Many smart home device makers rely on subscriptions to keep a steady stream of money coming in, but Wink is learning how that strategy can easily go wrong. The company has announced plans to move to a $5 per month subscription on May 13th (yes, just one week from now), and it’s mandatory. Decline to sign up and you’ll lose access to devices in the app as well as all automations. “Long term costs and recent economic events” (read: COVID-19) prompted the move, according to Wink, and the company didn’t want to sell user data to offset the costs of running services for free.
If you think that both the short notice and the threat of a hard cutoff will anger customers… well, you’re correct. Reddit users and others are incensed. They’re being asked to pay $5 per month to keep using the devices they already have in their homes, and one week gives them very little time to either weigh the merits of a subscription or find alternatives. “Pay the ransom or they kill our smart homes,” one user said.
We’ve asked Wink for comment. However it responds, the decision highlights the risks of basing your smart home system around free services without some kind of core offline functionality. While that kind of system can be very alluring so long as it lasts, you’re also trusting that the company can keep those free services running indefinitely. If it can’t, your connected household might be rendered useless with little warning.
This new work represents a seamless, globally consistent, 1:5,000,000-scale geologic map derived from the six digitally renovated geologic maps (see Source Online Linkage below). The goal of this project was to create a digital resource for science research and analysis, future geologic mapping efforts, be it local-, regional-, or global-scale products, and as a resource for the educators and the public interested in lunar geology. Here we present the completed mapping project as unit contacts, geologic unit polygons, linear features, and unit and feature nomenclature annotation. The product overlies shaded-relief products derived from SELENE Kaguya terrain camera stereo (equatorial, ~60 m/pix) and LOLA altimetry (north and south polar, 100 m/pix). These data are not included with this download due to size considerations, but a readme in the “Lunar_Raster” folder provides the download links. This download page includes a PDF of the geologic map (right-side) with a brief Description of Map Units and Explanation of Map Symbols, as well as a JPG of the map for quick access viewing. This release is subject to update based on community feedback and peer-review.
Version 2 updates: Two errors were addressed in this update: (1) Large area polygons were offset from their contacts, likely due to user error. Polygons were rebuilt to fix the issue and post processing (dissolving, reattributing, etc.) to rectify the aesthetic of the map. (2) Contacts were not visible but should have been due to incorrect labeling as DND (do not draw). Those that needed to be drawn have been reattributed as “certain” those that are not drawn are labeled as “internal”. Additionally, in version 1 of this data, crater polygons with similar attributes had been dissolved and lumped into contiguous units. This has been changed so that all craters are now discrete units. This adds ~1000 units to the GeoUnits featureclass. There contacts are now visible and labeled as “certain”.
References:
Fortezzo, C.M., Spudis, P. D. and Harrel, S. L. (2020). Release of the Digital Unified Global Geologic Map of the Moon At 1:5,000,000- Scale. Paper presented at the 51st Lunar and Planetary Science Conference, Lunar and Planetary Institute, Houston, TX. https://www.hou.usra.edu/meetings/lpsc2020/pdf/2760.pdf
Corey M. Fortezzo (USGS), Paul D. Spudis (LPI), Shannon L. Harrel (SD Mines)
Originator
USGS Astrogeology Science Center
Group
PGM, MRCTR
Added to Astropedia
19 December 2019
Modified
24 April 2020
General
Purpose
The chief purpose of the 5M scale map is to summarize the current state of lunar geologic knowledge. Like terrestrial synoptic maps it provides a stratigraphic framework to be used for developing new theory and for determining the regional significance of surface exploration results. In addition to serving as a framework for interpreting surface exploration results, the effort to classify units into type and age by photogeology narrows the range of possible origins for many features.
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know:
Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total, the first 30 of which look like this:
The global unique identifier beginning with “db8151dd” features heavily on these first lines hence the name I’ve given the breach. I’ve had to give it this name because frankly, I’ve absolutely no idea where it came from, nor does anyone else I’ve worked on with this.
