Report: VPNs Are Often a Mixed Bag for Privacy

Posted on by

[…] Consumer Reports, which recently published a 48-page white paper on VPNs that looks into the privacy and security policies of 16 prominent VPN providers. Researchers initially looked into some 51 different companies but ultimately honed in on the most prominent, high-quality providers. The results are decidedly mixed, with the report highlighting a lot of the long offered criticisms of the industry—namely, it’s lack of transparency, its PR bullshit, and its not always stellar security practices. On the flip side, a small coterie of VPNs actually seem pretty good.

[…]

. Consumers may often believe that by using a VPN they are able to become completely invisible online, as companies promise stuff like “unrivaled internet anonymity,” and the ability to “keep your browsing private and protect yourself from hackers and online tracking,” and so on and so forth.

In reality, there are still a whole variety of ways that companies and advertisers can track you across the internet—even if your IP address is hidden behind a virtual veil.

[…]

via a tool developed by a group of University of Michigan researchers, dubbed the “VPNalyzer” test suite, which was able to look at various security issues with VPN connections. The research team found that “malicious and deceptive behaviors by VPN providers such as traffic interception and manipulation are not widespread but are not nonexistent. In total, the VPNalyzer team filed more than 29 responsible disclosures, 19 of which were for VPNs also studied in this report, and is awaiting responses regarding its findings.”

The CR’s own analysis found “little evidence” of VPNs “manipulating users’ networking traffic when testing for evidence of TLS interception,” though they did occasionally run into examples of data leakage.

And, as should hopefully go without saying, any VPN with the word “free” near it should be avoided at all costs, lest you accidentally download some sort of Trojan onto your device and casually commit digital hari-kari.

[…]

According to CR’s review, four VPN providers rose to the top of the list in terms of their privacy and security practices. They were:

Apparently in that order.

These companies stood out mostly by not over-promising what they could deliver, while also scoring high on scales of transparency and security

[…]

Source: Report: VPNs Are Often a Mixed Bag for Privacy

Physicists discover special transverse sound wave

Posted on by

A research team at City University of Hong Kong (CityU) has discovered a new type of sound wave: The airborne sound wave vibrates transversely and carries both spin and orbital angular momentum like light does. The findings shattered scientists’ previous beliefs about the sound wave, opening an avenue to the development of novel applications in acoustic communications, acoustic sensing and imaging.

The research was initiated and co-led by Dr. Shubo Wang, Assistant Professor in the Department of Physics at CityU, and conducted in collaboration with scientists from Hong Kong Baptist University (HKBU) and the Hong Kong University of Science and Technology (HKUST). It was published in Nature Communications, titled “Spin-orbit interactions of transverse sound.”

Beyond the conventional understanding of sound wave

The physics textbooks tell us there are two kinds of waves. In like light, the vibrations are perpendicular to the direction of wave propagation. In longitudinal waves like sound, the vibrations are parallel to the direction of wave propagation. But the latest discovery by scientists from CityU changes this understanding of sound waves.

“While the airborne sound is a longitudinal wave in usual cases, we demonstrated for the first time that it can be a transverse wave under certain conditions. And we investigated its spin-orbit interactions (an important property only exists in transverse waves), i.e. the coupling between two types of angular momentum. The finding provides new degrees of freedom for sound manipulations.”

The absence of shear force in the air, or fluids, is the reason why sound is a longitudinal wave, Dr. Wang explained. He had been exploring whether it is possible to realize transverse sound, which requires shear force. Then he conceived the idea that synthetic shear force may arise if the air is discretized into “meta-atoms,” i.e., volumetric air confined in small resonators with size much smaller than the wavelength. The collective motion of these air “meta-atoms” can give rise to a transverse sound on the macroscopic scale.

Negative refraction induced by the spin-orbit interaction in momentum space. Credit: S. Wang et al. DOI: 10.1038/s41467-021-26375-9

Conception and realization of ‘micropolar metamaterial’

He ingeniously designed a type of artificial material called “micropolar metamaterial” to implement this idea, which appears like a complex network of resonators. Air is confined inside these mutually connected resonators, forming the “meta-atoms.” The metamaterial is hard enough so that only the air inside can vibrate and support sound propagation. The showed that the collective motion of these air “meta-atoms” indeed produces the shear force, which gives rise to the transverse sound with spin-orbit interactions inside this metamaterial. This theory was verified by experiments conducted by Dr. Ma Guancong’s group in HKBU.

Moreover, the research team discovered that air behaves like an elastic material inside the micropolar metamaterial and thus supports transverse sound with both spin and orbital angular momentum. Using this metamaterial, they demonstrated two types of spin-orbit interactions of sound for the first time. One is the momentum-space spin-orbit interaction, which gives rise to negative refraction of the transverse sound, meaning that sound bends in the opposite directions when passing through an interface. Another one is the real-space spin-orbit interaction, which generates sound vortices under the excitation of the transverse sound.

