The U.S. Air Force has described its bedeviled KC-46A Pegasus tanker as a “lemon,” amid ongoing problems that prevent it from performing its primary aerial refueling mission on a day-to-day basis. Now the Air Force is trying to find other ways to make use of these aircraft, of which it has already received 42 examples located at four operating bases.With deliveries set to continue at a rate of two aircraft per month, the service is now looking to put the Pegasus to work by fast-tracking at least some of the aircraft already delivered into “limited operations,” but probably not involving its core mission set of aerial refueling. Nevertheless, the move could enable the Pegasus to at least provide some utility during real-world operations as the Air Force counts down to the declaration of full operational capability, which won’t happen until late 2023 or 2024 at the earliest.U.S. Air Force/Louis BrisceseA KC-46A Pegasus arrives at Travis Air Force Base, California, in March 2017.“As I look over the 10 years, I have to say… right now where we’re at in the program is we’re making lemonade out of lemons,” General Jacqueline Van Ovost, the head of Air Mobility Command, told members of the press, as reported by the Defense One website. The embarrassing setbacks that have become an all-too-familiar aspect of the next-generation tanker program were also highlighted yesterday in an unusually candid tweet from the U.S. Transportation Command (USTRANSCOM), which admitted that problems with the tanker put “America’s ability to effectively execute day-to-day operations and war plans at risk.”
his week, Tesla finally gave in to the National Highway Traffic Safety Administration’s request to recall its Model S sedans and Model X SUVs over flash memory failures that will cause the cars’ signature 17-inch portrait-oriented central touchscreens to fail after a certain length of time—but not without pushback on the very definition of the word “defect,” according to a letter from Tesla’s legal department made public today.
Addressing federal regulators, Tesla Vice President of Legal Al Prescott made the case that the touchscreen failures didn’t constitute a defect worthy of a recall because the parts were only expected to last five to six years in the first place, which is certainly a novel strategy.
[…]
“[The eMMC flash memory] is inherently subject to wear, has a finite life (as NHTSA itself acknowledges), and may need replacement during the useful life of the vehicle…While the wear rate is heavily influenced by the active use of the center display system, even more so when the vehicle is in drive or charging, given a reasonable average daily use of 1.4 cycles, the expected life would be 5-6 years. NHTSA has not presented any evidence to suggest that this expected life is outside industry norms.”
Further, Prescott argued that it was wrong for the NHTSA to assert that the touchscreen “should last at least the useful life of the vehicle, essentially double its expected lifespan.” The fact that the average age of vehicles on U.S. roads hit an all-time high of 11.6 years in 2020, per CNBC.
He went on to call the eMMC “state of the art” for the time when it was designed and claimed the NHTSA’s regulations around defective parts were “anachronistic,” pushing back further on the NHTSA’s lifespan expectations
[…]
The fact that the flash memory device was only rated to handle half the lifespan of the average vehicle on the road raises numerous questions around new vehicles’ technology and planned obsolescence. If this was only expected to last five or six years, what else on the roads could fail earlier than consumers expect?
As the Washington Post notes, the way in which Teslas’ high-tech components wear could have dire consequences on the vehicles’ resale value. Unless there’s a way to recycle and reuse these throwaway components, the disposable nature of them could also leave a bad taste in eco-conscious consumers’ mouths.
Furthermore, why should consumers be expected to think that an internal component that’s required to access key safety features of the car should be a wear item? While Tesla has since added alerts that warn owners of a pending eMMC failure, a processor embedded in the internal components of a car isn’t something you can easily check on like a set of brake pads or tires, nor is it something that most consumers know to watch out for after so many miles of use.
The recall includes 134,951 Model S and Model X cars, making it Tesla’s biggest recall to date. It encompasses 2012 through 2018 Model S sedans as well as 2016 through 2018 Model X crossovers. This is fewer than the 158,000 cars requested by the NHTSA for recall, as Tesla excluded the vehicles that have already had memory upgrades or touchscreen replacements, reports the Washington Post.
Failures of the recalled memory chips are not the only issues that have dogged Model S and Model X touchscreens. Tesla CEO Elon Musk once bragged about sourcing the then-groundbreaking 17-inch screens outside of the usual automotive supply chain to save costs. Unfortunately, the screens weren’t built to handle the vibration loads and temperature fluctuations found in a car’s interior, causing them to prematurely yellow, bubble and even leak.
