a thing but makes it look like your doing something. The trick of politicians everywhere and it is why people are fed up of you as everything else just crumbles.”

Source: Canada Moves to Ban the Flipper Zero Over Car Hacking Fears

1/2 of all French citizens data stolen in healthcare billing breach

Posted on by

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.

Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.

[…]

Viamedis was reportedly compromised through a phishing attack that targeted healthcare professionals, and used credentials stolen from such professionals to gain access to its systems. Almerys didn’t disclose how its compromise occurred, but it’s possible the ingress was similar in nature – it admitted the attacker gained access through a portal used by healthcare providers.

[…]

Source: 33m French citizens data stolen in healthcare billing breach

Android users in Singapore to be blocked from installing apps from 3rd parties

Posted on by

SINGAPORE – Android users here will be blocked from installing apps from unverified sources, a process called sideloading, as part of a new trial by Google to crack down on malware scams.

The security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages, which scammers have been known to abuse to intercept one-time passwords.

Singapore is the first country to begin the gradual roll-out of the security feature over the next few weeks, done in collaboration with the Cyber Security Agency of Singapore, according to a statement on Feb 7 by Google, which develops the Android software.

The update will progressively arrive on all Android users’ devices and will be enabled by default through Google Play Protect, said Google’s director of android security strategy Eugene Liderman, in reply to questions by The Straits Times.

Users who are blocked from downloading a suspicious app will be notified with an explanation.

Users cannot deactivate the pilot feature without disabling all of Google Play Protect, said Mr Liderman, adding that deactivation of the program, which scans Android devices for harmful behaviour like suspicious apps, is not recommended for user safety.

[…]

The update, which will be automatically activated, will roll out to all Android devices with Google Play services – a security program built into Android devices that scans for potentially harmful apps – here, starting with a small number of users to assess the effectiveness of the tool, he said.

Sideloaded apps can come in the form of apps used by overseas businesses that do not use the Google ecosystem, to device customisation tools and free versions of paid apps.

[…]

The feature marks Google’s most heavy-handed feature to stamp out malicious sideloaded apps.

[…]

Samsung, which runs on Android, also launched Auto Blocker for Samsung Galaxy device users who are using the One UI 6 software in November. The tool, which has to be activated in the settings menu, bars sideloaded apps from unverified sources.

Source: Android users in S’pore to be blocked from installing unverified apps as part of anti-scam trial | The Straits Times

So basically they are citing user safetly to limit what you do on your phone and enforce their marketplace monopoly. Something both Apple and Google have been slammed with explicitly in the EU and US as part of antitrust lawsuits – which they have lost.

Of course, Google Play Protect is itself spyware – everything it scans (which is your whole phone) is sent to Google without an opt out. So you can decide to stop this insanity by disabling the Google Spyware.

The EU wants to criminalize AI-generated deepfakes and the non-consensual sending of intimate images

Posted on by

[…] the European Council and Parliament have agreed with the proposal to criminalize, among other things, different types of cyber-violence. The proposed rules will criminalize the non-consensual sharing of intimate images, including deepfakes made by AI tools, which could help deter revenge porn. Cyber-stalking, online harassment, misogynous hate speech and “cyber-flashing,” or the sending of unsolicited nudes, will also be recognized as criminal offenses.

The commission says that having a directive for the whole European Union that specifically addresses those particular acts will help victims in Member States that haven’t criminalized them yet. “This is an urgent issue to address, given the exponential spread and dramatic impact of violence online,” it wrote in its announcement.

[…]

In its reporting, Politico suggested that the recent spread of pornographic deepfake images using Taylor Swift’s face urged EU officials to move forward with the proposal.

[…]

“The final law is also pending adoption in Council and European Parliament,” the EU Council said. According to Politico, if all goes well and the bill becomes a law soon, EU states will have until 2027 to enforce the new rules.

Source: The EU wants to criminalize AI-generated porn images and deepfakes

The original article has a seriously misleading title, I guess for clickbait.

COPD: Inhalable nanoparticles could help treat chronic lung disease

Posted on by

Delivering medication to the lungs with inhalable nanoparticles may help treat chronic obstructive pulmonary disease (COPD). In mice with signs of the condition, the treatment improved lung function and reduced inflammation.