[…]

Source: Physicists discover special transverse sound wave

Prisons snoop on inmates’ phone calls with speech-to-text AI

Posted on by

Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

“(The) sheriff believes (the calls) will help him fend off pending liability via civil action from inmates and activists,” Sexton said. Verus transcribes phone calls and finds certain keywords discussing issues like COVID-19 outbreaks or other complaints about jail conditions.

Prisoners, however, said the tool was used to catch crime. In one case, it allegedly found one inmate illegally collecting unemployment benefits. But privacy advocates aren’t impressed. “T​​he ability to surveil and listen at scale in this rapid way – it is incredibly scary and chilling,” said Julie Mao, deputy director at Just Futures Law, an immigration legal group.

[…]

Source: Prisons snoop on inmates’ phone calls with speech-to-text AI • The Register

Spotify Pulls Content of Comedians Fighting to Get Royalties

Posted on by

[…]

Spotify took down the work of hundreds of comedians, including big names like John Mulaney, Jim Gaffigan, and Kevin Hart, the Wall Street Journal reported on Saturday. Mulaney, Gaffigan, Hart, and other comedians are represented by Spoken Giants, a global rights company that’s leading the fight to get radio and digital platforms, such as Spotify, SiriusXM, Pandora, and YouTube, to pay comedians royalty payments on the copyright for their written work.

According to the outlet, the streaming giant been in negotiations with Spoken Giants but couldn’t reach an agreement. On Thanksgiving, Spotify informed Spoken Giants that would pull all work by comedians represented by the organization until they could come to an understanding.

[…]

“In music, songwriter royalties are a very basic revenue stream, so this is not an unfamiliar concept and our work is based on established precedents and clear copyright language,” King said. “With this take-down, individual comedians are now being penalized for collectively requesting the same compensation songwriters receive.”

[…]

Source: Spotify Pulls Content of Comedians Fighting to Get Royalties

Cuba ransomware gang scores almost $44m from 49 victims: FBI

Posted on by

The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year.

The attacks were spread across five “critical infrastructure”, which, besides government, included the financial, healthcare, manufacturing, and – as you’d expect – IT sectors. The Feds said late last week the threat actors are demanding $76m in ransoms and have already received at least $43.9m in payments.

The ransomware gang’s loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol (RDP) tools. Hancitor – also known as Chanitor or Tordal – enables a CobaltStrike beacon as a service on the victim’s network using a legitimate Windows service like PowerShell.

[…]

Source: Cuba ransomware gang scores almost $44m from 49 victims: FBI • The Register

Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation

Posted on by

The co-founder of a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers also operated a service that ultimately helped governments secretly surveil and track mobile phones, Bloomberg reported Monday, citing former employees and clients. From the report: Since it started in 2013, Mitto AG has established itself as a provider of automated text messages for such things as sales promotions, appointment reminders and security codes needed to log in to online accounts, telling customers that text messages are more likely to be read and engaged with than emails as part of their marketing efforts. Mitto, a closely held company with headquarters in Zug, Switzerland, has grown its business by establishing relationships with telecom operators in more than 100 countries. It has brokered deals that gave it the ability to deliver text messages to billions of phones in most corners of the world, including countries that are otherwise difficult for Western companies to penetrate, such as Iran and Afghanistan. Mitto has attracted major technology giants as customers, including Google, Twitter, WhatsApp, Microsoft’s LinkedIn and messaging app Telegram, in addition to China’s TikTok, Tencent and Alibaba, according to Mitto documents and former employees.

But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, indicates that the company’s co-founder and chief operating officer, Ilja Gorelik, was also providing another service: selling access to Mitto’s networks to secretly locate people via their mobile phones. That Mitto’s networks were also being used for surveillance work wasn’t shared with the company’s technology clients or the mobile operators Mitto works with to spread its text messages and other communications, according to four former Mitto employees. The existence of the alternate service was known only to a small number of people within the company, these people said. Gorelik sold the service to surveillance-technology companies which in turn contracted with government agencies, according to the employees.

Source: Executive at Swiss Tech Company Said to Operate Secret Surveillance Operation – Slashdot

$150m – $200m of digital assets stolen in BitMart security breach

Posted on by

Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets.

Security and analytics outfit PeckShield put the figure at closer to $200m.

“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD,” BitMart said.

“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” it added.

Worryingly for customers, BitMart has blocked withdrawals until it has completed a “thorough security review” or, in the common metaphor, shut the stable door after the horse has bolted.

[…]

Source: $150m of digital assets stolen in BitMart security breach • The Register

The SEC is probing Tesla’s faulty solar panels prone to fire, whistleblower says they kept evidence of danger under wraps

Posted on by

The Securities and Exchange Commission has launched an investigation into whether Tesla failed to tell investors and customers about the fire risks of its faulty solar panels.

Whistleblower and ex-employee, Steven Henkes, accused the company of flouting safety issues in a complaint with the SEC in 2019. He filed a freedom of information request to regulators and asked to see records relating to the case in September, earlier this year. An SEC official declined to hand over documents, and confirmed its probe into the company is still in progress.