Wow, you really do get a piece of shit for buying a car from the most valuable car company in the world. Whilst Toyota has just stolen the crown from VW for selling the most cars per year.
Below is from the CNBC website. SLV spiked yesterday and some people will have you believe it’s the Gamestop buying and holding redditors from wallstreetbets that are pushing it. They are not. SLV is being pushed up by Capital Investments, the people the redditors are trying to destroy.
Below is a list of stories from CNBC – explicitly saying that redditors are going after this.
Just search the wallstreetbets subreddit, which is where the GME holders are concentrated
You will see loads of bots with almost no posts mentioning to buy SLV, NOC and others with people deriding them. But the main theme is absolutely to stay away from them and to hold GME, BB and AMC
For a good list of people running the redditors pursuing SLV misinformation (and thus in the pockets of the hedge funds), check out this reddit thread
Many online traders, feeling betrayed by Robinhood’s restrictions, have hit back with critical reviews of the app.
Google has removed tens of thousands of one-star reviews for the widely-used trading app – which had previously had a four-star average.
It says it takes action when it sees “fake ratings”, designed to manipulate a product’s average score.
But more one-star ratings – the minimum possible – have continued to appear.
While Robinhood stopped independent users from buying some shares after the surge in investment by independent traders, they still remained available to large, professional traders elsewhere- leading to accusations that Robinhood was effectively protecting big investors and manipulating the stock market.
Robinhood said that the restrictions were put in place for “risk-management” reasons – and not because it had been told to limit activity by anyone else.
The site reported that more than 100,000 negative reviews had brought the average rating from four stars down to just one.
Hours later, Google intervened to delete roughly 100,000 reviews, according to the review counter, restoring the app’s high rating.
image copyrightGoogle Play
Google rules are designed to prevent so-called “review bombing” – when reviewers co-ordinate to drag down an app’s rating, usually because of some external scandal or political disagreement.
It has not yet responded to requests to comment on its Play Store decision.
‘Unacceptable’
While there had been calls on social media to review Robinhood negatively, many investors feel they have a legitimate grievance.
Some users of the Reddit WallStreetBets community, which is at the centre of the movement, believe they are taking a principled stance against hedge funds short-selling the stocks, hoping the company will fail.
The concern is also reflected by some major US politicians from both parties.
This is unacceptable.
We now need to know more about @RobinhoodApp’s decision to block retail investors from purchasing stock while hedge funds are freely able to trade the stock as they see fit.
As a member of the Financial Services Cmte, I’d support a hearing if necessary. https://t.co/4Qyrolgzyt
Democrat congresswoman Alexandria Ocasio-Cortez has said Congress should investigate Robinhood, calling the app’s decision to block small traders “unacceptable”.
Encrypted service providers are urging lawmakers to back away from a controversial plan that critics say would undercut effective data protection measures.
ProtonMail, Threema, Tresorit and Tutanota — all European companies that offer some form of encrypted services — issued a joint statement this week declaring that a resolution the European Council adopted on Dec. 14 is ill-advised. That measure calls for “security through encryption and security despite encryption,” which technologists have interpreted as a threat to end-to-end encryption. In recent months governments around the world, including the U.S., U.K., Australia, New Zealand, Canada, India and Japan, have been reigniting conversations about law enforcement officials’ interest in bypassing encryption, as they have sporadically done for years.
In a letter that will be sent to council members on Thursday, the authors write that the council’s stated goal of endorsing encryption, and the council’s argument that law enforcement authorities must rely on accessing electronic evidence “despite encryption,” contradict one another. The advancement of legislation that forces technology companies to guarantee police investigators a way to intercept user messages, for instance, repeatedly has been scrutinized by technology leaders who argue there is no way to stop such a tool from being abused.
The resolution “will threaten the basic rights of millions of Europeans and undermine a global shift towards adopting end-to-end encryption,” say the companies, which offer users either encrypted email, file-sharing or messaging.
“[E]ncryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t,” the letter, which was shared with CyberScoop in advance, states. “The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home and might begin a slippery slope towards greater violations of personal privacy.”
