The Linkielist

Linking ideas with the world

The Linkielist

Windows 11 reopens browser wars by including Teams

Posted on by

You can spot a veteran of the Browser Wars a mile off. These fearsome conflicts, fought across the desktops of the world not 20 years ago, left deep scars.

[…]

By Gen XP, it was all over and the internet desktop was under total Empire control. Then came the Rebel Alliance of Chrome and Firefox, and in a few short years we were liberated.

Like every peacetime generation, those since have forgotten the conflict. They assume that freedom is here by right. The desktop is an antique battleground, as obsolete as warships in the Baltic. We are mobile, we are cloud, all places where access lock-in is baked out.

[…]

the new superweapon you’ll get for free is Microsoft Teams, which is now super-snugly installed on the Windows 11 desktop and just a click away from easy-peasy sign-on to the Empire. Everything else that MS really wants you to use – OneDrive, Office 365, those blasted widgets – you can do away with. Teams? Ah, not so much. Teams is there, ostensibly, to talk to other people, and if they’re on Teams you have to use it too. Documents, spreadsheets, files of all sorts – a OneDrive, Office 365 user can swap stuff with your Google Drive and apps.

[…]

What makes the conferencing space as tempting a resource as Mesopotamian oil fields to the Great Powers? It’s the same as the Browser Wars – those who control the conversation between humans and the digital control the world. Every file you share, every connection made, every link swapped, is treasure to be collected. It’s all funnelled together automatically. Watch as in-Teams access channels spring up across businesses for helplines, content accumulators, special offer conduits, payment systems.

The long trail of interactions between conferencing system users, each other, and their resources, produces a rich seam of ready-to-mine behaviour that, because it is so task-focused, is massively monetisable.

[…]

This is a terrible prospect, not just for Slack but for everyone. IE6’s reign was marked by stagnation; all companies see spending development resources for a monopoly service as waste. It had its slave army toiling in the factory, they should be grateful for what they get. And if you think Teams is less fun than tickling the tonsils of a decomposing turbot, wait until Microsoft has settled in to enjoy its new monopoly.

What saved the world were internet open standards – Microsoft couldn’t manage that lock-in, hard as it tried. This time, the standards don’t exist or where they do, they’re not used by the big players, who control the whole chain end-to-end. Third-party endpoints are not allowed. So it doesn’t matter if you’re on a non-MS desktop or a mobile device, you’ll have to use the Microsoft app.

[…]

 

Source: Windows 11 comes bearing THAAS, Trojan Horse as a service • The Register

Russia’s Checkmate Light Tactical Fighter Is Officially Unveiled (Updated)

Posted on by

The wraps have finally, officially, come off the mock-up of Russia’s new light fighter, the Sukhoi Checkmate, also known as the Light Tactical Aircraft, or LTS in Russian, with a formal unveiling at the opening of the MAKS international air show at Zhukovsky, outside Moscow, today. Observers who had been given a succession of tantalizing, and mainly unofficial, glimpses of the new jet over the last few days now have the chance to examine the aircraft from all aspects. The actual ceremony ended up being delayed by several hours, perhaps to accommodate the visit by Russian President Vladimir Putin, who was shown inspecting the mock-up after opening the show.

The end result is very much in keeping with the observations that The War Zone has been gathering based on initial, leaked, imagery, much of it that came when the aircraft was still literally under wraps. The United Aircraft Corporation and Rostec, for their part, which are responsible for the Sukhoi design bureau, seemed to actively encourage this process, harnessing it as something of a PR coup.

ROSTEC

The unveiling of the Sukhoi Checkmate, or LTS, earlier today.

You can read our full assessment of the jet here, based on its first fleeting appearance “in the flesh,” as well as our analysis of the single-engine concept and the potential sales prospects of such an aircraft.

The aircraft’s intake has been one of its most debated features over the last week. New imagery shows the angular ventral inlet, which wraps around the lower nose section, to share features with a diverterless supersonic inlet (DSI) design, but exactly how mature Russia’s take on this concept is, remains to be seen.

In terms of new developments, we now know that, as suspected, there is a larger main weapons bay within the lower fuselage. This is designed to accommodate three examples of the RVV-BD air-to-air missile, the export version of the very-long-range R-37M, or AA-13 Axehead, a weapon that you can read more about here. Furthermore, we now have confirmation that the long, conformal weapons bays located forward of the main landing gear are indeed intended to house smaller air-to-air missiles, for close-range defense.

Performance-wise, the manufacturer is apparently claiming a short takeoff and landing capability (rather than a full short takeoff and vertical landing capability, as in the F-35B), a range of up to 1,860 miles, combat radius of 930 miles, and a payload in excess of 15,000 pounds.

The airframe is said to be stressed to 8g, which is only slightly less than the 9g at which the airframe of the Su-35S Flanker heavyweight fighter is rated. This may reflect the fact the design focuses more on low-observable characteristics and range than maneuverability, although the final result is likely closer to the Su-57, concentrating on reducing the signature from the frontal hemisphere, rather than all-aspect stealth.

[…]

The projected timeline for the LTS includes the first flight of a technology demonstrator in 2023, followed by construction of pre-series prototypes in 2024-25, and delivery of initial production examples potentially as early as 2026-27.

[…]

The planned powerplant is not confirmed, but it is described as an engine in the 14.5 to 16-ton thrust class engine, utilizing off-the-shelf components. This rating would put it at the upper end of the output of the AL-41F1 turbofan now used in the Su-57, or at the lower end of the all-new Izdeliye 30, which is currently still in development.

[…]

In addition to the three long-range and two short-range AAMs that can be carried in the internal bays, a wide variety of air-to-ground ordnance is being offered as well. Unusually for a fifth-generation design, as well as different precision-guided munitions, the unveiling showed that the jet will also be able to carry various unguided rockets and dumb bombs. There will also be provision for an internal cannon, likely a 30mm weapon as on the Su-57.