It’s mostly scrapable data from public sources, albeit with some key differences. Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn’t a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I’ve interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn’t someone I’d expect to see a strong association with and I couldn’t see any other similar folks. But it’s the next class of data in there which makes this particularly interesting and I’m just going to quote a few snippets here:
Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007.
Met at the 6th National Pro Bono Conference in Ottawa in September 2016
Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration.
It feels like a CRM. These are records of engagement the likes you’d capture in order to later call back to who had been met where and what they’d done. It wasn’t just simple day to day business interaction stuff either, there was also this:
But then there’s also a bunch of legal summaries, for example “CASE CLOSING SUMMARY ON USA V. [redacted]” and “10/3/11 detention hrg in court 20 min plus travel split with [redacted]”— Troy Hunt (@troyhunt) February 23, 2020
But nowhere – absolutely nowhere – was there any indication of where the data had originated from. The closest I could get to that at all was the occurrence of the following comments which appeared over and over again:
This contact information was synchronized from Exchange. If you want to change the contact information, please open OWA and make your changes there.
Exported from Microsoft Outlook (Do not delete)
Contact Created By Evercontact
Evercontact did actually reach out and we discussed the breach privately but it got us no closer to a source. I communicated with multiple infosec journalists (one of whose own personal data was also in the breach) and still, we got no closer. Over the last 3 months I kept coming back to this incident time and time again, looking at the data with fresh eyes and each time, coming up empty. And just before you ask, no, cloud providers won’t disclose which customer owns an asset but they will reach out to those with unsecured assets.
Today is the end of the road for this breach investigation and I’ve just loaded all 22,802,117 email addresses into Have I Been Pwned. Why load it at all? Because every single time I ask about whether I should add data from an unattributable source, the answer is an overwhelming “yes”:
If I have a MASSIVE spam list full of personal data being sold to spammers, should I load it into @haveibeenpwned?— Troy Hunt (@troyhunt) November 15, 2016
So, mark me down for another data breach of my own personal info. There’s nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge. And, perhaps most alarmingly, this is far from the last time I’ll be writing a blog post like this.
Edit 1: No, I don’t load complete and individual records into HIBP, only email addresses. As such, only the presence of an address is searchable, the data associated with the address is not stored nor retrievable.
Edit 2: No, I can’t manually trawl through 100M+ records and extract yours out.
A California state panel on Friday rejected a request from Elon Musk’s SpaceX for $655,500 in state job and training funds, citing the chief executive’s recent threats to move Tesla, the electric carmaker that he also runs, out of the state.
The snub comes as Musk has sparred with officials in Alameda County over his plans to resume production at the Tesla plant there, which was stopped because of the coronavirus.
Five members of California’s Employment Training Panel voted to reject the proposal and two voted for it, with one member absent, after discussing Musk’s tweets on Tesla’s reopening and media reports of layoffs at SpaceX’s Hawthorne, California headquarters in recent years.
“In my opinion, given the recent threats of the CEO to leave the state of California, and everything else we’ve discussed today, this proposal does not rise to the level for me to feel secure in supporting it,” said Gretchen Newsom, a panel member and the political director of an IBEW electrical workers union local.
“SpaceX is a different company, but they have the same CEO,” said Newsom, who is not related to California Governor Gavin Newsom.
Though a small amount of money, the funding was opposed by organized labor groups. Tesla and SpaceX are both nonunion shops.
A computer programmer applying for unemployment on Arkansas’s Pandemic Unemployment Assistance program discovered a vulnerability in the system that exposed the Social Security numbers, bank account and routing numbers and other sensitive information of some 30,000 applicants. Anyone with basic computer knowledge could have accessed personal information for malicious purposes.