GameStop’s stock has continued to make big moves, briefly crossing $450 a share on Thursday, fueled by Reddit users collectively taking on the Wall Street establishment. But individual investors looking to make trades have faced multiple issues on trading sites and apps over recent days, with many experiencing service disruptions, according to Bloomberg. The frenzy over GameStop stock has led to TD Ameritrade restricting certain trades, while Robinhood froze any new purchases of particular stocks (GameStop and AMC, among others). It also led to the Wall Street Bets subreddit temporarily getting locked and a Discord server getting shut down for violating terms of service. Watch this: What does GameStop’s skyrocketing stock have to do with…10:15On Thursday morning, Twitter users began posting screenshots of their Robinhood app that showed a message appended to the stocks of GameStop, AMC, Nokia and Bed, Bath and Beyond: “This stock is not supported on Robinhood.”Editors’ top picksSubscribe to CNET Now for the day’s most interesting reviews, news stories and videos.Yes, I also want to receive the CNET Insider newsletter, keeping me up to date with all things CNET.By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.Robinhood explained the move in a blog post Thursday morning, just before the stock exchanges opened: “In light of recent volatility, we are restricting transactions for certain securities to position closing only, including $AMC, $BB, $BBBY, $EXPR, $GME, $KOSS, $NAKD and $NOK.”The @wsbmod Twitter account (which is tied to the Wall Street Bets subreddit community driving recent trades), responded in a tweet: “Individual investors are being stripped of their ability to trade on [the Robinhood app]. Meanwhile, hedge funds and institutional investors can continue to trade as normal.”
After kicking off a historic rally around GameStop stock that has incited the ire of hedge fund tycoons and the SEC, the r/wallstreetbets channel was banned from Discord on Wednesday over apparent hate speech violations.
While some on Reddit were quick to speculate that the server had been taken down by hackers as part of a covert attempt to disrupt their push to drive the stock’s price higher, a Discord spokesperson told Gizmodo that the channel had been banned “for continuing to allow hateful and discriminatory content after repeated warnings.” On both Discord and Reddit, wallstreetbets users frequently refer to themselves collectively as “retards” and “autists,” and have been known to deploy the kinds of racial slurs and deliberately offensive language that have become commonplace in 4chan-style posting forums.
This is slightly disengenious at the very least. Just saying “shit” somewhere puts you in this category.
Here’s the full statement from Discord:
The server has been on our Trust & Safety team’s radar for some time due to occasional content that violates our Community Guidelines, including hate speech, glorifying violence, and spreading misinformation. Over the past few months, we have issued multiple warnings to the server admin.
Today, we decided to remove the server and its owner from Discord for continuing to allow hateful and discriminatory content after repeated warnings.
To be clear, we did not ban this server due to financial fraud related to GameStop or other stocks. Discord welcomes a broad variety of personal finance discussions, from investment clubs and day traders to college students and professional financial advisors. We are monitoring this situation and in the event there are allegations of illegal activities, we will cooperate with authorities as appropriate.
Moments after confirmation of the Discord ban surfaced online, the official r/wallstreetbets subreddit was set to private by its moderators, but has since been made public again. In a new post, moderators for r/wallstreetbets argued that the staggering growth of the community in just a few days’ time had made moderating it effectively impossible, and blamed Discord and Reddit’s software for any shortcomings in cracking down on offensive language.
A material that can be used in technologies such as solar power has been found to self-heal, a new study shows.The findings—from the University of York—raise the prospect that it may be possible to engineer high-performance self-healing materials which could reduce costs and improve scalability, researchers say.The substance, called antimony selenide (Sb2Se3), is a solar absorber material that can be used for turning light energy into electricity.Professor Keith McKenna from the Department of Physics said: “The process by which this semi-conducting material self-heals is rather like how a salamander is able to re-grow limbs when one is severed. Antimony selenide repairs broken bonds created when it is cleaved by forming new ones.
Mozilla has released Firefox 85 ending support for Adobe Flash Player plugin and has brought in ways to block supercookies to enhance a user’s privacy. Mozilla, in a blog post, noted that supercookies are store user identifiers, and are much more difficult to delete and block. It further noted that the changes it is making through network partitioning in Firefox 85 will “reduce the effectiveness of cache-based supercookies by eliminating a tracker’s ability to use them across websites.”
“Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking,” Mozilla noted.
It explained that the network partitioning works by splitting the Firefox browser cache on a per-website basis, a technical solution that prevents websites from tracking users as they move across the web. Mozilla also noted that by removing support for Flash, there was not much impact on the page load time. The development was first reported by ZDNet.
Do you have an iPhone or iPad? You should update your device right now to iOS 14.4. No, not later today or after lunch or whatever. Update now.Why is it so crucial to update your iOS software as soon as possible? As TechCrunch first reported, Apple is reporting three security vulnerabilities that “may have been actively exploited” by hackers.We don’t have any real details yet, but Apple rarely has to admit such stunning vulnerabilities. The researchers who reported the security flaws have been granted anonymity by Apple.As Apple explains: Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A race condition was addressed with improved locking. CVE-2021-1782: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A logic issue was addressed with improved restrictions. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher
Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system.
Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems. It is designed to give selected, trusted users administrative control when needed.
The bug (CVE-2021-3156) found by Qualys, though, allows any local user to gain root-level access on a vulnerable host in its default configuration. Qualys is disclosing its findings in a coordinated release with operating systems vendors, and has bestowed the errant code with the memorable name of the mythical mischief-maker Baron Samedi.
The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. Qualys developed exploits for several Linux distributions, including Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), and the security biz believes other distributions are vulnerable, too.
Ubuntu and Red Hat have already published patches, and your distro may have as well, so get to it.
In their write-up, Qualys researchers explain, “set_cmnd() is vulnerable to a heap-based buffer overflow, because the out-of-bounds characters that are copied to the ‘user_args’ buffer were not included in its size.”
[…]
The bug was introduced in July 2011 (commit 8255ed69) and has persisted unfixed until now.
Fedora’s maintainer for the open-source Chromium browser package is recommending users consider switching to Firefox following Google’s decision to remove functionality and make it exclusive to its proprietary Chrome browser.The comments refer to a low-key statement Google made just before the release of Chrome 88, saying that during an audit it had “discovered that some third-party Chromium-based browsers were able to integrate Google features, such as Chrome sync and Click to Call, that are only intended for Google’s use… we are limiting access to our private Chrome APIs starting on March 15, 2021.”Tom Callaway (aka “spot”), a former Fedora engineering manager at Red Hat (Fedora is Red Hat’s bleeding-edge Linux distro), who now works for AWS, remarked when describing the Chromium 88 build that: “Google gave the builders of distribution Chromium packages these access rights back in 2013 via API keys, specifically so that we could have open-source builds of Chromium with (near) feature parity to Chrome. And now they’re taking it away.”The reasoning given for this change? Google does not want users to be able to ‘access their personal Chrome Sync data (such as bookmarks)… with a non-Google, Chromium-based browser.’ They’re not closing a security hole, they’re just requiring that everyone use Chrome.”Features in Chromium like data sync depend on Google APIs which are soon to be blockedFeatures in Chromium like data sync depend on Google APIs which are soon to be blockedCallaway predicted that “many (most?) users will be confused/annoyed when API functionality like sync and geolocation stops working for no good reason.” Although API access is not yet blocked, he has disabled it immediately to avoid users experiencing features that suddenly stop working for no apparent reason.He said he is no longer sure of the value of Chromium. “I would say that you might want to reconsider whether you want to use Chromium or not. If you want the full ‘Google’ experience, you can run the proprietary Chrome. If you want to use a FOSS browser that isn’t hobbled, there is a Firefox package in Fedora,” he said.Ahem, just ‘discovered’ this?There is more information about these APIs on the Chromium wiki. Access to the APIs is documented and Google’s claim that it has only just “discovered” this is an oddity. The APIs cover areas including sync, spelling, translation, Google Maps geolocation, Google Cloud Storage, safe browsing, and more.The situation has parallels with Android, where the Android Open Source Project (AOSP) is hard to use as a mobile phone operating system because important functions are reserved for the proprietary Google Play Services. The microG project exists specifically as an attempt to mitigate the absence of these APIs from AOSP.Something similar may now be necessary for Chromium if it is to deliver all the features users have come to expect from a web browser. It is not a problem for companies in a position to provide their own alternative services, such as Microsoft with Chromium-based Edge, but more difficult for Linux distros like Fedora.There are other ways to look at Google’s move, though. “Some people might even consider the removal of this Google-specific functionality an improvement,” commented a Fedora user. Microsoft reportedly removed more than 50 Google-specific services from Chromium as used in Edge, including data sync, safe browsing, maps geolocation, the Google Drive API, and more.Users who choose Chromium over Chrome to avoid Google dependency may not realise the extent of this integration, which is likely now to reduce. The Ungoogled Chromium project not only removes Google APIs but also “blocks internal requests to Google at runtime” as a failsafe measure.