[…]

Tesla started selling and installing solar panels after it acquired SolarCity for $2.6bn in 2016. But its goal of becoming a renewable energy company hasn’t been smooth. Several fires have erupted from Tesla’s solar panels installed on the roofs of Walmart stores, Amazon warehouses, and people’s homes.

In fact, Walmart sued the company in 2019 after seven of its supermarkets in the US caught fire. The lawsuit accused Tesla of “utter incompetence or callousness, or both.” Walmart later dropped its claims, and settled the matter privately.

Before Walmart’s lawsuit, however, Steven Henkes, who was employed as a field quality manager by Tesla after the acquisition, said he attempted to raise concerns about fire risks with managers. He claimed in a lawsuit [PDF] filed last year in November that he was wrongfully terminated after he was fired in August, last year. Henkes claimed his concerns about defects in the company’s solar panels and electrical connectors were repeatedly ignored, and after he filed initial whistleblower complaints with the SEC and the US Consumer Protection Safety Commission (CPSC).

Over 60,000 people as well as over 500 commercial consumers could have been potentially affected by fire risks from Tesla’s faulty solar panels, the lawsuit said. Tesla started replacing and reimbursing defective components in 2019, Business Insider reported. The CPSC has also been investigating the company, too. Tesla did not respond to The Register’s questions.

Source: The SEC is probing Tesla’s faulty solar panels prone to fire • The Register

Suspected Russian Activity Targeting Government and Business Entities Around the Globe after Solarwinds

Posted on by

Mandiant continues to track multiple clusters of suspected Russian intrusion activity that have targeted business and government entities around the globe. Based on our assessment of these activities, we have identified two distinct clusters of activity, UNC3004 and UNC2652. We associate both groups with UNC2452 also referred to as Nobelium by Microsoft.

Some of the tactics Mandiant has recently observed include:

  • Compromise of multiple technology solutions, services, and reseller companies since 2020.
  • Use of credentials likely obtained from an info-stealer malware campaign by a third-party actor to gain initial access to organizations.
  • Use of accounts with Application Impersonation privileges to harvest sensitive mail data since Q1 2021.
  • Use of both residential IP proxy services and newly provisioned geo located infrastructure to communicate with compromised victims.
  • Use of novel TTPs to bypass security restrictions within environments including, but not limited to the extraction of virtual machines to determine internal routing configurations.
  • Use of a new bespoke downloader we call CEELOADER.
  • Abuse of multi-factor authentication leveraging “push” notifications on smartphones

In most instances, post compromise activity included theft of data relevant to Russian interests. In some instances, the data theft appears to be obtained primarily to create new routes to access other victim environments. The threat actors continue to innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts.

The sections below highlight intrusion activity from multiple incident response efforts that are currently tracked as multiple uncategorized clusters. Mandiant suspects the multiple clusters to be attributable to a common Russian threat. The information below covers some of the Tactics, Techniques, and Procedures (TTPs) used by the threat actors for initial compromise, establishing a foothold, data collection, and lateral movement; how the threat actors provision infrastructure; and indicators of compromise. The information is being shared to raise awareness and allow organizations to better defend themselves.

[…]

Source: Suspected Russian Activity Targeting Government and Business Entities Around the Globe | Mandiant

Life360 Reportedly Sells Location Data of Families and Kids

Posted on by

Life360, a popular tracking app that bills itself as “the world’s leading family safety service,” is purportedly selling location data on the 31 million families and kids that use it to data brokers. The chilling revelation may make users of the Tile Bluetooth tracker, which is being bought by Life360, think twice before continuing to use the device.

Life360’s data selling practices were revealed in a damning report published by the Markup on Monday. The report claims that Life360 sells location data on its users to roughly a dozen data brokers, some of which have sold data to U.S. government contractors. The data brokers then proceed to sell the location data to “virtually anyone who wants to buy it.” Life360 is purportedly one of the largest sources of data for the industry, the outlet found.

While selling location data on families and kids is already alarming, what’s even more frightening is that Life360 is purportedly failing to take steps to protect the privacy of the data it sells. This could potentially allow the location data, which the company says is anonymized, to be linked back to the people it belongs to.

[…]

Source: Life360 Reportedly Sells Location Data of Families and Kids

AWS Outage Takes Down Amazon, Disney+, Venmo, loads of online games

Posted on by

Amazon Web Services (AWS), the engine that powers many of the internet’s most-trafficked websites and apps, appears to be experiencing a widespread outage that is bringing down several popular services.

Amazon, Disney+, and Venmo are all being affected by the outage, and are showing error messages when users attempt to visit their websites. Amazon appears to be aware of the issue and admitted to seeing “Increased Error Rates” in the AWS Management Console. We reached out to Amazon, and the company pointed us to its AWS Service Health Dashboard. An update posted at 8:26 a.m. PT reads:

“We are experiencing API and console issues in the US-EAST-1 Region. We have identified root cause and we are actively working towards recovery. This issue is affecting the global console landing page, which is also hosted in US-EAST-1.