YOUTUBE SCREENCAP/ROSTEC

YOUTUBE SCREENCAP/ROSTEC

The active electronically scanned array (AESA) radar, of undisclosed type, is intended to engage six targets simultaneously while operating in a hostile electronic countermeasures environment. The radar will be part of one of an all-round sensor suite, including passive devices, likely similar to those found on the Su-57.

[…]

As of today, the program is being funded internally, with investors being sought to launch production for export. Interestingly, officials said they hoped that Russia might opt for the unmanned variant, rather than the manned fighter.

Source: Russia’s Checkmate Light Tactical Fighter Is Officially Unveiled (Updated)

F-117 flying more often as Aggressors

Posted on by

More and more as of late, some of the F-117 Nighthawks long retired from active duty are now enjoying their secretive second life as developmental and red air aggressor platforms. The Air Force Test Center pilots that fly the Air Force Materiel Command-owned jets out of the shadowy Tonopah Test Range Airport (TTR) have been steadily expanding their operations in recent months with the type operating from other installations, refueling from standard tankers, and even frequenting Nellis AFB, home of the USAF’s aggressors. We have reported extensively on this unique role for the F-117s, including their first known appearance at the giant Red Flag air warfare exercises last August. Now we have new images that show “Black Jets” in action, roaring low over the Nevada desert during a Red Flag sortie.

[…]

As for the F-117s, part of their duties includes serving as low-observable aggressors, which has become a necessity in a world where stealthy aircraft and cruise missiles are proliferating. They also work in a developmental role for low-observable and counter-low observable technologies. For Red Flag, they are part of the bad guys’ team. While flying missions during broad daylight may not have been on the docket during their operational career, these jets provide a target unlike anything fleet aircrews have encountered before. One can imagine how their elusive radar signature can only become harder to detect while flying amongst the ground clutter.

[…]

Also of note, the F-117s have their retractable antennas extended, which does impact their low-observable cloak from certain angles. This could be a necessity for taking part in the exercise or it could be because the aircraft are leaving the training area and can communicate more freely as they are no longer valid targets. It’s also worth noting that radar reflectors are not mounted on the aircraft, so they are in a low-observable configuration.

[…]

Source: F-117 Aggressors Photographed Low Over The Nevada Desert During Red Flag War Games

Japanese Police Arrest Man For Selling Modded Save Files For Single-Player Nintendo Game

Posted on by

Japan’s onerous Unfair Competition Prevention Law has created what looks from here like a massive overreach on the criminalization of copyright laws. Past examples include Japanese journalism executives being arrested over a book that tells people how to back up their own DVDs, along with more high-profile cases in which arrests occurred over the selling of cheats or exploits in online multiplayer video games. While these too seem like an overreach of copyright law, or at least an over-criminalization of relatively minor business problems facing electronic media companies, they are nothing compared with the idea that a person could be arrested and face jail time for the crime of selling modded save-game files for single player game like The Legend of Zelda: Breath of the Wild.

A 27-year old man in Japan was arrested after he was caught attempting to sell modified Zelda: Breath of The Wild save files.

As reported by the Broadcasting System of Niigata (and spotted by Dextro) Ichimin Sho was arrested on July 8 after he posted about modified save files for the Nintendo Switch version of Breath of The Wild. He posted his services onto an unspecified auction site, describing it as “the strongest software.” He would provide modded save files that would give the player improved in-game abilities and also items that were difficult to obtain were made available as requested by the customer. In his original listing, he reportedly was charging folks 3,500 yen (around $31 USD) for his service.

Upon arrest, Sho admitted that he’s made something like $90k over 18 months selling modded saves and software. Whatever his other ventures, the fact remains that Sho was arrested for selling modded saves for this one Zelda game to the public. And this game is fully a single-player game. In other words, there is not aspect of this arrest that involved staving off cheating in online multiplayer games, which is one of the concerns that has typically led to these arrests in Japan within the gaming industry.

[…]

Source: Japanese Police Arrest Man For Selling Modded Save Files For Single-Player Nintendo Game | Techdirt

Google fined €500m for not paying French publishers after copying their texts on search results

Posted on by

Google was fined €500m ($590m, £425m) by the French Competition Authority on Tuesday for failing to negotiate fees with news publishers for using their content.

In April last year, the regulator ruled the American search giant had to compensate French publishers for using snippets of their articles in Google News, citing European antitrust rules and copyright law. Google was given three months to figure out how much to pay publishers. More than a year later, no licensing deals have been struck, and Google did not “enter into negotiations in good faith,” we’re told. For one thing, it just stopped including snippets from French publishers in all Google services.

[…]

Now, the FCA has sanctioned the Chocolate Factory €500m and has given it two months to negotiate with French publishers. If the web giant continues to dilly-dally after this point, it’ll be fined up to €900,000 (over $1m or around £767,000) a day until it complies with the FCA’s demands.

[…]

Source: Google fined €500m for not paying French publishers after using their words on web • The Register

Gmail to show your company logo in inbox if DMARC and BIMI authenticated

Posted on by

After first announcing Gmail’s Brand Indicators for Message Identification (BIMI) pilot last year, today we’re announcing that over the coming weeks we’re rolling out Gmail’s general support of BIMI, an industry standard that aims to drive adoption of strong sender authentication for the entire email ecosystem

[…]

BIMI enables organizations that authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance (DMARC)—a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones—to validate ownership of their logos and securely transmit them to Google. BIMI is designed to be easy: for organizations with DMARC in place, validated logos display on authenticated emails from their domains and subdomains.

Here’s how it works: Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.

[…]

For logo validation, BIMI is starting by supporting the validation of trademarked logos, since they are a common target of impersonation. Today, Entrust and DigiCert support BIMI as Certification Authorities, and in the future the BIMI working group expects this list of supporting validation authorities to expand further. To learn more about BIMI and see the latest news, visit the working group’s website.