Alarmed, the computer programmer called the Arkansas Division of Workforce Services Friday morning and was told by an operator that there was no one available who could talk to him. He then tried someone at the Arkansas State Police Criminal Investigation Division, who told the programmer he would find the person he needed to talk with to fix the situation. The programmer later called the Arkansas Times for advice on whom to call. The Times alerted the Division of Workforce Services to the issue at 4:30 p.m. Soon after a message appeared on the website that said, “The site is currently under maintenance.”
[…]
In exploring the website, the computer programmer determined that by simply removing part of the site’s URL, he could access the administrative portal of the site, where he had the option of editing the personal information of applicants, including bank account numbers. From the admin portal, he viewed the page’s source code and saw that the site was using an API (application programming interface) to connect with a database. That API was also left unencrypted, and he could access all of the applicants’ raw data, included Social Security numbers and banking information.
In about two minutes, the computer programmer described the vulnerability to another programmer the Arkansas Times engaged, who then used the information to easily enter the system. To access the sensitive information, the second programmer only needed to create an account, not actually apply for assistance.
Another person who applied for Pandemic Unemployment Assistance told the Times on Friday that when he applied for assistance, submitted his documentation and reached a “review” page, he saw the documentation for another applicant. He said it took three days for the state to remove the other applicant’s information. Then he said documentation for yet another applicant appeared. “It took two days and repeated phone calls to get the second name off,” he said. “Then the next day was when they erased it all and told us we had to reapply.”
Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions.
Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.
The first report of an attack came to light on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported “security exploitation on the ARCHER login nodes,” shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.
The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Württemberg, Germany, also announced on Monday that five of its high-performance computing clusters had to be shut down due to similar “security incidents.” This included:
The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart
The bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
The bwForCluster JUSTUS chemistry and quantum science supercomputer at the Ulm University
The bwForCluster BinAC bioinformatics supercomputer at the Tübingen University
Reports continued on Wednesday when security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result.
More incidents surfaced the next day, on Thursday. The first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.
New incidents also came to light today, on Saturday. German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.
None of the organizations above published any details about the intrusions. However, earlier today, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents.
The malware samples were reviewed earlier today by Cado Security, a US-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials.
The credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland.
Chris Doman, Co-Founder of Cado Security, told ZDNet today that while there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same threat actor.
According to Doman’s analysis, once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.
For those of us of a certain age, MTV defined culture. It was where we learned about not just music, but wider pop culture. Of course, MTV lost its cultural place atop the mountaintop with the rise of the internet, but that doesn’t mean that it wasn’t a key source of culture in the 1980s. Historically, the way that society preserves and remembers culture is to share it and spread it around. This is actually how culture is created. Yet copyright is the opposite of that. Copyright is about locking up content and denying the ability to create shared culture around it. And the best evidence of this is the fact that someone (it is not entirely clear who…) with the power to do so, demanded that the Internet Archive take down a bunch of old MTV videos that were uploaded.
So, The Internet Archive had someone upload a few hundred hours of MTV recordings. VJs, Commercials, and of course Music Videos, from the 1980s. Today, it was asked to be taken down by someone who could ask for that and it’s down. pic.twitter.com/tZ7Ka2sGMy
From a purely legal standpoint, it seems quite likely that whoever issued the takedown did have a legal leg to stand on. The real question, however, should be whether or not they have a moral or cultural leg to stand on. After all, if the entire point of copyright — as per the Constitution — is to encourage “the progress” then how does taking these old clips down do anything to support that goal?
There are a number of other points worth mentioning to demonstrate how crazy this whole thing is, starting with the fact that MTV itself knew how important it was to build on cultural touchstones in that its whole logo/image was built off a public domain image from just a few years earlier. The moon landing was in 1969, and MTV launched in 1981. Imagine if this image had been locked up under copyright?