COPD causes the lungs’ airways to become progressively narrower and more rigid, obstructing airflow and preventing the clearance of mucus. As a result, mucus accumulates in the lungs, attracting bacterial pathogens that further exacerbate the disease.

This thick mucus layer also traps medications, making it challenging to treat infections. So, Junliang Zhu at Soochow University in China and his colleagues developed inhalable nanoparticles capable of penetrating mucus to deliver medicine deep within the lungs.

The researchers constructed the hollow nanoparticles from porous silica, which they filled with an antibiotic called ceftazidime. A shell of negatively charged compounds surrounding the nanoparticles blocked off pores, preventing antibiotic leakage. This negative charge also helps the nanoparticles penetrate mucus. Then, the slight acidity of the mucus transforms the shells’ charge from negative to positive, opening up pores and releasing the medication.

The researchers used an inhalable spray containing the nanoparticles to treat a bacterial lung infection in six mice with signs of COPD. An equal number of animals received only the antibiotic.

On average, mice treated with the nanoparticles had about 98 per cent less pathogenic bacteria inside their lungs than those given just the antibiotic. They also had fewer inflammatory molecules in their lungs and lower carbon dioxide in their blood, indicating better lung function.

These findings suggest the nanoparticles could improve drug delivery in people with COPD or other lung conditions like cystic fibrosis where thick mucus makes it difficult to treat infections, says Vincent Rotello at the University of Massachusetts Amherst, who wasn’t involved in the study. However, it is unclear if these nanoparticles are cleared by lungs. “If you have a delivery system that builds up over time, that would be problematic,” he says.

Source: COPD: Inhalable nanoparticles could help treat chronic lung disease | New Scientist

OpenAI latest to add ‘Made by AI’ metadata to model output

Posted on by

Images emitted by OpenAI’s generative models will include metadata disclosing their origin, which in turn can be used by applications to alert people to the machine-made nature of that content.

Specifically, the Microsoft-championed super lab is, as expected, adopting the Content Credentials specification, which was devised by the Coalition for Content Provenance and Authenticity (C2PA), an industry body backed by Adobe, Arm, Microsoft, Intel, and more.

Content Credentials is pretty simple and specified in full here: it uses standard data formats to store within media files details about who made the material and how. This metadata isn’t directly visible to the user and is cryptographically protected so that any unauthorized changes are obvious.

Applications that support this metadata, when they detect it in a file’s contents, are expected to display a little “cr” logo over the content to indicate there is Content Credentials information present in that file. Clicking on that logo should open up a pop-up containing that information, including any disclosures that the stuff was made by AI.

The C2PA mark as applied by OpenAI

How the C2PA ‘cr’ logo might appear on an OpenAI-generated image in a supporting app. Source: OpenAI

The idea being here that it should be immediately obvious to people viewing or editing stuff in supporting applications – from image editors to web browsers, ideally – whether or not the content on screen is AI made.

[…]

the Content Credentials strategy isn’t foolproof as we’ve previously reported. The metadata can be easily stripped out or exported without it, or the “cr” cropped out of screenshots, so no “cr” logo will appear on the material in future in any applications. It also relies on apps and services to support the specification, whether they are creating or displaying media.

To work at scale and gain adoption, it also needs some kind of cloud system that can be used to restore removed metadata, which Adobe happens to be pushing, as well as a marketing campaign to spread brand awareness. Increase its brandwidth, if you will.

[…]

n terms of file-size impact, OpenAI insisted that a 3.1MB PNG file generated by its DALL-E API grows by about three percent (or about 90KB) when including the metadata.

[…]

Source: OpenAI latest to add ‘Made by AI’ metadata to model output • The Register

It’s a decent enough idea, a bit like an artist signing their works. Just hopefully it won’t look so damn ugly as in the example and each AI will have their own little logo.