A third class action lawsuit has been filed in Europe against Apple seeking compensation — for what Italy’s Altroconsumo consumer protection agency dubs “planned obsolescence” of a number of iPhone 6 models.The action relates to performance throttling Apple applied several years ago to affected iPhones when the health of the device’s battery had deteriorated — doing so without clearly informing users. It later apologized.The class action suit in Italy is seeking €60 million in compensation — based on at least €60 in average compensation per iPhone owner. Affected devices named in the suit are the iPhone 6, 6s, 6 Plus and 6s Plus, per a press release put out by the umbrella consumer organization Euroconsumers, which counts Altroconsumo as a member.The suit is the third to be filed in the region over the issue — following suits filed in Belgium and Spain last month.A fourth — in Portugal — is slated to be filed shortly.The tech giant settled similar charges in the U.S. last year — where it was accused of intentionally slowing down the performance of older iPhones to encourage customers to buy newer models or fresh batteries — shelling out $500 million, or around $25 per phone, to settle that case (while denying any wrongdoing).“When consumers buy Apple iPhones, they expect sustainable quality products. Unfortunately, that is not what happened with the iPhone 6 series. Not only were consumers defrauded, and did they have to face frustration and financial harm, from an environmental point of view it is also utterly irresponsible,” said Els Bruggeman, Euroconsumers’ head of policy and enforcement, in a statement.
Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground.
The ads consisted of photos of computer screens listing data of one or more Dutch citizens.
The reporter said he tracked down the screengrabs to two IT systems used by the Dutch Municipal Health Service (GGD) — namely CoronIT, which contains details about Dutch citizens who took a COVID-19 test, and HPzone Light, one of the DDG’s contact-tracing systems.
Verlaan said the data had been sold online for months for prices ranging from €30 to €50 per person.
Buyers would receive details such as home addresses, emails, telephone numbers, dates of birth, and a person’s BSN identifier (Dutch social security number).
Two men arrested in Amsterdam within a day
In a press release today, Dutch police said they started an investigation last week when they learned of the ads and arrested two suspects within 24 hours of the complaint.
Both men were arrested in Amsterdam on Friday, and were identified as a 21-year-old man from the city of Heiloo and a 23-year-old man from the city of Alblasserdam. Their homes were also searched, and their computers seized, police said.
According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases.
It also turns out that the GGD was warned repeatedly of their poor security measures over the years and nothing was done about it. Andre Rouwvoet, the boss of the GGD was also warned and says it’s one of those things that couldn’t be helped. This is simply not true. The most obvious questions are:
Why wasn’t the data deleted after no longer being relevant (it’s kept for traceability of other people exposed and so loses relevance after 10 – 14 days)
Why could helpdesk people access all of this huge database?
Why wasn’t there a system op alarms in place to shout out when people were bulk exporting data?
Can a pair of unique spectacles banish nearsightedness without surgical intervention? Japan’s Kubota Pharmaceutical Holdings says its wearable device can do just that, and it plans to start releasing the product in Asia, where many people grapple with myopia.
The device, which the company calls Kubota Glasses or smart glasses, is still being tested. It projects an image from the lens of the unit onto the wearer’s retina to correct the refractive error that causes nearsightedness. Wearing the device 60 to 90 minutes a day corrects myopia according to the Japanese company.
Kubota Pharmaceutical has not disclosed additional details on how the device works. Through further clinical trials, it is trying to determine how long the effect lasts after the user wears the device, and how many days in total the user must wear the device to achieve a permanent correction for nearsightedness.