MTV knows that creativity comes from building on the past; it created its most iconic moon landing imagery on top of public domain government videos and photographs. Another big company pulling up the ladder behind it https://t.co/9pamGhNAbb
This also demonstrates a separate point we’ve been making for years, which is that the actual commercial value of a piece of work locked up behind copyright, tends not to be that long, and yet we locked it up for basically a century for no good reason at all. In the earliest copyright times in the US, copyright initially was for 14 years, which could be renewed for another 14 if the copyright holder felt it was worth it. A maximum of 28 years would mean that most of the uploaded clips would now be in the public domain if we had kept those terms. And, as we’ve pointed out repeatedly, back when copyright was 28 years, renewable for another 28 years, very few works were renewed, suggesting that the vast majority of copyright holders did not see any reason to retain their copyright beyond 28 years (indeed, the numbers suggest many would have been fine with significantly shorter copyright terms):
Yet, today copyright automatically lasts beyond most of our lifetimes. And, for what purpose? Right now, MTV is not particularly culturally relevant. You’d think that someone might jump at the chance to get renewed interest in MTV’s past cultural relevance, but the belief that copyright means we must lock up culture seems to prevail over common sense.
Taking down these cultural touchstones may have been perfectly legal, but all it’s really done is help demonstrate the many, many problems of today’s copyright law and how it destroys, rather than enhances, culture.
After it launched on Tuesday and nailed a series of maneuvers, China’s future crewed spacecraft has made a successful desert touchdown. Built by China’s main space contractor, the China Aerospace Science and Technology Corp. (CASC), the uncrewed prototype will ferry astronauts to China’s future space station and, eventually, the moon.
The crewed capsule (which doesn’t have a name yet), was lofted into an 5,000-mile-high orbit by China’s Long March 5B carrier rocket. During the mission, it underwent deep space trials similar to Orion’s 2014 mission, completing seven orbital adjustment maneuvers. Early this morning, the craft completed a deorbit burn, followed by separation of the crew and service modules. The three chutes deployed shortly after re-entry and it touched down in the Dongfeng desert area at 1:49 AM ET.
Designed to carry crews of up to six astronauts, the craft tested weighed 14 tons and is designed to be the primary transport to China’s future space station. CASC and the CNSA, China’s space agency, are also working on a 21.6-ton variant for deep space, designed to be used in future manned lunar missions. However, the CNSA has yet to nail down details for the larger craft and its moon missions are at least a decade away.
On top of doing orbital maneuvers, the prototype craft (with no life-support systems) conducted experiments on 3D printing of composite materials, high-definition image transmission and more. The mission was largely a success, apart from the malfunction of a cargo return capsule equipped with an inflatable heat shield.
In designing electronic devices, scientists look for ways to manipulate and control three basic properties of electrons: their charge; their spin states, which give rise to magnetism; and the shapes of the fuzzy clouds they form around the nuclei of atoms, which are known as orbitals.
Until now, electron spins and orbitals were thought to go hand in hand in a class of materials that’s the cornerstone of modern information technology; you couldn’t quickly change one without changing the other. But a study at the Department of Energy’s SLAC National Accelerator Laboratory shows that a pulse of laser light can dramatically change the spin state of one important class of materials while leaving its orbital state intact.
The results suggest a new path for making a future generation of logic and memory devices based on “orbitronics,” said Lingjia Shen, a SLAC research associate and one of the lead researchers for the study.
“What we’re seeing in this system is the complete opposite of what people have seen in the past,” Shen said. “It raises the possibility that we could control a material’s spin and orbital states separately, and use variations in the shapes of orbitals as the 0s and 1s needed to make computations and store information in computer memories.”
The international research team, led by Joshua Turner, a SLAC staff scientist and investigator with the Stanford Institute for Materials and Energy Science (SIMES), reported their results this week in Physical Review B Rapid Communications.
[…]
Much as electron spin states are switched in spintronics, electron orbital states could be switched to provide a similar function. These orbitronic devices could, in theory, operate 10,000 faster than spintronic devices, Shen said.
Switching between two orbital states could be made possible by using short bursts of terahertz radiation, rather than the magnetic fields used today, he said: “Combining the two could achieve much better device performance for future applications.” The team is working on ways to do that.