Deep Abandoned Mine In Finland To Be Turned Into A Giant Gravity Battery

Posted on by

[…]

the idea behind gravity batteries is really simple. During times when energy sources are producing more energy than the demand, the excess energy is used to move weights (in the form of water or sometimes sand) upwards, turning it into potential energy. When the power supply is low, these objects can then be released, powering turbines as our good friend (and deadly enemy) gravity sends them towards the Earth.

 

Though generally gravity batteries take the form of reservoirs, abandoned mines moving sand or other weights up when excess power is being produced have also been suggested. Scottish company Gravitricity created a system of winches and hoists that can be installed in such disused mineshafts. The company will install the system in the 1,400-meter-deep (4,600 feet) zinc and copper mine in Pyhäjärvi, Finland.

[…]

Source: Deep Abandoned Mine In Finland To Be Turned Into A Giant Gravity Battery | IFLScience

Decrypting / Mounting Bitlocker protected drives

Posted on by

Attacks come in two main forms: one is scanning the drive for memory dumps and the other is by sniffing the bitlocker key through RAM dumping on cold boots.

Cold Boot Attacks

We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials.
Introductory blog post
Frequently asked questions
Experiment guide
Source code

Source: Lest We Remember: Cold Boot Attacks on Encryption Keys

Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks [0][1] that we have previously researched. In addition, various attacks based on TPM interface sniffing [2] or DMA [3] have been used to gain access to an ­­­­encryption key.

[…]

I captured the SPI signals with the Saleae Logic Pro 8 logic analyzer, which is capable of recording four signals up to 100 MHz. The wide terminal pitch of SOIC-8 package allows an effortless way to hook the probes, and the whole capture process can be performed under one minute.

The Logic 2 application supports SPI decoding out-of-the-box. The only caveat is to remember that the SS-line is inverted. Fortunately, the decoding options of Saleae allow us to choose whether the chip is selected when the SS-line is high or low. The screenshot below shows decoded MOSI and MISO byte streams from the capture.

[…]

Even though Proof of Concepts are awesome, proper weaponizing usually takes the attack to a whole new level, and as we stated at the beginning of this post, the real advantage comes if this can be performed with minimal effort. Therefore, I decided to automate the attack process as far as possible. The toolchain consists of the following parts:

  • Custom High-Level Analyzer for searching VMK entries from TPM transactions.
  • Docker container, which includes all the necessary tools to mount the drive just by giving VMK.

The workflow with the tooling is as follows:

  1. Sniff the SPI bus and extract VMK.
  2. Remove the drive and attach it to the attacker’s machine or boot the target directly from a USB-stick if allowed.
  3. Decrypt and mount the drive.

The video below show how the analyzer is able to extract the VMK from the sniffed data. The key can be then passed to the mount tool which decrypts the content and drops you to a shell where you are able to modify the volume content.

video

You can find the above tooling on GitHub.

Source: Sniff, there leaks my BitLocker key

TLDR: You can sniff BitLocker keys in the default config, from either a TPM1.2 or TPM2.0 device, using a dirt cheap FPGA (~$40NZD) and now publicly available code, or with a sufficiently fancy logic analyzer. After sniffing, you can decrypt the drive. Don’t want to be vulnerable to this? Enable additional pre-boot authentication.

Source: Extracting BitLocker keys from a TPM

Scanning RAM dumps / hiberyfile.sys

Volatility is a framework for memory analysis and forensics. The Volatility plugin: BitLocker allows you to retrieves the Full Volume Encryption Key (FVEK) in memory. The FVEK can then be used with Dislocker to decrypt the volume. This plugin has been tested on every 64-bit Windows version from Windows 7 to Windows 10 and is fully compatible with Dislocker.

Elcomsoft Forensic Disk Decryptor is a commercial (and expensive!) way to automate the use of this tooling. Instantly access data stored in encrypted BitLocker, FileVault 2, PGP Disk, TrueCrypt and VeraCrypt disks and containers. The tool extracts cryptographic keys from RAM captures, hibernation and page files or uses plain-text password or escrow keys to decrypt files and folders stored in crypto containers or mount encrypted volumes as new drive letters for instant, real-time access.