To take advantage of BIMI, ensure that your organization has adopted DMARC, and that you have validated your logo with a VMC

[…]

Source: Bringing BIMI to Gmail in Google Workspace | Google Cloud Blog

Inside the Industry That Unmasks People at Scale: yup your mobile advertising ID isn’t anonymous either

Posted on by

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.

“If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous,” Senator Ron Wyden told Motherboard in a statement.

“We have one of the largest repositories of current, fresh MAIDS<>PII in the USA,” Brad Mack, CEO of data broker BIGDBM told us when we asked about the capabilities of the product while posing as a customer. “All BIGDBM USA data assets are connected to each other,” Mack added, explaining that MAIDs are linked to full name, physical address, and their phone, email address, and IP address if available. The dataset also includes other information, “too numerous to list here,” Mack wrote.

A MAID is a unique identifier a phone’s operating system gives to its users’ individual device. For Apple, that is the IDFA, which Apple has recently moved to largely phase out. For Google, that is the AAID, or Android Advertising ID. Apps often grab a user’s MAID and provide that to a host of third parties. In one leaked dataset from a location tracking firm called Predicio previously obtained by Motherboard, the data included users of a Muslim prayer app’s precise locations. That data was somewhat pseudonymized, because it didn’t contain the specific users’ name, but it did contain their MAID. Because of firms like BIGDBM, another company that buys the sort of data Predicio had could take that or similar data and attempt to unmask the people in the dataset simply by paying a fee.

[…]

“This real-world research proves that the current ad tech bid stream, which reveals mobile IDs within them, is a pseudonymous data flow, and therefore not-compliant with GDPR,” Edwards told Motherboard in an online chat.

“It’s an anonymous identifier, but has been used extensively to report on user behaviour and enable marketing techniques like remarketing,” a post on the website of the Internet Advertising Bureau, a trade group for the ad tech industry, reads, referring to MAIDs.

In April Apple launched iOS 14.5, which introduced sweeping changes to how apps can track phone users by making each app explicitly ask for permission to track them. That move has resulted in a dramatic dip in the amount of data available to third parties, with just 4 percent of U.S. users opting-in. Google said it plans to implement a similar opt-in measure broadly across the Android ecosystem in early 2022.

[…]

Source: Inside the Industry That Unmasks People at Scale

Fifteen Percent Of U.S. Air Force F-35s Don’t Have Working Engines

Posted on by

A total of 46 F-35 stealth fighters are currently without functioning engines due to an ongoing problem with the heat-protective coating on their turbine rotor blades becoming worn out faster than was expected. With the engine maintenance center now facing a backlog on repair work, frontline F-35 fleets have been hit, with the U.S. Air Force’s fleet facing the most significant availability shortfall.

At a hearing before the U.S. House Committee on Armed Services’ Subcommittee on Tactical Air and Land Forces yesterday, Air Force Lieutenant General Eric T. Fick, director of the F-35 Joint Program Office, confirmed that 41 U.S. Air Force F-35s, as well as one Joint Strike Fighter belonging to the U.S. Marine Corps, another from the U.S. Navy, and three that had been delivered to foreign air forces were grounded without engines. Those figures were as of July 8.

U.S. Air Force/Staff Sgt. Staci Miller

An F-35A assigned to the 61st Fighter Squadron at Luke Air Force Base, Arizona, takes off as the sun sets, during corrosion testing of the F135 engine.

The exact breakdown of how many of each F-35 variant lack engines is unclear. The Air Force and the Navy only fly the F-35A and F-35C, respectively, but the Marines operate both F-35Bs and F-35Cs and various models are in service with other military forces around the world.

[…]

It is worth remembering too, of course, that the F-35 enterprise almost had an alternative engine to the F135. However, the General Electric/Rolls-Royce F136 turbofan was deemed to be an unnecessary expense and was eventually canceled in 2011, when the project was over 80 percent complete. With the benefit of hindsight, it can well be imagined that an alternative source of engines would be very valuable right now.

[…]

Source: Fifteen Percent Of U.S. Air Force F-35s Don’t Have Working Engines

Using satellites to track tiny plastic particles and their concentration in the ocean

Posted on by

Most data on microplastic concentrations comes from commercial and research ships that tow plankton nets—long, cone-shaped nets with very fine mesh designed for collecting marine microorganisms.

But net trawling can sample only small areas and may be underestimating true plastic concentrations. Except in the North Atlantic and North Pacific gyres—large zones where rotate, collecting floating debris—scientists have done very little sampling for microplastics. And there is scant information about how these particles’ concentrations vary over time.

To address these questions, University of Michigan research assistant Madeline Evans and I developed a new way to detect microplastic concentrations from space using NASA’s Cyclone Global Navigation Satellite System. CYGNSS is a network of eight microsatellites that was launched in 2016 to help scientists predict hurricanes by analyzing tropical wind speeds. They measure how wind roughens the ocean’s surface—an indicator that we realized could also be used to detect and track large quantities of microplastics.

This animation shows how satellite data can be used to track where microplastics enter the water, how they move and where they tend to collect.

Looking for smooth zones

[…]

The radars on CYGNSS satellites are designed to measure winds over the ocean indirectly by measuring how they roughen the water’s surface. We knew that when there is a lot of material floating in the water, winds don’t roughen it as much. So we tried computing how much smoother measurements indicated the surface was than it should have been if winds of the same speed were blowing across clear water.

This anomaly—the “missing roughness”—turns out to be highly correlated with the concentration of microplastics near the ocean surface. Put another way, areas where surface waters appear to be unusually smooth frequently contain high concentrations of microplastics. The smoothness could be caused by the microplastics themselves, or possibly by something else that’s associated with them.

By combining all the measurements made by CYGNSS satellites as they orbit around the world, we can create global time-lapse images of ocean microplastic concentrations. Our images readily identify the Great Pacific Garbage Patch and secondary regions of high microplastic concentration in the North Atlantic and the southern oceans.