More information: L. Shen et al, Decoupling spin-orbital correlations in a layered manganite amidst ultrafast hybridized charge-transfer band excitation, Physical Review B (2020). DOI: 10.1103/PhysRevB.101.201103
Much of the fun of internet drama comes from its frivolousness, but sometimes an online shitfest points to something bigger. Last week, the AI-powered furry art site thisfursonadoesnotexist did just that, igniting a fandom firestorm while also highlighting an important debate about digital art. Trained on more than 55,000 images pulled (without permission) from a furry art forum, the algorithm was a simple case of art theft to some. For others, it was a chance to break out the popcorn. But legal scholars who spoke with Gizmodo said the conflict raises thorny questions about ownership in the age of AI—questions that may ultimately have to be answered in court.
Arfa, the programmer behind thisfursonadoesnotexist, says he used the same GAN (generative adversarial network) architecture behind the site thispersondoesnotexist to generate around 186,000 furry portraits. When he posted the project on Twitter last Wednesday, dozens of commenters rushed to weigh in. While many were fascinated by the project, some in the furry community objected to Arfa’s unauthorized use of art from the furry forum e621.net as training data. At least one person tried (and failed) to find proof that the algorithm was copying images from e621.net outright. And within days, the entire site was slapped with a DMCA copyright infringement complaint. (The company whose name the DMCA was issued in, according to Arfa, denied filing the notice and requested it be withdrawn.)
[…]
The creator of thisfursonadoesnotexist thinks it would’ve been impossible to contact all the artists involved. Arfa told Gizmodo that he scraped 200,000 images that were then narrowed down to a 55,000-image training set representing approximately 10,000 different artists—creators who may go by different names now or have left the fandom entirely. According to Arfa, he’s more than willing to take an image down from thisfursonadoesnotexist if it clearly copies an original character, but he says he has yet to see credible evidence of that.
In defense of the AI’s originality, the site has produced a collection of mushier fursonas whose delirious weirdness inspired a flurry of memes. “Some of these have designs that are so… specific? Holistic?” a commenter on Hacker News wrote, linking to a fursona with a tail sticking out of her head and an adorably half-formed feline mouse. Do these Cronenberg-esque misfit furries, with their wild-eyed gazes, scream “LOVE ME”or “SAVE ME”? The art world adores liminality—that’s value added right there.
Image: Thisfursonadoesnotexist
Furry artists aren’t alone in facing the dilemma of digital manipulation. Just last month, Jay Z filed DMCA takedown notices against a YouTuber who used speech synthesis software to make his voice read the Book of Genesis and cover Billy Joel’s “We Didn’t Start the Fire.” While experts explained to Gizmodo that Jay Z’s issue isn’t copyright, since copyright doesn’t cover speech patterns, both incidents suggest a future where machine learning art is widespread, even commonplace. In such a future, can an artist’s original work be used as training material? If so, to what end? (In Jay Z’s case, YouTube ultimately allowed the videos to stand.)
an announcement from Samsung and Korean provider SK Telecom that the world’s first 5G smartphone complete with a quantum random number generator (QRNG) is due to launch next week.
The Galaxy A Quantum, however, turns the security dial up to 11.
Although it’s a Galaxy A71 5G at heart, the rebranded and updated smartphone comes complete with one important security extra: a QRNG chip developed by ID Quantique.
When random just is not random enough
Random number generators are a vital part of many security solutions, but they often aren’t as random as you might expect. Indeed, “pseudo-random” number generators are not uncommon, but these are a weak spot cryptographically and, as such, are something of a honeypot for hackers. What the ID Quantique QRNG brings to the security party is not only a genuinely random number generator but one able to generate perfectly unpredictable randomness.
The QRNG chip found in the Samsung Galaxy A Quantum is provably random, has full entropy from the first bit, and has been both designed and manufactured specifically for mobile handsets.