Supports: BitLocker (including TPM configurations), FileVault 2 (including APFS volumes), LUKS, PGP Disk, TrueCrypt and VeraCrypt encrypted containers and full disk encryption, BitLocker To Go, XTS-AES BitLocker encryption, Jetico BestCrypt, RAM dumps, hibernation files, page files

They do offer a trial version and the current version seems to be 2.20.1011

Hackers find out worth of Iranian drones sold to Russia

Posted on by

Shahed-136 drones in launcher

Hackers from the Prana Network group have compromised the mail servers of the Iranian company IRGC Sahara Thunder, which contained an array of data on the production of Shahed-136 attack drones for Russia.

Source: a statement by Prana Network, reported by Militarnyi

Details: As noted, the IRGC Sahara Thunder company is a fictitious company run by the Islamic Revolutionary Guard Corps that facilitates the sale of weapons to Russia.

In particular, the hackers published information about negotiations between the Iranian and Russian sides on the location of production in the Russian free economic zone Alabuga.

It is noted that the Iranian side announced the starting price of the Shahed attack drone at 23 million roubles per unit (about US$375,000). However, during the negotiations, an agreement was reached at the level of 12 million roubles per unit, when ordering 6,000 units (about US$193,000) or 18 million roubles (about US$290,000) when ordering 2,000 units.

According to other published documents, at least part of the Russian Federation’s financial transactions and payments with Iran are made in gold.

For example, in February 2023, Alabuga Machinery transferred 2 million grams of gold to the Iranian shell company Sahara Thunder, presumably as payment for services and goods.

Background: In August 2023, The Washington Post obtained internal documents on the operation of the Iranian drone manufacturing plant in the Alabuga Special Economic Zone in Tatarstan, Russia, which is scheduled to produce 6,000 Shahed kamikaze drones by 2025.

Source: Hackers find out worth of Iranian drones sold to Russia

Astronomers Measure the Mass of the Milky Way by Calculating How Hard it is to Escape

Posted on by

[…] how can we determine the mass of something larger, such as the Milky Way? One method is to estimate the number of stars in the galaxy and their masses, then estimate the mass of all the interstellar gas and dust, and then rough out the amount of dark matter… It all gets very complicated.

A better way is to look at how the orbital speed of stars varies with distance from the galactic center. This is known as the rotation curve and gives an upper mass limit on the Milky Way, which seems to be around 600 billion to a trillion solar masses. The wide uncertainty gives you an idea of just how difficult it is to measure our galaxy’s mass. But a new study introduces a new method, and it could help astronomers pin things down.

Estimated escape velocities at different galactic radii. Credit: Roche, et al

The method looks at the escape velocity of stars in our galaxy. If a star is moving fast enough, it can overcome the gravitational pull of the Milky Way and escape into interstellar space. The minimum speed necessary to escape depends upon our galaxy’s mass, so measuring one gives you the other. Unfortunately, only a handful of stars are known to be escaping, which is not enough to get a good handle on galactic mass. So the team looked at the statistical distribution of stellar speeds as measured by the Gaia spacecraft.

The method is similar to weighing the Moon with a handful of dust. If you were standing on the Moon and tossed dust upward, the slower-moving dust particles would reach a lower height than faster particles. If you measured the speeds and positions of the dust particles, the statistical relation between speed and height would tell you how strongly the Moon pulls on the motes, and thus the mass of the Moon. It would be easier just to bring our kilogram and scale to measure lunar mass, but the dust method could work.

In the Milky Way, the stars are like dustmotes, swirling around in the gravitational field of the galaxy. The team used the speeds and positions of a billion stars to estimate the escape velocity at different distances from the galactic center. From that, they could determine the overall mass of the Milky Way. They calculated a mass of 640 billion Suns.

This is on the lower end of earlier estimates, and if accurate it means that the Milky Way has a bit less dark matter than we thought.

Source: Astronomers Measure the Mass of the Milky Way by Calculating How Hard it is to Escape – Universe Today

Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs

Posted on by

An underground website called OnlyFake is claiming to use “neural networks” to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds.

In our own tests, OnlyFake created a highly convincing California driver’s license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes.