[…]
Kubota began clinical trials on the device last July after confirming the therapeutic effect of the mechanism using a desktop system. It is also developing a contact lens-type myopia correction device.
Kubota, which made its debut on the Tokyo Stock Exchange’s Mothers market for startups in December 2016, develops drugs and devices for the treatment of vision problems.
The phone numbers (and corresponding site IDs) of some 500 million Facebook users now appear to be for sale on a dark web cybercrime forum.
The criminal or group of criminals responsible have constructed a Telegram bot to act as a search function for the data. Potential buyers can now use the bot to sift through the data to find phone numbers that correspond to user IDs—or vice versa—with the full information being unlocked after paying for query “credits.” Those credits start at $20 for a single search and get cheaper if bought in bulk.
The activity was discovered by Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock, who posted about the scheme on his Twitter account, and reported by Joseph Cox, at Motherboard.
An insecure Facebook server containing account information on millions of users appears to be the source of the data for sale here—though that vulnerability was discovered by researchers in 2019 and Facebook has since fixed it. Gal has claimed that the vulnerability was exploited to create “a database containing the information 533m users across all countries.” (For reasons unknown, the bot itself only claims to sell information for users in 19 countries.)
It was inevitable, really. In the early days of the internet, Tucows was known as a reliable place to find and download new software. Today, however, most people are happy to use a modern App Store — Microsoft and Apple both run their own — or navigate to developer websites directly. And if you’re looking for inspiration, there’s always Product Hunt. Tucows has decided, therefore, to finally shut down Tucows Downloads. “Tucows Downloads is old,” Elliot Noss, CEO of Tucows said. “Old sites are a maintenance challenge and therefore a risk.“
It’s a decision that the team has been mulling for some time. “We talked about shutting the site down before,” Noss explained. But the site’s history, combined with a sense of sentimentality, gave them pause. In 2016, the company decided to treat Tucows Downloads as a public service, rather than a legacy moneymaker. It stripped the site of ads, admitting that the site had become “less relevant when looking at the balance sheet” anyway. Now, though, the company is ready to move on. It has enough work as a domain registrar, domain name seller and the company behind Ting, an internet service provider in the US.
You probably don’t need someone to tell you that magnets and life-saving medical devices don’t mix, but Apple wants to make that patently clear. MacRumors has learned that Apple recently updated a support document to warn against keeping the iPhone 12 and MagSafe accessories too close to pacemakers, defibrillators and other implants that might respond to magnets and radios. You should keep them at least six inches away in regular use, or at least a foot away if the iPhone is wirelessly charging.
The company maintained that the extra number of magnets shouldn’t increase the risks compare to past iPhone models. Still, the notice comes days after doctors reported that the new phones could interfere with implants. In a test, they found that an iPhone 12 kicked a defibrillator implant into a suspended state when it got near.
There are many times where someone shares data as an image, whether intentionally due to software constraints (ie Twitter) or as a result of not understanding the implications (image inside a PDF or in a Word Doc). xkcd.com jokingly refers to this as .norm or as the Normal File Format. While it’s far from ideal or a real file format, it’s all too common to see data as images in the “wild”. I’ll be using some examples from Twitter images and extracting the raw data from these. There are multiple levels of difficulty, namely that screenshots on Twitter are not uniform, often of relatively low quality (ie DPI), and contain additional “decoration” like colors or grid-lines. We’ll do our best to make it work!
This application provides display and control of Android devices connected on USB (or over TCP/IP). It does not require any root access. It works on GNU/Linux, Windows and macOS.
A London ad agency that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by a ransomware gang, The Register can reveal.
The7stars, based in London’s West End, filed [PDF] revenues of £379.36m up from £326m, gross billing of £426m and net profit of £2.1m for the year ended 31 March 2020.
In the same accounts filed with UK register Companies House, it boasted of its position as the “largest independently owned media agency in the UK by a significant factor”, making it a juicy target for the Clop ransomware extortionists.
The attack appears to have happened after 15 December, when The7stars’ annual return was prepared for filing with Companies House. While the document talks in length about its healthy financial performance, it mentions nothing about cyber risks or attacks.