These images show microplastic concentrations (number of particles per square kilometer) at the mouths of the Yangtze and Qiantang rivers where they empty in to the East China Sea. (A) Average density year-round; (B) short-lived burst of particles from the Qiantang River; (C and D) short-lived bursts from the Yangtze River. Credit: Evans and Ruf, 2021., CC BY

Tracking microplastic flows over time

Since CYGNSS tracks wind speeds constantly, it lets us see how microplastic concentrations change over time. By animating a year’s worth of images, we revealed that were not previously known.

We found that global microplastic concentrations tend to peak in the North Atlantic and Pacific during the Northern Hemisphere’s summer months. June and July, for example, are the peak months for the Great Pacific Garbage Patch.

Concentrations in the Southern Hemisphere peak during its summer months of January and February. Lower concentrations during the winter in both hemispheres are likely due to a combination of stronger currents that break up microplastic plumes and increased vertical mixing—the exchange between surface and deeper water—that transports some of the microplastic down below the surface.

This approach can also target smaller regions over shorter periods of time. For example, we examined episodic outflow events from the mouths of the China’s Yangtze and Qiantang rivers where they empty into the East China Sea. These events may have been associated with increases in industrial production activity, or with increases in the rate at which managers allowed the rivers to flow through dams.

[…]

While the ocean roughness anomalies that we observed correlate strongly with concentrations, our estimates of concentration are based on the correlations that we observed, not on a known physical relationship between floating microplastics and ocean roughness. It could be that the roughness anomalies are caused by something else that is also correlated with the presence of microplastics.

One possibility is surfactants on the ocean surface. These liquid chemical compounds, which are widely used in detergents and other products, move through the oceans in ways similar to microplastics, and they also have a damping effect on wind-driven ocean roughening.

Further study is needed to identify how the smooth areas that we identified occur, and if they are caused indirectly by surfactants, to better understand exactly how their transport mechanisms are related to those of microplastics.

[…]

Source: The ocean is full of tiny plastic particles – we found a way to track them with satellites

Major crypto scammer sentenced to 15 years in prison

Posted on by

The mastermind behind what the government says is one of the largest cryptocurrency Ponzi schemes prosecuted in the US has been sentenced to 15 years in prison. While crypto scams have been getting increasingly common, Swedish citizen Roger Nils-Jonas Karlsson defrauded thousands of victims and stole tens of millions of dollars over a period that lasted almost a decade. He pleaded guilty to securities and wire fraud, as well as money laundering charges on March 4th.

According to the Department of Justice, Karlsson ran his fraudulent investment scheme from 2011 until he was arrested in Thailand in 2019. He targeted financially insecure individuals, such as seniors, persuading them to use cryptocurrency to purchase shares in a business he called “Eastern Metal Securities.” Based on information from court documents, he promised victims huge payouts tied to the price of gold, but the money they handed over wasn’t invested at all. It was moved to Karlsson’s personal bank accounts instead and used to purchase expensive homes and even resorts in Thailand.

To keep his scheme running for almost a decade, he’d rebrand and would show victims account statements in an effort to convince them that their funds are secure. Karlsson would then give them various excuses for payout delays and even falsely claimed to be working with the Securities and Exchange Commission. During the sentencing, US District Judge Charles R. Breyer ordered his Thai resorts and accounts to be forfeited. He was also ordered to pay his victims in the amount of $16,263,820.

Acting US Attorney Stephanie Hinds of the Northern District of California said:

“The investigation into Roger Karlsson’s fraud uncovered a frighteningly callous scheme that lasted more than a decade during which Karlsson targeted thousands of victims, including financially vulnerable seniors, to callously rob them of their assets and all to fuel an extravagant lifestyle surrounded by luxury condominiums and lavish international vacations. The court’s decision to order a 180-month prison term reflects the fact that Karlsson’s cryptocurrency Ponzi scheme is one of the largest to be sentenced to date and ensures that Karlsson now will have plenty of time to think about the harm he has caused to his victims.”

Source: Major crypto scammer sentenced to 15 years in prison | Engadget

Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual

Posted on by

Palo Alto Networks’ global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year – along with an estimation of the multimillion-dollar payouts it’s receiving.

[…]

The group, which provides what security wonks have come to term “Ransomware as a Service” or RAAS, has been fingered in some high-profile attacks: Travelex, an entertainment-focused law firm with an A-lister client base; Apple supplier Quanta Computer; a major meat producer; a nuclear weapons contractor; and fashion giant French Connection UK – among many others.

Most recently, the group gained access to an estimated 1,500 companies through the Kayesa VSA platform. While the company denied a supply-chain attack, it disabled its Saas platform as a security measure – and, as of this morning, was struggling to recover.

[…]

“For these services, REvil takes a percentage of the negotiated ransom price as their fee. Affiliates of REvil often use two approaches to persuade victims into paying up: they encrypt data so that organizations cannot access information, use critical computer systems or restore from backups, and they also steal data and threaten to post it on a leak site (a tactic known as double extortion).”

According to research carried out by Martineau and colleagues, REvil and its affiliates averaged $2.25m in payouts per breach over the first six months of 2021 – chickenfeed compared to the $70m the group is demanding for a universal decryption tool designed to unlock the data being ransomed as a result of the Kaseya attack.

The methods chosen by the group to gain access to the target systems are depressingly simple, Martineau’s report claimed, with the most common methods being as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously-compromised credentials.

“However,” Martineau noted, “we also observed a few unique vectors that relate to the recent Microsoft Exchange Server CVEs, as well as a case that involved a SonicWall compromise.”

Once in, REvil attackers cement their access by creating new local and domain user accounts, install Cobalt Strike’s Beacon covert payload – a commercial product which apparently delivers a little too well on its promise to “model advanced attackers” for “threat emulation” – and disable antivirus, security services, and other protection systems. The impact is further expanded to other devices on the network, using “various open-source tools to gather intelligence on a victim environment.”