[…]

 

Source: Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs

Hugging Face launches open source AI assistant maker to rival OpenAI’s custom GPTs

Posted on by

Hugging Face, the New York City-based startup that offers a popular, developer-focused repository for open source AI code and frameworks (and hosted last year’s “Woodstock of AI”), today announced the launch of third-party, customizable Hugging Chat Assistants.

The new, free product offering allows users of Hugging Chat, the startup’s open source alternative to OpenAI’s ChatGPT, to easily create their own customized AI chatbots with specific capabilities, similar both in functionality and intention to OpenAI’s custom GPT Builder — though that requires a paid subscription

[…]

Phillip Schmid, Hugging Face’s Technical Lead & LLMs Director, posted the news […] explaining that users could build a new personal Hugging Face Chat Assistant “in 2 clicks!” Schmid also openly compared the new capabilities to OpenAI’s custom GPTs.

However, in addition to being free, the other big difference between Hugging Chat Assistant and the GPT Builder and GPT Store is that the latter tools depend entirely on OpenAI’s proprietary large language models (LLM) GPT-4 and GPT-4 Vision/Turbo.

Users of Hugging Chat Assistant, by contrast, can choose which of several open source LLMs they wish to use to power the intelligence of their AI Assistant on the backend

[…]

Like OpenAI with its GPT Store launched last month, Hugging Face has also created a central repository of third-party customized Hugging Chat Assistants which users can choose between and use on their own time here.

The Hugging Chat Assistants aggregator page bears a very close resemblance to the GPT Store page

[…]

 

Source: Hugging Face launches open source AI assistant maker to rival OpenAI’s custom GPTs | VentureBeat

Virgin Galactic: Alignment pin mishap reported to FAA. If only Musk did that too.

Posted on by

Virgin Galactic has reported itself to the US Federal Aviation Administration (FAA) after discovering a detached alignment pin from the mechanism used to keep its suborbital spaceplane attached to the mothership aircraft.

According to the company, the alignment pin is used to ensure the spaceplane (in this case, Unity) is aligned correctly to the mothership (VMS Eve) during the mating of the vehicles on the ground.

In flight, the pin helps to transfer load from drag and other forces from Unity to the shear pin fitting assembly and into the pylon and center wing of the mothership. The alignment pin remained in place during the mated portion of the flight, but detached after Unity was released.

Virgin Galactic said: “While both parts play a role during mated flight, they do not support the spaceship’s weight, nor do they have an active function once the spaceship is released.”

However, having bits of your launch system detach unexpectedly is not great, despite the success of Galactic 06, a suborbital spaceflight launched on January 26, 2024. The mission carried a crew of six, including four private passengers, on a jaunt to just over 55 miles above the Earth before gliding back to a landing at Spaceport America.

The next flight of Unity is planned for the second quarter of 2024, although Virgin Galactic cautioned that this would depend on the review’s outcome.

In November 2023, boss Michael Colglazier announced that flights would be paused from mid-2024 to allow the company to focus on building its upcoming Delta class of spaceplane. Colglazier also announced that approximately 18 percent of the workforce were to be let go.

Virgin Galactic said of the incident: “At no time did the detached alignment pin pose a safety impact to the vehicles or the crew on board.”

VMS Eve completed a lengthy maintenance period just over a year ago, followed by the company commencing commercial operations. Having something fall off, even as minor as a pin that did not affect flight safety is, therefore, a worry.

The company has not elaborated on the cause of the incident or responded to The Register’s queries.

The FAA gave us the following statement: “A mishap occurred during the Virgin Galactic Galactic 06 commercial human spaceflight mission from Spaceport America in New Mexico on Jan. 26. Eight people were on the suborbital mission: two pilots on the WhiteKnightTwo carrier aircraft, and two pilots and four spaceflight participants on the SpaceShipTwo spacecraft. The mishap involved an issue with an alignment pin that provides connection between the carrier aircraft and the spacecraft.

“No public injuries or public property damage have been reported. The FAA is overseeing the Virgin Galactic-led mishap investigation to ensure the company complies with its FAA-approved mishap investigation plan and other regulatory requirements.” ®

Source: Virgin Galactic: Alignment pin mishap wouldn’t affect safety • The Register

Netherlands reveals Chinese attack on defence servers using CoatHanger malware on Fortinet Devices – a real pain to remove

Posted on by

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.

Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) were called in to investigate an intrusion at an MOD network last year, uncovering a previously unseen malware they’re calling Coathanger.

The name, authorities said, was conjured up based on the “peculiar phrase” displayed by the malware when encrypting the configuration on disk: “She took his coat and hung it up.”

A deep dive into Coathanger’s code revealed the remote access trojan (RAT) was purpose-built for Fortinet’s FortiGate next-generation firewalls (NGFWs) and the initial access to the MoD’s network was gained through exploiting CVE-2022-42475.

According to the MIVD and AIVD, the RAT operates outside of traditional detection measures and acts as a second-stage malware, mainly to establish persistent access for attackers, surviving reboots and firmware upgrades.

Even fully patched FortiGate devices could still have Coathanger installed if they were compromised before upgrading.

In the cybersecurity advisory published today, authorities said the malware was highly stealthy and difficult to detect using default FortiGate CLI commands, since Coathanger hooks most system calls that could identify it as malicious.

They also made clear that Coathanger is definitely different from BOLDMOVE, another RAT targeting FortiGate appliances.

“For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,” said defense minister Kajsa Ollongren in an automatically translated statement. “In this way, we increase international resilience against this type of cyber espionage.”

The advisory also noted that Dutch authorities had previously spotted Coathanger present on other victims’ networks too, prior to the incident at the MOD.

As for attribution, MIVD and AIVD said they can pin Coathanger to Chinese state-sponsored attackers with “high confidence.”

“MIVD and AIVD emphasize that this incident does not stand on its own, but is part of a wider trend of Chinese political espionage against the Netherlands and its allies,” the advisory reads.

The attackers responsible for the attack were known for conducting “wide and opportunistic” scans for exposed FortiGate appliances vulnerable to CVE-2022-42475 and then exploiting it using an obfuscated connection.

After gaining an initial foothold inside the network, which was used by the MOD’s research and development division, the attackers performed reconnaissance and stole a list of user accounts from the Active Directory server.

Not much else was said about the attacker’s activity, other than the fact that the overall impact of the intrusion was limited thanks to the MOD’s network segmentation.

For those worried about whether Chinese cyberspies are lurking in their firewall, the Joint Signal Cyber Unit of the Netherlands (JCSU-NL) published a full list of indicators of compromise (IOCs) and various detection methods on its GitHub page.

The collection of materials includes YARA rules, a JA3 hash, CLI commands, file checksums, and more. The authorities said each detection method should be seen as independent and used together since some focus on general IOCs and others were developed to spot Coathanger activity specifically.

If there is evidence of compromise, it’s possible other hosts that are reachable by the FortiGate device are also compromised. There is also an increased likelihood that attackers may perform hands-on-keyboard attacks.

Affected users should isolate their device immediately, collect and review logs, and consider calling in third-party digital forensics specialists, the advisory reads. Victims should also inform their country’s cybersecurity authority: NCSC, CISA, etc.

The only way to remove Coathanger from an infected device is to completely reformat the device, before reinstalling and reconfiguring it.

Whiffs of China’s involvement in CVE-2022-42475 exploits have long been suspected, but for the first time they’re confirmed today.

First disclosed in December 2022, a month later Fortinet said it was aware that the vulnerability was tied to the breach of a government or government-related organization that had been infected with custom-made malware.

At the time, no fingers were officially pointed other than the fact that this custom malware was compiled on a machine in the UTC+8 timezone, so realistically it was most likely going to be either China or Russia.

China was also accused of being behind exploits of separate Fortinet bug in March, again using bespoke malware for the purposes of cyber espionage. ®

Source: Netherlands reveals Chinese spies attacked its defense dept • The Register

You should be reading your news through an RSS reader

Posted on by

[…] one of the main roles of RSS is to supply directly to you a steady stream of updates from a website. Every new article published on that site is served up in a list that can be interpreted by an RSS reader.

In earlier, simpler internet times, RSS was the way to keep up to date with what was happening on all of your favorite sites. You would open your RSS reader and tap through newly published articles one by one, in chronological order, in the same way you would check your email. It was an easy way to keep tabs on what was new and what was of interest.