Screenshots published on the Clop gang’s Tor website show scans of passports, invoices, what appears to be a photo from a staff party and, ironically, a “data protection agreement.”
Publication of stolen files on a ransomware crew’s website is typically an indicator that a ransom demand has been rebuffed, though more aggressive tactics seen in the last year include pre-emptive leaking of stolen data as an apparent incentive for marks to pay up quickly.
The agency’s client list includes Led Zeppelin’s former label Atlantic Records, Japanese motorbike maker Suzuki, and British train operating companies including Great Western Railway, among others. It is very unlikely that those companies will have been directly affected, though it appears Clop wants to give the impression that it has stolen commercially sensitive documents relating to The7stars’ clients.
Struggling retailer GameStop’s stock curiously hit an all time high today. But it’s not because Sony, Microsoft, and Nintendo suddenly decided to stop selling their games digitally. And it’s not because a new set of Funko Pops has taken the internet’s imagination by storm.
No, the stock price jumped to an all-time high because some institutional investors bet on the company to fail, and a bunch of amateurs on social media decided to call their bluff and try getting rich in the process.
GameStop has struggled to reinvent itself as video games have increasingly gone digital. Now, established investors and Reddit day-traders are going to war over its future, and making the company’s stock price do ridiculous things in the process.
At the beginning of the year, GameStop’s stock was trading at just under $20 a share. In the weeks since, it’s more than tripled in value reaching just over $73 at its highest point today. “GameStop is up 174% in January to date, with its average daily rolling 10-day volatility peaking at the highest level in the nearly two decades the stock has been trading,” Bloomberg reported.
[…]
As Ars Technicareported earlier this week, some investors spent last fall shorting GameStop’s stock, effectively speculating that it was overvalued and would implode, possibly making them a bunch of money in the process.
[…]
Meanwhile, people hanging out on subreddits like Wallstreetbets (self-described as “Like 4chan found a Bloomberg Terminal”) and the finance influencer realm of TikTok (nicknamed FinTok) started putting their money behind GameStop’s longevity.
[…]
“[E]ssentially, people on WallStreetBets, along with several YouTube and TikTok investors guessed as long as a year ago that if they bought shares of GameStop at a low price, the short sellers would eventually be forced to cover their short en masse, which would drive the price up,” wrote Vice in another great explainer published this week.
Shorting seemed like a sensible bet considering months of bad news and poor financial reports coming out of GameStop. But then, as Vice pointed out, Reddit finance personalities began musing about how they thought GameStop was actually a great investment opportunity. The logic was based on how many other investors were already short selling it. Just today, CNBC reported that GameStop is “the single most shorted name in the U.S. stock market.”
If someone shorts a stock, i.e. sells it and gives the original owner an IOU, and then that original owner needs the stock back, they need to “cover” the short by buying additional stock. This helps pump up the price of the stock even further, making it more valuable and potentially creating a feedback loop where it just goes up and up and up as everyone scrambles to buy back from the same limited pool of shares.
One of the GameStop short sellers is Andrew Left, called “Wall Street’s Bounty Hunter” by The New York Times because of his reputation for shorting companies he considers weak and following up by publishing research about why the company is going to fail, or, in some cases, alleging outright fraud. Yesterday, Left put out a six and a half minute video on YouTube making his case for why GameStop is doomed. WallStreetBets in turn organized what finance pundit Jim Cramer called “an ambush,” pumping up up GameStop’s stock in a coordinated campaign to “squeeze” Left, forcing him to buy tons of stock of his own to “cover” his position and in turn making their shares worth even more. Jim Cramer is an absolute goon, but if anything fits the bill of “Mad Money” it’s this.
[…]
As with everything on the internet, what may have started as some people trying to (and succeeding at) making a bunch of quick cash has become much more, including a sort of crusade against Left as well as an unlikely source of GameStop fandom.
Earlier this month, GameStop announced Ryan Cohen would be taking a seat on its board. Cohen is formerly the CEO of the pet food website Chewy.com, but he’s already become a golden boy meme in the world of GameStop stocks. Search his name on Twitter and you’ll find people tweeting things like “Papa Cohen will take us all to mars suit up homies it will be a bumpy ride to the [rocket emoji] so u don’t fall off.”