Amazon further revealed the issue to be caused by an “impairment of several network devices.” In a 2:47 p.m. PT update, the company claims to have “mitigated the underlying issue” that caused network devices to be faulty. Server health is improving, according to Amazon, which is now conducting a service-by-service recovery. The company disabled Event Deliveries for Amazon EventBridge in US-EAST-1 as it works for a full recovery for all affected AWS customers. There is still no timeline on when your favorite sites will be fully operational again.

Source: AWS Outage Takes Down Amazon, Disney+, and Venmo

yay cloud!

DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble

Posted on by

Warp drive pioneer and former NASA warp drive specialist Dr. Harold G “Sonny” White has reported the successful manifestation of an actual, real-world “Warp Bubble.” And, according to White, this first of its kind breakthrough by his Limitless Space Institute (LSI) team sets a new starting point for those trying to manufacture a full-sized, warp-capable spacecraft.

“To be clear, our finding is not a warp bubble analog, it is a real, albeit humble and tiny, warp bubble,” White told The Debrief, quickly dispensing with the notion that this is anything other than the creation of an actual, real-world warp bubble. “Hence the significance.”

Warp Bubble Theoretical
Theoretical Warp Bubble Structure: Image Credit LSI

In 1994, Mexican Mathematician Miguel Alcubierre proposed the first mathematically valid solution to the warp drive. More specifically, he outlined a spacecraft propulsion system previously only envisioned in science fiction that can traverse the cosmos above the speed of light without violating currently accepted laws of physics.

[…]
“While conducting analysis related to a DARPA-funded project to evaluate possible structure of the energy density present in a Casimir cavity as predicted by the dynamic vacuum model,” reads the actual findings published in the peer-reviewed European Physical Journal, “a micro/nano-scale structure has been discovered that predicts negative energy density distribution that closely matches requirements for the Alcubierre metric.”

Or put more simply, as White did in a recent email to The Debrief, “To my knowledge, this is the first paper in the peer-reviewed literature that proposes a realizable nano-structure that is predicted to manifest a real, albeit humble, warp bubble.”

This fortuitous finding, says White, not only confirms the predicted “toroidal” structure and negative energy aspects of a warp bubble, but also resulted in potential pathways he and other researchers can follow when trying to design, and one day actually construct, a real-world warp-capable spacecraft.

[…]

“This is a potential structure we can propose to the community that one could build that will generate a negative vacuum energy density distribution that is very similar to what’s required for an Alcubierre space warp.”

When asked by The Debrief in December if his team has built and tested this proposed nano-scale warp craft design since that August announcement, or if they have plans to do so, White said, “We have not manufactured the one-micron sphere in the middle of a 4-micron cylinder.” However, he noted, if the LSI team were to undertake that at some point, “we’d probably use a nanoscribe GT 3D printer that prints at the nanometer scale.” In short, they have the means, now they just need the opportunity.

[…]

White and his team have also outlined a second testable experiment that involves stringing a number of these Casimir-created warp bubbles in a chain-like configuration. This design, he said, would allow researchers to better understand the physics of the warp bubble structure already created, as well as how a craft may one day traverse actual space inside such a warp bubble.

“We could go through an examination of the optical properties as a result of these little, nano-scale warp bubbles,” explained White at the AIAA conference. “Aggregating a large number of them in a row, we can increase the magnitude of the effect so we can see (and study) it.”

Source: DARPA Funded Researchers Accidentally Create The World’s First Warp Bubble – The Debrief

Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

Posted on by

The 2022 World Inequality Report, a huge undertaking coordinated by economic and inequality experts Lucas Chancel, Thomas Piketty, Emmanuel Saez, and Gabriel Zucman, was the product of four years of research and produced an unprecedented data set on just how wealth is distributed.

“The world is marked by a very high level of income inequality and an extreme level of wealth inequality,” the authors wrote.

The data serves as a complete rebuke of the trickle-down economic theory, which posits that cutting taxes on the rich will “trickle down” to those below, with the cuts eventually benefiting everyone. In America, trickle-down was exemplified by President Ronald Reagan’s tax slashes. It’s a theory that persists today, even though most research has shown that 50 years of tax cuts benefits the wealthy and worsens inequality.

[…]

Piketty, who was Zucman’s doctoral adviser, wrote the tome “Capital in the 21st Century” which used an unprecedented data set going back to the French Revolution to expose how centuries of growing wealth inequality was a feature of capitalism, not a bug. The World Inequality Report was his effort to do the same for recent history.

They argue in the new report that the last two decades of wealth data show that “inequality is a political choice, not an inevitability.”

For instance, when it comes to wealth, which accounts for the values of assets people hold, researchers found that the “poorest half of the global population barely owns any wealth at all.” That bottom half owns just 2% of total wealth. That means that the top half of the world holds 98% of the world’s wealth, and that gets even more concentrated the wealthier you get.