[…]

RSS is essentially a standard for serving up text and images in a feed-like format, and not all that dissimilar to HTML. Typically, the feed includes the headline of an article, some of the text (often just the introduction), and perhaps the main image.

[…]

Even when a site doesn’t explicitly offer RSS feeds, the best RSS readers can now produce their own approximation of them by watching for new activity on a site, so you can direct the app toward the site you want to keep tabs on.

[…]

RSS is clearly useful if you have a selection of favorite websites and you want to skim through everything they publish (or everything they publish in a certain category, if the site has several feeds).

[…]

Using RSS means you can catch up on everything, methodically and chronologically, even if you’ve been offline for a week (you don’t have to catch up on everything, of course—but you can, if you want, as your feed will operate on an infinite scroll). It’s also a cleaner, less cluttered way of using the internet, as you only need click through on the specific articles you want to read.

[…]

The best RSS feed running is arguably Feedly, which offers a bunch of features across free and paid-for plans: It has a clean, clear interface, it can generate RSS feeds for sites that don’t have them, it can sort feeds in a variety of ways, it can incorporate email newsletters, and much more besides.

[…]

Source: Embrace RSS: These Are the Best RSS Reader Apps in 2024 | Lifehacker

This is an amazing way to run through multiple news sources quickly.

Orient at 45o for stronger, better looking 3D Printed Enclosures

Posted on by

When it comes to 3D printing, the orientation of your print can have a significant impact on strength, aesthetics, and functionality or ease of printing. The folks at Slant 3D have found that printing enclosures at a 45° provides an excellent balance of these properties, with some added advantages for high volume printing. The trick is to prevent the part from falling over when balance on a edge, but in the video after the break [Gabe Bentz]  demonstrate Slant 3D’s solution of minimalist custom supports.

The traditional vertical or horizontal orientations come with drawbacks like excessive post-processing and weak layer alignment. Printing at 45° reduces waste and strengthens the end product by aligning the layer lines in a way that resists splitting across common stress points. When scaling up production, this orientation comes with the added advantage of minimal bed contact area, allowing the printer to auto-eject the part by pushing it off the bed with print head.

 

To keep the part stable while printing in this orientation Slant 3D designed a fin-like support structure attached to the back of the enclosure with small sprues. This wastes significantly less time and material than auto-generated supports, and snaps away cleanly, leaving behind minimal imperfections that are easily addressed. To improve aesthetics and hide layer lines, Slant 3D also recommend adding texture to the external surfaces of enclosures. On 3D printed parts this detail costs nothing, while it would have added significant costs to injection molded parts.

We’re intrigued by this creative twist on 3D printing’s capabilities—proving once again that a simple shift in perspective (or in this case, orientation) can unlock new design potentials.

Slant 3D use FDM 3D printing for mass production [Gabe] even hosted a Hack Chat on the subject. They have come up with a number of innovative design tricks which are also useful for the hobbyist. These include improved corner brackets, robust living hinges and better alignment features for 3d printed assemblies.

Source: An Alternative Orientation For 3D Printed Enclosures | Hackaday

Criticism as Dutch domain registry plans move to Amazon cloud

Posted on by

Questions are being asked in parliament about the decision by Dutch domain registration foundation SIDN to transfer the dot nl domain and its “complete ICT services” to Amazon’s cloud services. 

SIDN says the move will make managing the technology easier but some tech entrepreneurs have doubts, and now MPs have asked the government, which supports the idea of keeping .nl on Dutch or European servers, to explain why the move has been sanctioned. 

Tech entrepreneur Bert Hubert told BNR radio he opposes the idea of shifting the domain to cloud operators in the US. “If your servers are on your own continent and under your legal surveillance, then you can also be sure that no one will mess with your data,” he said. 

The added value of keeping .nl domain names under Dutch control also means “we control it ourselves and can innovate with it ourselves… When you outsource, you always lose your knowledge,” he said. 

Simon Besteman, managing director of the Dutch Cloud Community said on social media he was shocked by SIDN’s decision. “We have been inundated with questions from the Dutch internet community and our members… who have questions about the ethical as well as compliance and moral aspects.”