The quantum randomness is achieved by way of “shot noise” from a light source captured by a CMOS image sensor. A light-emitting diode (LED) and an image sensor are contained within the chip, and that LED emits a random number of photons thanks to something called quantum noise, ID Quantique explains. Those photons are then captured and counted by the image sensor pixels and provide a series of random numbers fed into a random bit generator algorithm.
The algorithm further distills the “entropy of quantum origin” to create the perfectly unpredictable random bits. If any failure is detected during the physical process, the stream is disabled and an automatic recovery procedure starts another.
With uses such as two-factor authentication, biometric authentication for mobile payments, and blockchain-based document storage wallets, the QRNG will be put to good use.
A new chapter in quantum security history
Grégoire Ribordy, co-founder and CEO of ID Quantique, said, “With its compact size and low power consumption, our latest Quantis QRNG chip can be embedded in any smartphone, to ensure trusted authentication and encryption of sensitive information. It will bring a new level of security to the mobile phone industry. This is truly the first mass-market application of quantum technologies.” Ryu Young-sang, vice-president at SK Telecom, said the Galaxy A Quantum is a “new chapter in the history of the quantum security industry.”
Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm.
The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact details, and other information belonging to superstars, including Madonna, Christina Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Barbra Streisand, and Lady Gaga, and their representatives.
The data was swiped by the REvil, aka Sodinokibi, malware-slinging gang best known for taking down Travelex, infosec biz Emsisoft’s Brett Callow told The Register.
A Tor-hidden website belonging to REvil, which lists dozens of organizations compromised by the crew, includes screenshots of folders, a non-disclosure agreement, Madonna’s 2019-2020 tour arrangements, and Aguilera’s music rights as proof of its cyber-heist.
The gang claims to have hacked entertainment law firm Grubman Shire Meiselas & Sacks, based in the Big Apple, and siphoned its documents.
The law firm could not be reached for comment. We assume they were otherwise occupied. Their website right now just shows its logo whereas as recently as May 8, it listed its clients and staff.
“The documents purportedly include information about multiple music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s ‘Last Week Tonight With John Oliver,’ and Run DMC. Facebook also is on the hackers’ hit list,” reported showbiz industry mag Variety, which was also tipped off by Emsisoft.
The law firm also represents big name personalities in TV, film, and sport, and media and online giants, from Kate Upton and Robert De Niro to Sony, Spotify, Vice, and EMI. It is assumed the swiped data was partially leaked to encourage the lawyers to cough up a ransom demand – or the rest of the information would spill onto the dark web. ®
Updated to add
Grubman Shire Meiselas & Sacks have said they were hacked, and in a statement said: “We can confirm that we’ve been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
Russian rocket tanks used to launch a radio telescope have broken up into 65 chunks, littering Earth’s orbit with debris.
The tanks, dumped from the Fregat-SB upper stage of the Zenit-3SLBF rocket that took the Spektr-R radio telescope into orbit in 2011, disintegrated on Friday, Roscosmos said on Sunday. “According to reports, the destruction occurred on May 8, 2020 in the time interval 08:00 – 09:00 Moscow time over the Indian Ocean,” a statement reads.
It’s not clear what caused the break-up. The 18th Space Control Squadron (18 SPCS) of the US Air Force went public with details of the disintegration on Saturday, and noted there was no evidence it was caused by a collision
[…]
Roscosmos said it is counting up the exact number of fragments from the, well, rapid self-disassembly of the tank block. There are said to be at least 65 pieces whizzing round at thousands of miles per hour in an orbit with an apogee height of 3,606 kilometres, perigee height of 422 kilometres, and orbital inclination of 51.45 degrees.
As for the Spektr-R: it was declared defunct in early 2019 after going silent. At the time, it was Russia’s only space telescope publicly known to be operational.
Amazon built robot that is designed to kill the novel coronavirus with ultraviolet light.