It could be a while before the attack is noticed, too – no surprise given how the group often exfiltrates gigabytes of data as part of its ransom approach. “REvil threat actors often encrypted the environment within seven days of the initial compromise,” Martineau found. “However, in some instances, the threat actor(s) waited up to 23 days. [They] often used MEGASync software or navigated to the MEGASync website to exfiltrate archived data. In one instance, the threat actor used RCLONE to exfiltrate data.

[…]

The full report has been published on the Unit 42 site.

Source: Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual • The Register

Three-dozen US states plus DC sue Google over Play Store’s revenue cut, payment system, and more

Posted on by

As expected, Google is facing a fresh legal assault regarding its Play Store, the 30 per cent cut it took from developers’ revenues via the software souk, and other rules and restrictions.

In an antitrust lawsuit [PDF] filed in a federal district court in San Francisco on Wednesday, 36 US states and commonwealths, plus Washington DC, alleged Google ran roughshod over the Sherman Act, screwing over users and software makers by abusing its monopoly on Android and the distribution of apps.

Those states include New York, California, Florida, Washington, New Jersey, North Carolina, and Arizona, though not Texas, Pennsylvania, Ohio, nor Illinois, among others. There doesn’t appear to be an obvious partisan split.

The complaint is wide-ranging and extensive, from criticizing Google’s commission from app and in-app purchases and that it must handle payments, to undue pressure on phone makers, to a ban on advertising by non-Play stores on Google’s web properties, like YouTube, and more.

[…]

In March, Google dropped its cut of app sales from 30 to 15 per cent for the first $1m a developer makes. The move mirrored a similar decision by Apple last year, matching the same terms almost exactly. This was not enough, it seems, to hold off attorneys general.

[…]

Source: Three-dozen US states plus DC sue Google over Play Store’s revenue cut, payment system, and more • The Register

OnePlus Admits to Throttling OnePlus 9 and 9 Pro for battery life

Posted on by

After a recent investigation by Anandtech pointed out that a number of popular apps were experiencing sluggish performance on the OnePlus 9 and OnePlus 9 Pro, OnePlus has now admitted to throttling hundreds of popular apps to help “reduce power consumption.”

Anandtech’s Andrei Frumusanu noticed that a number of popular browsers, including Google Chrome, performed significantly worse on benchmarks such as Jetstream 2.o and Speedometer 2.0, posting results more similar to those from old budget phones than a modern high-end device. And while Gizmodo does not use those benchmarks as part of our review process (due in part to previous tampering from companies including OnePlus and others), we can confirm similar numbers in our own testing.

Upon further review, Anandtech discovered that OnePlus had installed a custom OnePlus Performance Service function that throttled the performance of apps like YouTube, Snapchat, Discord, Twitter, Zoom, Facebook, Microsoft Office apps, and even a number of first-party apps from OnePlus. And by limiting the performance of certain cores in the OnePlus 9 and 9 Pro’s Snapdragon 888 processor, OnePlus was effectively throttling these apps in order to help deliver increased battery life.

In a statement provided to XDA Developers, OnePlus has confirmed it throttled the performance of apps on the OnePlus 9 and 9 Pro

[…]

Source: OnePlus Admits to Throttling OnePlus 9 and 9 Pro

This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

Posted on by

Ransomware attacks are on the rise, but quantifying the scope of the problem can be tricky when only the most high-profile cases make headlines. Enter Ransomwhere,

[…]

Jack Cable, a security architect at the cybersecurity consulting firm Krebs Stamos Group, launched the site on Thursday.

[…]

The way it works is Ransomwhere keeps a running tally of ransoms paid out to cybercriminals in the bitcoin cryptocurrency. This is largely made possible because of the transparent nature of bitcoin: All transactions involving the cryptocurrency are recorded on the blockchain, a decentralized database that acts as a public ledger, thus allowing anyone to track any transactions specifically associated with ransomware groups.

[…]

Since the U.S. dollar value of bitcoin is constantly fluctuating, Ransomwhere calculates each ransom amount based on the bitcoin exchange rate on the day that the transaction was sent.

[…]

So far in 2021, the Russia-linked cybercriminal gang that took credit for the Kaseya and JBS attacks, REvil, is leading the pack by a mile with more than $11 million in ransom payments, according to Ransomwhere. Coming in second with 6.2 million is Netwalker, one of the most popular ransomware-as-a-service offerings on the dark web. Though it should be noted that Netwalker has the dubious honor of racking up the most ransom payments of all time, with roughly $28 million to its name based on the site’s data.

REvil could soon surpass that record if its recent demands for $70 million are met. That’s how much the gang asked for on Sunday to publish a universal decryptor that would unlock all computers affected in the Kaseya hack, a supply chain attack that has crippled more than 1,000 companies worldwide and prompted a federal investigation.

[…]

Source: This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

Iran’s Train System Hacked, Khamenei’s phone nr posted on station msg boards as help line

Posted on by

Cyberattacks reportedly disrupted Iran’s railway system on Friday, causing “unprecedented chaos” at stations throughout the country, according to state media.

The hackers, whoever they are, also reportedly trolled the nation’s Supreme Leader Ali Khamenei, posting his phone number as “the number to call for information” on multiple train station message boards, Reuters reports. According to some Iranian outlets, the number, 64411, was displayed on screens in train stations and redirected to Ayatolla Khamenei’s office when dialed.

The railway’s website, local ticket offices, and cargo services have all apparently been affected, the news outlet reports.

There isn’t otherwise a whole lot of information about this incident, though local reporting would appear to suggest that trains have been massively delayed but not totally stalled.