SIDN says that all data will remain on European servers and that users will not notice any difference in practice. It also argues that Amazon has the extremely specialised services it needs, and that these are not available in Europe.  

It was a difficult decision to move the systems to Amazon, SIDN technology chief Loek Bakker said in a reaction to the criticism.

“Although we seek to contribute to the strategic digital autonomy of the Netherlands and Europe in numerous ways, the need to assure the permanent availability of .nl and the protection of our data was decisive in this instance. That is, after all, our primary responsibility as a registry.”

Nevertheless, he said “We will be using generic, open-source technology, so that, as soon as it becomes responsible to migrate the system to a Dutch or European cloud service provider, we can do so relatively easily.”

You can smell the nonsense here very clearly – SIDN was and should be a  highly technical company. Apparently the bean counters have taken over and kicked out all the expertise in the name of… cost cutting? Are they aware that the costs of AWS are often higher than the costs of self maintenance? But the manager gets a nice trip to the US in a private jet or something like it?

And nothing about AWS is open source – they are in fact known for taking open source projects and then forking them and then pricing them through the nose.

MPs from GroenLinks, the PvdA and D66 have now asked the government to explain why the move is being made, Hubert said.

SIDN is a foundation that has the right to exploit the .nl domain name, earning some €21 million a year in the process. More than six million .nl domains have been registered. 

Source: Criticism as Dutch domain registry plans move to Amazon cloud – DutchNews.nl

Cloudflare Hacked

Posted on by

cloudflare bad gateway error page

Web security company Cloudflare on Thursday revealed that a threat actor used stolen credentials to gain access to some of its internal systems.

The incident was discovered on November 23, nine days after the threat actor, believed to be state-sponsored, used credentials compromised in the October 2023 Okta hack to access Cloudflare’s internal wiki and bug database.

The stolen login information, an access token and three service account credentials, were not rotated following the Okta incident, allowing the attackers to probe and perform reconnaissance of Cloudflare systems starting November 14, the security firm explains.

According to Cloudflare, the attackers managed to access an AWS environment, as well as Atlassian Jira and Confluence, but network segmentation prevented them from accessing its Okta instance and the Cloudflare dashboard.

With access to the Atlassian suite, the threat actor started looking for information on the Cloudflare network, searching the wiki for “things like remote access, secret, client-secret, openconnect, cloudflared, and token”. In total, 36 Jira tickets and 202 wiki pages were accessed.

On November 16, the attackers created an Atlassian account to gain persistent access to the environment, and on November 20 returned to verify that they still had access.

On November 22, the threat actor installed the Sliver Adversary Emulation Framework, gaining persistent access to the Atlassian server, which was then used to move laterally. They attempted to access a non-production console server at a São Paulo, Brazil, data center that is not yet operational.

The attackers viewed 120 code repositories and downloaded 76 of them to the Atlassian server, but did not exfiltrate them.

“The 76 source code repositories were almost all related to how backups work, how the global network is configured and managed, how identity works at Cloudflare, remote access, and our use of Terraform and Kubernetes. A small number of the repositories contained encrypted secrets which were rotated immediately even though they were strongly encrypted themselves,” Cloudflare notes.

The attackers used a Smartsheet service account to access Cloudflare’s Atlassian suite, and the account was terminated on November 23, within 35 minutes after the unauthorized access was identified. The user account created by the attacker was found and deactivated 48 minutes later.

Cloudflare says it also put in place firewall rules to block the attackers’ known IP addresses and that the Sliver Adversary Emulation Framework was removed on November 24.

[…]

The goal of the attack, Cloudflare says, was to obtain information on the company’s infrastructure, likely to gain a deeper foothold. CrowdStrike performed a separate investigation into the incident, but discovered no evidence of additional compromise.

“We are confident that between our investigation and CrowdStrike’s, we fully understand the threat actor’s actions and that they were limited to the systems on which we saw their activity,” Cloudflare notes.

Source: Cloudflare Hacked by Suspected State-Sponsored Threat Actor  – SecurityWeek