The robot looks a little like a hotel luggage cart, with a tall metal frame attached to a rectangular wheeled bottom. One side of the frame is outfitted with at least 10 ultraviolet tube lights.
In a video shared with CBS News’ “60 Minutes,” the robot rolls down the freezer aisle of a Whole Foods store, aiming UV light at the freezer doors.
The robot could be used in warehouses and at Whole Foods stores to kill the virus on surfaces such as food, packaging, and door handles.
Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin.
The Daily Telegraphreports that up to 100,000 employee details were stolen, dating back across a number of years. Interserve currently employs around 53,000 people.
A source told the paper that names, addresses, bank details, payroll information, next of kin details, personnel and disciplinary records had been swiped.
The intrusion took place “earlier this month,” the tight-lipped firm said in a statement.
[…]
Interserve holds a number of public sector contracts comprising, among others, some of the Ministry of Defence’s more important bases. The company website says it has a presence on 35 MoD sites, including: the Falkland Islands; the vital mid-Atlantic RAF staging post on Ascension Island; Gibraltar; and Cyprus. The contract for the overseas bases is reportedly worth around £500m.
Closer to home, Interserve also maintains the vital and secretive MoD bunkers at Corsham, coyly referred to as “the cutting edge global communications hub for the Ministry of Defence”. Corsham is in fact the home of the MoD’s Global Operations Security Control Centre, as well as the Joint Security Co-ordination Centre, plus a Cyber Security Operations Centre.
Informed sources whispered to El Reg that quite a few people at Corsham would be unhappy with news that a contractor with full access to the sensitive site has been hacked.
Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases.
Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for games). Features include two NoSQL database managers, Cloud Firestore and the older Realtime Database. Data is secured using rules which “work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths”, according to the docs. This is combined with authentication to lock up confidential data while also allowing access to shared data.
“A common Firebase misconfiguration allows attackers to easily find and steal data from storage. By simply appending ‘.json’ to the end of a Firebase URL, the attacker can view and download the contents of vulnerable databases,” the report explained.
How common a problem is it? The Comparitech security team reviewed just over half a million apps, comprising, they say, about 18 per cent of apps in the Play store. “In that sample, we found more than 4,282 apps leaking sensitive information,” the report claimed.
Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996.
The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations.
The service can send data to be printed to a USB/parallel port for physically connected printers; to a TCP port for printers residing on a local network or the internet; or to a local file, in the rare event the user wants to save a print job for later.
Trivially exploitable local privilege elevation
In a report published today, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism.
[…]
PrintDemon is what researchers call a “local privilege escalation” (LPE) vulnerability. This means that once an attacker has even the tiniest foothold inside an app or a Windows machine, even with user-mode privileges, the attacker can run something as simple as one unprivileged PowerShell command to gain administrator-level privileges over the entire OS.
This is possible because of how the Print Spooler service was designed to work, Ionescu and Shafir said.
Because this is a service meant to be available to any app that wants to print a file, it is available to all apps running on a system, without restrictions. The attacker can create a print job that prints to a file — for example a local DLL file used by the OS or another app.
The attacker can initiate the print operation, crash the Print Spooler service intentionally, and then let the job resume, but this time the printing operation runs with SYSTEM privileges, allowing it to overwrite any files anywhere on the OS.
Attackers can exploit CVE-2020-1048 with a single PowerShell command:
In a tweet today, Ionescu said exploitation on current OS versions requires one single line of PowerShell. On older Windows versions, this might need some tweaking.
“On an unpatched system, this will install a persistent backdoor, that won’t go away *even after you patch*,” Ionescu said.
Patches available
The good news is that this has now been patched, hence Ionescu and Shafir’s public disclosure. Fixes for PrintDemon have been released yesterday, with the Microsoft May 2020 Patch Tuesday.
PrintDemon is tracked under the CVE-2020-1048 identifier. Two security researchers from SafeBreach Labs, Peleg Hadar and Tomer Bar, were the first to discover the issue and report it to Microsoft. The two will be presenting their own report on the issue at the Black Hat security conference in August.