Millions of users of the dating site MeetMindful got some unpleasant news on Sunday. ZDNet reported that the hacker group ShinyHunters, the same group who leaked millions of user records for the company that listed the “Camp Auschwitz” shirts, has dumped what appears to be data from the dating site’s user database. The leak purportedly contains the sensitive information of more than 2.28 million of the site’s registered users.
[…]
According to ZDNet, the 1.2 gigabyte file was shared as a free download “on a publicly accessible hacking forum known for its trade in hacked databases.” It included troves of sensitive and identifiable user information, including real names, email addresses, city, state, and ZIP code details, birth dates, IP addresses, Facebook user IDs, and Facebook authentication tokens, among others. Messages, however, were not exposed.
[…]
According to its Crunchbase profile, MeetMindful is a dating site platform for “people who are into health, well-being, and mindfulness.” It was founded in 2013, is based in Denver, Colorado, and is still active.
Here’s where it starts to get a little strange, though. The site’s listedsocialmedia channels have been inactive for months, which is interesting considering that major dating apps have been growing during the pandemic. I mean, don’t they want to encourage their users to date (safely)? From the outside, the service seems like dead zone. Who knows though, it could be all the rage inside the site itself.
The uncrewed combat aircraft will be designed to fly at high-speed alongside fighter jets, armed with missiles, surveillance and electronic warfare technology to provide a battle-winning advantage over hostile forces. Known as a ‘loyal wingman’, these aircraft will be the UK’s first uncrewed platforms able to target and shoot down enemy aircraft and survive against surface to air missiles.
In a boost for Northern Ireland’s defence industry, Spirit AeroSystems, Belfast, have been selected to lead Team MOSQUITO in the next phase of the Project. Utilising ground-breaking engineering techniques, the team will further develop the RAF’s Lightweight Affordable Novel Combat Aircraft (LANCA) concept, with a full-scale vehicle flight-test programme expected by the end of 2023.
[…]
This game changing research and development project will ensure the final aircraft design will be capable of being easily and affordably updated with the latest technology so we remain one step ahead of our adversaries. The aircraft’s flexibility will provide the optimum protection, survivability and information as it flies alongside Typhoon, F-35 Lightning, and later, Tempest as part of our future combat air system.
[…]
ANCA originated in 2015 in Dstl to understand innovative Combat Air technologies and concepts that offer radical reductions in cost and development time and is a RAF Rapid Capabilities Office led project under the Future Combat Air System Technology Initiative (FCAS TI). The UK MOD’s Defence Science and Technology Laboratory (Dstl) provides the project management and is the MOD’s technical authority for LANCA and Project Mosquito on behalf of the RCO.
The JSOF research labs are reporting 7 vulnerabilities found in dnsmasq, an open-source DNS forwarding software in common use. Dnsmasq is very popular, and we have identified approximately 40 vendors whom we believe use dnsmasq in their products, as well as major Linux distributions.
The DNS protocol has a history of vulnerabilities dating back to the famous 2008 Kaminsky attack. Nevertheless, a large part of the Internet still relies on DNS as a source of integrity, in the same way it has for over a decade, and is therefore exposed to attacks that can endanger the integrity of parts of the web.
DNSpooq
The Dnspooq vulnerabilities include DNS cache poisoning vulnerabilities as well as a potential Remote code execution and others. The list of devices using dnsmasq is long and varied. According to our internet-based research, prominent users of dnsmasq seem to include Cisco routers, Android phones, Aruba devices, Technicolor, and Red-Hat, as well as Siemens, Ubiquiti networks, Comcast, and others listed below. Depending on how they use dnsmasq, devices may be more or less affected, or not affected at all.
[…]
The DNSpooq vulnerability set divides into 2 types of vulnerabilities:
DNS cache poisoning attacks, similar to the Kaminsky attack, but different in some aspects.
Buffer overflow vulnerabilities that could lead to remote code execution.
[…]
The DNSpooq cache poisoning vulnerabilities are labeled: CVE-2020-25686, CVE-2020-25684, CVE-2020-25685
[…]
These [buffer overflow] vulnerabilities are labeled: CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681