Indeed, the richest 10% of the world’s population hold 76%, or two-thirds of all wealth. That means the 517 million people who make up the top hold vastly more than the 2.5 billion who make up the bottom. The world’s policy choices have led to wealth trickling up rather than down.

[…]

Billionaires now hold a 3% share of global wealth, up from 1% in 1995

The report notes that “2020 marked the steepest increase in global billionaires’ share of wealth on record.” Broadly, the number of billionaires rose to a record-number in 2020, with Wealth-X finding that there are now over 3,000 members of the three-comma club.

[…]

Source: Huge 20-Year Study Shows Trickle-Down Is a Myth, Inequality Rampant

LINE Pay leaks around 133,000 users’ data to GitHub

Posted on by

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users’ payment details were mistakenly published on GitHub between September and November of this year.

Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.

Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers. Although names, addresses, telephone, credit card and bank account numbers were not shared, the names of the users and other details could be traced with a little effort.

The information – which covered of over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users – was accessed 11 times during the ten weeks it was available online.

[…]

Source: LINE Pay leaks around 133,000 users’ data to GitHub • The Register

The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter

Posted on by

[…]

A contract for the sale of the 80 Rafales was agreed today between Eric Trappier, Chairman and CEO of Dassault, and Tareq Abdul Raheem Al Hosani, CEO of Tawazun Economic Council, which is responsible for security and defense acquisitions on behalf of the United Arab Emirates (UAE). Dassault describes the deal as “the largest ever obtained by the French combat aeronautics industry.” The total value of the Rafale contract is $16 billion, on top of which will be added weapons for the jets. These deals fall within a larger French arms package for the UAE worth $19 billion that also includes 12 Airbus H225M Caracal military transport helicopters.

DASSAULT AVIATION

An artist’s conception of a UAE Rafale equipped for the air-to-air mission, with Meteor and Mica missiles.

Underlining the significance of the Rafale sale, the French President Emmanuel Macron and Sheikh Mohammed bin Zayed Al Nahyane, Crown Prince of Abu Dhabi, one of the Emirates within the UAE and the country’s effective ruler, as well as vice-commander of its armed forces, were both present at the contract signing.

[\…]

the United Arab Emirates Air Force and Air Defense (UAEAF&AD) will also become the first export recipient of the F4-standard Rafale.

The latest F4 version of the Rafale is part of an ongoing process to continuously improve the fighter and is optimized for networked combat, with new satellite and intra-flight data links, as well as a communication server and software-defined radio. Aside from this, the F4 features upgrades to the radar, electro-optical system, and helmet-mounted display. New weapons are also being integrated, including the forthcoming Mica NG air-to-air missile and the 2,200-pound version of the AASM modular air-to-ground weapon.

[…]

The contract UAE comes as a boost to the French aerospace industry and the Rafale program in particular, which has now secured six export customers. The previous countries to select the French fighter are Egypt, Qatar, India, Greece, and Croatia. Other potential customers have been linked with the Rafale in the recent past, including Indonesia, although the type was rejected this year by Switzerland in favor of the F-35.

[…]

Source: The UAE Just Became The Biggest Export Customer For Dassault’s Rafale Fighter

Draken Doubles Its Fleet Of Private Aggressor F-16s With A Dozen Surplus Jets From Norway

Posted on by

Draken International has signed a contract to bring yet more F-16 fighter jets to its fast-expanding “red air” fleet, as the adversary air support contractor adds ex-Norwegian Vipers to the dozen former Dutch examples it acquired earlier this year. Up to 12 F-16s acquired from Norway will form part of an impressive private tactical jet air force, already one of the world’s largest, which also includes a dozen ex-South African Atlas Cheetahs, and 22 ex-Spanish Air Force Mirage F1Ms, plus assorted other subsonic jets, as well as a deep backstock of MiG-21s.

Draken took to Facebook yesterday to announce it was buying the F-16s plus “supporting assets” in a deal signed with the government of Norway but which still requires approval from U.S. and Norwegian authorities. The value of the contract has not been revealed.

[…]

the Norwegian Defense Materiel Agency provided more details of the sale, noting that the jets could be delivered to Draken as early as next year and they will support training “against American fighter aircraft.” Headquartered at Lakeland Linder International Airport, in Lakeland, Florida, the company also provides contractor adversary services within Europe.

[…]

By adding another batch of F-16s to its adversary fleet, Draken will keep pace with rival red air provider Top Aces, which is now operating the first of the 29 ex-Israeli F-16A/Bs acquired from Israel.

[…]

As well as the former Norwegian F-16s, and the 12 already acquired from the Netherlands, Draken could expand its fleet still further, with the Dutch government having announced an option for the firm to acquire another 28 examples, which are planned to be retired from service by the end of 2024.

As it stands, Draken’s fleet currently includes two supersonic fighter jets for adversary work: a dozen ex-South African Atlas Cheetahs, and 22 ex-Spanish Air Force Mirage F1Ms. One of the latter jets was lost in a fatal crash near Nellis Air Force Base, Nevada, earlier this year.