[…]

Source: Iran’s Train System Reportedly Hacked by Trolling Attackers

Samsung Washing Machine App Requires Access to Your Contacts and Location

Posted on by

A series of Samsung apps that allow customers to control their internet-connected appliances require access to all the phone’s contacts and, in some cases, the phone call app, phone’s location, and camera. Customers have been furious about this for years.

On Wednesday, a Reddit user complained that their washing machine app, the Samsung Smart Washer, wouldn’t work “unless I give it access to my contacts, location and camera.”

This is a common complaint.

[…]

These situations speak to two issues: Apps that demand permissions that they don’t need, and “smart” and internet of things devices that make formerly simple tasks very complicated, and open up potential privacy and security concerns.

Generally speaking, over the last few years, people have become more sensitive to what they’re giving up in privacy and potentially security when they deal with big tech companies. Smart TVs (Samsung included), for example, have been caught listening to users and automatically deliver ads. Tech companies have had to adapt and do better. For example, both Apple and Google allow users to see what data an app has access to, and in some cases users can toggle the permissions individually. The upcoming new version of Android will even have a dedicated “Privacy Dashboard” where users can see which apps used what permissions, and revoke them if they want. Apple’s iOS has similar functionality. But none of this stops app developers from asking users to accept unnecessary permissions.

It’s unclear why apps that are designed to let you set the type of washing cycle you want, or see how long it’s gonna take for the dryer to be done, would need access to your phone’s contacts. In an FAQ for another Samsung app, the company says it needs access to contacts “to check if you already have a Samsung account set up in your device. Knowing this information helps mySamsung to make the sign-in process seamless.”

[…]

Source: Samsung Washing Machine App Requires Access to Your Contacts and Location

Richard Branson becomes first billionaire in space

Posted on by

The rocket ship launched the 70-year-old and his crew from Spaceport America in the New Mexico desert.

Tropical storms had delayed the launch before setting off at around 3.30pm.

Branson – known as ‘Astronaut 001’ – soared into space in his blue spacesuit aboard Virgin Space Ship Unity, a 62ft rocket-powered space plane nestled between the twin hulls of Mother Ship Eve, which propelled them to an altitude of around 55 miles.

Source: Virgin Galactic space launch LIVE – Richard Branson WINS battle with Elon Musk to become first billionaire in space

Link contains a good summary video. Nice to see Richard beat out Elon Musk and Jeff Bezos – what an achievement!

HOTAS, HOSAS, Dual Joysticks, Omnithrottle, Space and Flight sim controllers

Posted on by

What are these terms and how do they work in terms of control schemes? In this world you generally get what you pay for – if it’s cheap, then it’s probably plasticky and nasty. If it’s expensive, then it’s probably high quality. Saitek and Logitech have equipment running from low to midrange. Thrustmaster from mid to high range.

The VKB Gladiator NXT is currently the most popular midrange joystick you can find around $120 – $150 which comes in left and righthand versions.

If you have the money though, you go for the Virpil (VPC) Constellation Alpha (both left and right hand) and MongoosT-50CM2 grips and bases

WingWin.cn has a very good F-16 throttle, stick and instrument panel with desk mounts

shop first image

HOTAS

The world of flight sim control used to be fairly straightforward: ideally you had a stick on the right, a throttle unit on the left and rudders in the middle. Some stick makers tried to replace the rudder with a twistable stick grip and maybe a little throttle lever on the stick so you could get full control cheaper – the four degrees of freedom (roll, yaw, pitch and thrust) / 4 DOF on a single stick. You had less buttons but you used the keyboard and mouse more.

HOSAS / Dual Stick

Now in the resurgence of the age of space sims – (Elite Dangerous, Star Citizen, No Mans Sky, Star Wars Squadrons and Tie Fighter Total Conversion to name a few) the traditional HOTAS (Hands on Throttle and Stick) is losing ground to the HOSAS (Hands on Stick and Stick). The HOSAS offers six degrees of freedom (6 DOF): roll, yaw, pitch, thrust + horizontal and vertical translation / strafing, which makes sense for a space plane that can not only go backwards but can also strafe directly upwards and downwards or left and right.

This gives rise to some interesting control schemes:

Left stick
x-axistranslate / strafe left + right
y-axisthrottle
z/twist-axistranslate / strafe up + down
Right stick
x-axisroll
y-axispitch
z/twist axisyaw

a variation which seems to be popular in Star Wars Squadrons is

Right stick
x-axisyaw
y-axispitch
z/twist-axisroll
`

another variation with throttling

Left stick
x-axistranslate / strafe left + right
y-axistranslate / strafe up + down
z/twist-axisthrust

often combined with:

rudder left footthrottle backwards / reverse
rudder right footthrottle forwards

Different combinations work better or worse depending on the person and how tiring it is for them personally. As Reddit user Enfiguralimificuleur points out: “It worked best for me with Z/twist being the throttle. I found it very efficient to adjust your speed properly. Very easy to stay at that speed as well.
However due to wrist issue and tendinitis, some positions are VERY awkward. Try pulling+right+twisting. Ouch. And even without the pain, this is not comfortable.”

Throttling and the Omnithrottle

The throttle can be set in different ways: a traditional HOTAS throttle is set to where it’s pushed to. Generally sticks have a recentering mechanism. This means that it’s easy to find reverse but can get annoying because to throttle you need to keep pushing the stick forwards. There are a few solutions to this.

First, The VKB gunfighter III base has a dry clutch which will remove the centering spring back of the pitch axes, meaning you can assign that to thrust and basicly have a stick that stays there mimicking a throttle while still allowing for rotation and roll axes.

Second, people can use a traditional throttle as well (so then I guess it becomes a HOTSAS)

Third, you can map a hat to 0, 50, 75, 100% speed and set speeds that way as a sort of cruise control

Fourth you can use the rudder (left foot back, front foot forward) or z-axis (twist) for thrust / throttle control. This will not eliminate the problem though.

The omnithrottle is when you angle the left hand stick around 90 degrees downwards so that it looks like a throttle. You retain the three axes and the extra buttons and hats, giving you more freedom.