[…]

Source: Draken Doubles Its Fleet Of Private Aggressor F-16s With A Dozen Surplus Jets From Norway

How to Build a Supersonic Trebuchet

Posted on by

What do you get when you combine ancient designs with modern engineering? An exciting new way to convert time and money into heat and noise! I’m not sure whether to call this a catapult or a trebuchet, but it’s definitely the superior siege engine.

Have you ever sat down and thought “I wonder if a trebuchet could launch a projectile at supersonic speeds?” Neither have we. That’s what separates [David Eade] from the rest of us. He didn’t just ask the question, he answered it! And he documented the entire build in a YouTube video which you can see below the break.

Source: https://hackaday.com/2021/12/01/supersonic-projectile-exceeds-engineers-dreams-the-supersonic-trebuchet/

Documents Shows Just How Much The FBI Can Obtain From Encrypted Communication Services

Posted on by

There is no “going dark.” Consecutive FBI heads may insist there is, but a document created by their own agency contradicts their dire claims that end-to-end encryption lets the criminals and terrorists win.

Andy Kroll has the document and the details for Rolling Stone:

[I]n a previously unreported FBI document obtained by Rolling Stone, the bureau claims that it’s particularly easy to harvest data from Facebook’s WhatsApp and Apple’s iMessage services, as long as the FBI has a warrant or subpoena. Judging by this document, “the most popular encrypted messaging apps iMessage and WhatsApp are also the most permissive,” according to Mallory Knodel, the chief technology officer at the Center for Democracy and Technology.

The document [PDF] shows what can be obtained from which messaging service, with the FBI noting WhatsApp has plenty of information investigators can obtain, including almost real time collection of communications metadata.

WhatsApp will produce certain user metadata, though not actual message content, every 15 minutes in response to a pen register, the FBI says. The FBI guide explains that most messaging services do not or cannot do this and instead provide data with a lag and not in anything close to real time: “Return data provided by the companies listed below, with the exception of WhatsApp, are actually logs of latent data that are provided to law enforcement in a non-real-time manner and may impact investigations due to delivery delays.”

The FBI can obtain this info with a pen register order — the legal request used for years to obtain ongoing call data on targeted numbers, including numbers called and length of conversations. With a warrant, the FBI can get even more information. A surprising amount, actually. According to the document, WhatsApp turns over address book contacts for targeted users as well as other WhatsApp users who happen to have the targeted person in their address books.

Combine this form of contact chaining with a few pen register orders, and the FBI can basically eavesdrop on hundreds of conversations in near-real time. The caveat, of course, is that the FBI has no access to the content of the conversations. That remains locked up by WhatsApp’s encryption. Communications remain “warrant-proof,” to use a phrase bandied about by FBI directors. But is it really?

If investigators are able to access the contents of a phone (by seizing the phone or receiving permission from someone to view their end of conversations), encryption is no longer a problem. That’s one way to get past the going darkness. Then there’s stuff stored in the cloud, which can give law enforcement access to communications despite the presence of end-to-end encryption. Backups of messages might not be encrypted and — as the document points out — a warrant will put those in the hands of law enforcement.

If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content.

[…]

Source: Documents Shows Just How Much The FBI Can Obtain From Encrypted Communication Services | Techdirt

‘Wall of secrecy’ in Pfizer contracts as company accused of profiteering

Posted on by

Ministers have agreed a secrecy clause in any dispute with the drugs manufacturer Pfizer over Britain’s Covid vaccine supply. Large portions of the government’s contracts with the company over the supply of 189m vaccine doses have been redacted and any arbitration proceedings will be kept secret.

The revelation comes as Pfizer is accused by a former senior US health official of “war profiteering’’ during the pandemic. In a Channel 4 Dispatches investigation to be broadcast this week, Tom Frieden, who was director of the US Centers for Disease Control and Prevention under Barack Obama, said: “If you’re just focusing on maximising your profits and you’re a vaccine manufacturer … you are war profiteering.”

Zain Rizvi, research director at Public Citizen, a US consumer advocacy organisation which has examined Pfizer’s global vaccine contracts, said: “There is a wall of secrecy surrounding these contracts and it’s unacceptable, particularly in a public health crisis.”

Rizvi said the UK needed to explain why it had agreed to secret arbitration proceedings. He said: “It’s the only high-income country we have seen that has agreed to this provision. It allows pharmaceutical companies to bypass domestic legal processes.

“The UK government has allowed the drug firms to call the shots. How did we end up in a situation where a handful of drug firms were able to exert so much control over the most powerful governments in the world? It points to a broken system.”

Pfizer has won plaudits for its vaccine delivery programme, but the US multinational faces growing scrutiny over the scale of its profits and the proportion of doses it has delivered to low-income countries.

While AstraZeneca agreed to sell its vaccine at cost during the pandemic, Pfizer wanted to secure its profits. The Pfizer/BioNTech vaccine, which now has the brand name Comirnaty, will be one of the most lucrative drugs in pharmaceutical history.