Sessine has a guide to converting a VKB stick to an omnithrottle – he gives credits to users JaguarMG and Pretagonist

This extension can also be found on Thingiverse with instructions

There is a Youtube video of the Angled Virpil Stick Adapter / Omnidirectional Throttle here using a Gardena hose to hose fixing adapter

and Issalzul has a two part writeup of their throttle (part 1 / part 2)

r/hotas - Finally finished my omnithrottle mod, thanks to this sub for giving me the idea!

For the VKB Gunfighter, ArtoriusPendragon has made a 3d file for the 3-Axis Throttle Adapter

r/HotasDIY - VKB Gunfighter 3-Axis Throttle Adapter

And Sarai_Seneschal has some tips on how to work with the #10 spring on his chair mounted HOSAS build.

r/hotas - VKB MCG Pro, VKB Kosmosima, Monstertech Chair Mount, 3D Printed throttle adapter designed by u/ArtoriusPendragon

CAD / 3D design mice

The 3D Connexion space mouse Pro has 12 programmable buttons and offers 6 DOF as well. It’s a left handed controller but might be interesting.

Attaching stuff to desks and stairs

For that I have a whole other post you can look at. Have fun!

Discuss

For Reddit discussions see r/HotasDIY and r/hotas – thanks for the input there, guys!

Report: Russian Cyber Spies Recently Hacked the RNC

Posted on by

According to a new investigation from Bloomberg, cyber spies connected to the Russian government recently hacked into the Republican National Committee—though the RNC has denied that their systems were breached in this way.

According to Bloomberg, the hacker group known as “Cozy Bear”—thought to be connected to Russia’s intelligence service, the SVR—conducted the intrusion, though it’s not clear what they viewed or whether they stole any data. The hackers are believed to have gained entry to the RNC’s networks through one of its IT providers, a company called Synnex Corp.

The incident occurred this past 4th of July weekend—around the same time that a cybercriminal group was launching a massive ransomware attack on American IT firm Kaseya, the damage from which is still being assessed. The Russian cybercriminal group REvil has claimed responsibility for that attack.

A notorious threat actor, Cozy Bear has been blamed for large parts of the “SolarWinds” hack, the likes of which compromised close to a dozen federal agencies and droves of American businesses. The group, which also goes by its technical designation APT 29, has also been accused of hacking the Democratic National Committee in the past.

[…]

Source: Report: Russian Cyber Spies Recently Hacked the RNC

DRM Strikes Again: Ubisoft Makes Its Own Game Unplayable By Shutting Down DRM Server

Posted on by

DRM has shown time after time to be of almost no hindrance whatsoever for those seeking to pirate video games, but has done an excellent job of hindering those who actually bought the game in playing what they’ve bought. Ubisoft, in particular, has had issues with this over the years, with DRM servers failing and preventing customers from playing games that can no longer ping the DRM server.

And while those instances involved unforeseen downtime or migrations impacting customers’ ability to play their games, this time it turns out that Ubisoft simply stopped supporting the DRM server for Might and Magic X-Legacy. And now basically everyone is screwed.

Last month, Ubisoft decided to end online support for a bunch of older games, but in doing so also brought down the DRM servers for Might and Magic X – Legacy, meaning players couldn’t access the game’s single-player content or DLC.

As Eurogamer reports, fans were not happy, having to cobble together an unofficial workaround to be able to continue playing past a certain point in the single-player. But instead of Ubisoft taking the intervening weeks to release something official to fix this, or reversing their original move to shut down the game’s DRM servers, they’ve decided to do something else.

They have simply removed the game for sale on Steam.

This, of course, does nothing for the people who already bought the game and now suddenly cannot progress through it completely, as all the DLC is non-functional. They can play the game up until a point, but then it just doesn’t work.

There are multiple bad actions on Ubisoft’s part here. First, using DRM like this is a terrible idea with almost no good consequences. But once it’s in use, you would think it would be the obligation of the company to ensure any changes it makes on its end don’t suddenly render purchases made by its customers unplayable. In other words, rather than ending support for a DRM server that nixes parts of a paid-for game, the company could have rolled out patches to remove the DRM completely so that none of this happened. After all, with the game no longer even available as a new purchase, what would be the harm in removing the DRM? And, of course, there’s the total lack of communication to Ubisoft customers about basically all of this.

Which is what has people so understandably pissed.

Source: DRM Strikes Again: Ubisoft Makes Its Own Game Unplayable By Shutting Down DRM Server | Techdirt

Researchers retrofit microscopes to take 3D images of cells in real-time

Posted on by

There’s a limit to what you can learn about cells from 2D pictures, but creating 3D images is a time-intensive process. Now, scientists from UT Southwestern have developed a new “simple and cost-effective” device capable of capturing multi-angle photos that can be retrofitted onto existing lab microscopes. The team say their solution — which involves inserting a unit of two rotating mirrors in front of a microscope’s camera — is 100 times faster than converting images from 2D to 3D.

Currently, this process involves collecting hundreds of photos of a specimen that can be uploaded as an image stack into a graphics software program, which then performs computations in order to provide multiple viewing perspectives. Even with a powerful computer, those two steps can be time-consuming. But, using their optical device, the team found they could bypass that method altogether.

What’s more, they claim their approach is even faster as it requires only one camera exposure instead of the hundreds of camera frames used for entire 3D image stacks. They discovered the technique while de-skewing the images captured by two common light-sheet microscopes. While experimenting with their optical method, they realized that when they used an incorrect amount of de-skew the projected image seemed to rotate.

“This was the aha! moment,” said Reto Fiolka, assistant professor at the Lyda Hill Department of Bioinformatics at UT Southwestern. “We realized that this could be bigger than just an optical de-skewing method; that the system could work for other kinds of microscopes as well.”