The Channel 4 investigation reveals analysis by one biological engineering expert claiming the Pfizer vaccine costs just 76p to manufacture for each shot. It is reportedly being sold for £22 a dose to the UK government.

The estimated manufacturing costs do not include research, distribution and other costs, but Pfizer says its profit margin as a percentage before tax are in the “high-20s”. Pfizer expects to deliver 2.3bn vaccines this year with predicted revenues of $36bn (£26.3bn).

Vials for vaccine
One biological engineering expert claims the Pfizer vaccine costs just 76p to manufacture for each shot. Photograph: Rafiq Maqbool/AP

A report last month by the People’s Vaccine Alliance, a coalition of organisations including aid charities, said Pfizer and other drug firms have sold the majority of doses to rich countries, leaving low-income countries “out in the cold” . Only 2% of people in low-income countries had been fully vaccinated against coronavirus. Drug firms should suspend intellectual property rights for Covid-19 vaccines, tests, treatments and other medical tools.

Pfizer has faced increased scrutiny allegations of excessive global profits after its partner, the biotechnology company BioNTech, announced in September 2020 it was to receive up to €375m (£320m) from the German government to fund vaccine development.

Anna Marriott, Oxfam’s health policy manager said: “It is deplorable that billions of people around the world are being denied vaccines so that pharmaceutical companies can make obscene profits. Given that public investment was crucial to vaccine development, it’s incomprehensible that pharma monopolies are being prioritised over people’s lives.”

[…]

Source: ‘Wall of secrecy’ in Pfizer contracts as company accused of profiteering | UK news | The Guardian

UK competition regulator orders Meta to sell Giphy

Posted on by

As rumored, the UK’s Competition and Markets Authority (CMA) has ordered Meta (Facebook) to sell Giphy, saying the deal “could harm social media users and UK advertisers.” It found that the deal would boost Meta’s already prodigious market power by limiting other platforms’ access to Giphy GIFs, “driving more traffic to Facebook owned sites — Facebook, WhatsApp and Instagram.”

The CMA said that Meta’s sites dominated social media user time to the tune of 73 percent and that it could further muscle out rivals like TikTok, Twitter and Snapchat by leveraging Giphy. It added that prior to the merger, Giphy launched “innovative advertising services” used by brands like Dunkin’ Donuts and Pepsi that it could have brought to the UK.

“Facebook terminated Giphy’s advertising services at the time of the merger, removing an important source of potential competition,” the regulator wrote. “The CMA considers this particularly concerning given that Facebook controls nearly half of the £7 billion display advertising market in the UK.”

[…]

Source: UK competition regulator orders Meta to sell Giphy | Engadget

Someone is hacking receipt printers with ‘antiwork’ messages

Posted on by

Hackers are attacking business receipt printers to insert pro-labor messages, according to a report from Vice and posts on Reddit. “Are you being underpaid?”, reads one message and “How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” another states.

Numerous similar images have been posted on Reddit, Twitter and elsewhere. The messages vary, but most point readers toward the r/antiwork subreddit that recently became popular during the COVID-19 pandemic, as workers starting demanding more rights.

Some users suggested that the messages were fake, but a cybersecurity firm that monitors the internet told Vice that they’re legit. “Someone is… blast[ing] raw TCP data directly to printer services across the internet,” GreyNoise founder Andrew Morris told Vice. “Basically to every single device that has port TCP 9100 open, and print[ing] a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging.”

The individual[s] behind the attack are using 25 separate servers, according to Morris, so blocking one IP won’t necessarily stop the attacks. “A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet, and we’ve confirmed that it is printing successfully in some number of places,” he said.

[…]

Source: Someone is hacking receipt printers with ‘antiwork’ messages | Engadget

Studying our solar system’s protective bubble

Posted on by

Astrophysicists believe the heliosphere protects the planets within our solar system from powerful radiation emanating from supernovas, the final explosions of dying stars throughout the universe. They believe the heliosphere extends far beyond our solar system, but despite the massive buffer against cosmic radiation that the heliosphere provides Earth’s life-forms, no one really knows the shape of the heliosphere—or, for that matter, the size of it.

[…]

Opher’s team has constructed some of the most compelling computer simulations of the heliosphere, based on models built on observable data and theoretical astrophysics.

[…]

a paper published by Opher and collaborators in Astrophysical Journal reveals that neutral hydrogen particles streaming from outside our solar system most likely play a crucial role in the way our heliosphere takes shape.

[…]

models predict that the heliosphere, traveling in tandem with our sun and encompassing our solar system, doesn’t appear to be stable. Other models of the heliosphere developed by other astrophysicists tend to depict the heliosphere as having a comet-like shape, with a jet—or a “tail”—streaming behind in its wake. In contrast, Opher’s model suggests the heliosphere is shaped more like a croissant or even a donut.

The reason for that? Neutral hydrogen particles, so-called because they have equal amounts of positive and negative charge that net no charge at all.