Using their modified microscope, the team imaged calcium ions carrying signals between nerve cells in a culture dish and looked at the circulatory system of a zebrafish embryo. They also rapidly imaged cancer cells in motion and a beating zebrafish heart. They also applied the optical unit to additional microscopes, including light-sheet and spinning disk confocal microscopy.

Source: Researchers retrofit microscopes to take 3D images of cells in real-time | Engadget

Getting Your iPhone Near This Cursed Network Breaks Its Wifi

Posted on by

iPhone doesn’t even have to connect to the network to mess up.

Back in June, security researcher Carl Schou found that when he joined the network “%p%s%s%s%s%n”, his iPhone permanently disabled its wifi functionality. Luckily, this was fixed by resetting all network settings, which erased the villainous wifi name from his phone’s memory. You would think that would have been the end of connecting to networks with weird and fishy sounding names, but you are not Schou.

On Sunday, he decided to try his luck again by investigating a public wifi network named “%secretclub%power”. According to Schou, just having an iOS device in the vicinity of a wifi network with this name can permanently disable its wifi functionality.

“You can permanently disable any iOS device’s WiFI by hosting a public WiFi named %secretclub%power,” he wrote on Twitter. “Resetting network settings is not guaranteed to restore functionality.”

Schou apparently struggled to find his way out of this one and get his wifi functionality back. He said he reset network settings multiple times, forced restarted his iPhone, and even contacted Apple’s device security team. The researcher eventually got some help from Twitter, which advised him to manually edit an iPhone backup to remove malicious entries from the known networks plist files.

[…]

Source: Getting Your iPhone Near This Cursed Network Breaks Its Wifi

1994’s Star Wars: TIE Fighter Remade With Modern Graphics

Posted on by

If EA’s Squadrons wasn’t quite to the scale you were hoping for from your Star Wars flight game, never mind: you can always replay 1994 classic TIE Fighter, which now has vastly-improved visuals and some other modern tweaks instead.

What you’re looking at here is TIE Fighter: Total Conversion, which isn’t actually the original TIE Fighter. Instead, it’s a mod for its sequel, 1999’s X-Wing Alliance, porting the original game’s menus and missions into a more robust engine, then using more mods on top of that (the X-Wing Alliance Upgrade Project) to make everything look nicer.

Having been in development for years, the project was finally and fully released over the weekend, and is so much more than just “TIE Fighter with better lighting.” Because this had to be rebuilt in a whole other game, the developers decided to take the opportunity to mess with the original, and have designed a “reimagined” campaign that goes for 37 missions and adds “more ships, bigger battles [and] in some cases completely new missions.”

The soundtrack has also been remastered, proper widescreen resolutions are available, and there’s VR support as well. Though it’s important to note that both those reimagined missions and the soundtrack are optional improvements; you can still play the original campaign and listen to the old MIDI soundtrack if you want.

Source: 1994’s Star Wars: TIE Fighter Remade With Modern Graphics

Audacity users stick the knife – and fork – in to strip audio editor of unwanted features and govt / police spyware

Posted on by

Contributors disgruntled with the recent direction of cross-platform FOSS audio software Audacity are forking the sound editor to a version that does not have the features or requirements that have upset some in the community.

One such project can be found on GitHub, with user “cookiengineer” proclaiming themselves “evil benevolent temporary dictator” in order to get the ball rolling.

“Being friendly seemed to have invited too many trolls,” observed the engineer, “and we must stop this behaviour.”

Presumably that refers to the trolling rather than being friendly. And goodness, the project has had somewhat of a baptism by fire in recent hours as a number of 4chan users elected to launch a raid on it.

This is why we can’t have nice things.

The project is blunt with regard to the causes of the fork – Audacity’s privacy policy updates, the contributors licence agreement, and the a furore over introducing telemetry have all played a part.

[…]

Source: Audacity users stick the knife – and fork – in to strip audio editor of unwanted features • The Register

Thinking about selling your Echo Dot—or any IoT device? Turns out passwords and other data remain even after a reset

Posted on by

Like most Internet-of-things (IoT) devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can “remove any… personal content from the applicable device(s)” before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data.

Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND—which is short for the boolean operator “NOT AND“—stores bits of data so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing to it produces bit errors that must be corrected using error-correcting code.

Reset but not wiped

NAND is usually organized in planes, blocks, and pages. This design allows for a limited number of erase cycles, usually in the neighborhood of between 10,000 to 100,000 times per block. To extend the life of the chip, blocks storing deleted data are often invalidated rather than wiped. True deletions usually happen only when most of the pages in a block are invalidated. This process is known as wear-leveling.

Researchers from Northeastern University bought 86 used devices on eBay and at flea markets over a span of 16 months. They first examined the purchased devices to see which ones had been factory reset and which hadn’t. Their first surprise: 61 percent of them had not been reset. Without a reset, recovering the previous owners’ Wi-Fi passwords, router MAC addresses, Amazon account credentials, and information about connected devices was a relatively easy process.

The next surprise came when the researchers disassembled the devices and forensically examined the contents stored in their memory.

“An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks),” the researchers wrote in a research paper. “We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset.”

[…]

If a device has not been reset (as in 61% of the cases), then it’s pretty simple: you remove the rubber on the bottom, remove 4 screws, remove the body, unscrew the PCB, remove a shielding and attach your needles. You can dump the device then in less than 5 minutes with a standard eMMC/SD Card reader. After you got everything, you reassemble the device (technically, you don’t need to reassemble it as it will work as is) and you create your own fake Wi-Fi access point. And you can chat with Alexa directly after that.

If the device has been reset, it gets more tricky and will involve some soldering. You will at least get the Wi-Fi credentials and potentially the position of the Wi-Fi using the MAC address. In some rare cases, you might be able to connect it to the Amazon cloud and the previous owner’s account. But that depends on the circumstances of the reset.

[…]

Source: Thinking about selling your Echo Dot—or any IoT device? Read this first | Ars Technica