“They come streaming through the solar system,” Opher says. Using a computational model like a recipe to test the effect of ‘neutrals’ on the shape of the heliosphere, she “took one ingredient out of the cake—the neutrals—and noticed that the jets coming from the sun, shaping the heliosphere, become super stable. When I put them back in, things start bending, the center axis starts wiggling, and that means that something inside the heliospheric jets is becoming very unstable.”

Instability like that would theoretically cause disturbance in the solar winds and jets emanating from our sun, causing the heliosphere to split its shape—into a croissant-like form. Although astrophysicists haven’t yet developed ways to observe the actual shape of the heliosphere, Opher’s model suggests the presence of neutrals slamming into our system would make it impossible for the heliosphere to flow uniformly like a shooting comet. And one thing is for sure—neutrals are definitely pelting their way through space.

[…]

Source: Studying our solar system’s protective bubble

U.S. Indicts Two Men for Running a $20 Million YouTube Content ID Scam – after 4 years of warnings

Posted on by

Two men have been indicted by a grand jury for running a massive YouTube Content ID scam that netted the pair more than $20m. Webster Batista Fernandez and Jose Teran managed to convince a YouTube partner that the pair owned the rights to 50,000+ tracks and then illegally monetized user uploads over a period of four years.

[…]

YouTube previously said that it paid $5.5 billion in ad revenue to rightsholders from content claimed and monetized through Content ID but the system doesn’t always work exactly as planned.

Over the years, countless YouTube users have complained that their videos have been claimed and monetized by entities that apparently have no right to do so but, fearful of what a complaint might do to the status of their accounts, many opted to withdraw from battles they feared they might lose.

[…]

Complaints are not hard to find. Large numbers of YouTube videos uploaded by victims of the scam dating back years litter the platform, while a dedicated Twitter account and a popular hashtag have been complaining about MediaMuv since 2018.

 

Mediamuv
 

As early as 2017, complaints were being made on YouTube/Google’s support forums, with just one receiving more than 150 replies.

“I want to make a claim through this place, since a few days ago a said company called MEDIAMUV IS STEALING CONTENT FROM MY CHANNEL AND FROM OTHER USERS, does anyone know something about said company?” one reads.

“[I] investigated and there is nothing in this respect. I only found a channel saying that several users are being robbed and that when they come to upload their own songs, MEDIAMUV detects the videos as theirs.”

[…]

Source: U.S. Indicts Two Men for Running a $20 Million YouTube Content ID Scam * TorrentFreak

Someone Is Running Hundreds of Malicious Servers on Tor Network

Posted on by

New research shows that someone has been running hundreds of malicious servers on the Tor network, potentially in an attempt to de-anonymize users and unmask their web activity. As first reported by The Record, the activity would appear to be emanating from one particular user who is persistent, sophisticated, and somehow has the resources to run droves of high-bandwidth servers for years on end.

[…]

The malicious servers were initially spotted by a security researcher who goes by the pseudonym “nusenu” and who operates their own node on the Tor network. On their Medium, nusenu writes that they first uncovered evidence of the threat actor—which they have dubbed “KAX17”—back in 2019. After doing further research into KAX17, they discovered that they had been active on the network as far back as 2017.

In essence, KAX appears to be running large segments of Tor’s network—potentially in the hopes of being able to track the path of specific web users and unmask them.

[…]

in the case of KAX17, the threat actor appears to be substantially better resourced than your average dark web malcontent: they have been running literally hundreds of malicious servers all over the world—activity that amounts to “running large fractions of the tor network,” nusenu writes. With that amount of activity, the chances that a Tor user’s circuit could be traced by KAX is relatively high, the researcher shows.

Indeed, according to nusenu’s research, KAX at one point had so many servers—some 900—that you had a 16 percent likelihood of using their relay as a first “hop” (i.e., node in your circuit) when you logged onto Tor. You had a 35 percent chance of using one of their relays during your 2nd “hop,” and a 5 percent chance of using them as an exit relay, nusenu writes.

There’s also evidence that the threat actor engaged in Tor forum discussions, during which they seem to have lobbied against administrative actions that would have removed their servers from the network.

[…]

Many of the threat actor’s servers were removed by the Tor directory authorities in October 2019. Then, just last month, authorities again removed a large number of relays that seemed suspicious and were tied to the threat actor. However, in both cases, the actor seems to have immediately bounced back and begun reconstituting, nusenu writes.

It’s unclear who might be behind all this, but it seems that, whoever they are, they have a lot of resources. “We have no evidence, that they are actually performing de-anonymization attacks, but they are in a position to do so,” nusenu writes. “The fact that someone runs such a large network fraction of relays…is enough to ring all kinds of alarm bells.”

“Their actions and motives are not well understood,” nusenu added.

Source: Someone Is Running Hundreds of Malicious Servers on Tor Network

U.S. State Department phones hacked with Israeli company NSO spyware

Posted on by

Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.

The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.

The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.

Reuters could not determine who launched the latest cyberattacks.

NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled access for the relevant customers and would investigate based on the Reuters inquiry.

[…]

Source: U.S. State Department phones hacked with Israeli company spyware – sources | Reuters