Ionescu has also published proof-of-concept code on GitHub with the purpose of aiding security researchers and system administrators investigate the vulnerability and prepare mitigations and detection capabilities.
For threat hunters:
Scan for any file-based ports with either Get-PrinterPorts in PowerShell, or dump HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports. Any ports that have a file path in them especially ending in DLL or EXE should be investigated. https://t.co/wYZn296Gwm
FaxHell works similarly to PrintDemon, but the researchers exploited the Windows Fax service to overwrite and hijack local (DLL) files to install shells and backdoors on Windows systems.
This simulator will familiarize you with the controls of the actual interface used by NASA Astronauts to manually pilot the SpaceX Dragon 2 vehicle to the International Space Station.
The US Senate has voted to give law enforcement agencies access to web browsing data without a warrant, dramatically expanding the government’s surveillance powers in the midst of the COVID-19 pandemic.
The power grab was led by Senate majority leader Mitch McConnell as part of a reauthorization of the Patriot Act, which gives federal agencies broad domestic surveillance powers. Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) attempted to remove the expanded powers from the bill with a bipartisan amendment.
But in a shock upset, the privacy-preserving amendment fell short by a single vote after several senators who would have voted “Yes” failed to show up to the session, including Bernie Sanders. 9 Democratic senators also voted “No,” causing the amendment to fall short of the 60-vote threshold it needed to pass.
“The Patriot Act should be repealed in its entirety, set on fire and buried in the ground,” Evan Greer, the deputy director of Fight For The Future, told Motherboard. “It’s one of the worst laws passed in the last century, and there is zero evidence that the mass surveillance programs it enables have ever saved a single human life.”
The giant hexagon-shaped storm raging atop Saturn’s North Pole is made out of frozen hydrocarbon ice suspended in seven hazy layers stacked on top of one another, according to a study published in Nature Communications on Friday.
The swirling six-sided wonder, which El Reg once dubbed the hexacane, has perplexed scientists since its discovery in the 1980s by NASA’s Voyager 1 and 2 spacecraft. The strange vortex has sides measuring about 14,500 kilometres long – more than the diameter of Earth – and remains intact despite winds that reach 400 kilometres per hour rippling through the ringed giant.
Now, a group of astronomers have analysed images taken from NASA’s Cassini probe to reveal the hexacane’s tower-like structure in more detail.
“The Cassini images have enabled us to discover that, just as if a sandwich had been formed, the hexagon has a multi-layered system of at least seven mists that extend from the summit of its clouds to an altitude of more than 300 km above them,” said Agustín Sánchez-Lavega, a physics professor at the University of Basque Country, Spain, who led the study. “Other cold worlds, such as Saturn’s satellite Titan or the dwarf planet Pluto, also have layers of hazes, but not in such numbers nor as regularly spaced out”.
A picture of the different layers in Saturn’s hexagonal storm
Click to enlarge … Image Credit: GCP/UPV/EHU/NASA/ESA
Each layer is estimated to be seven to 18 kilometres thick, and is made up of tiny micrometre-sized frozen hydrocarbon crystals, including propyne, propane, and diacetylene, and possibly acetylene and benzene at the top. Each particle is estimated to have a diameter of 0.07 to 1.4 micrometres. The layers appear hazy as the concentration of particles suspended in each one varies.
Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.
We have developed a free and open-source tool, Spycheck, to determine if your system is vulnerable. If it is found to be vulnerable, Spycheck will guide you to recommendations on how to help protect your system.
[…]
These vulnerabilities lead to nine practical exploitation scenarios. In an evil maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude with demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates.
All Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable. Some systems providing Kernel DMA Protection, shipping since 2019, are partially vulnerable. The Thunderspy vulnerabilities cannot be fixed in software, impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign. Users are therefore strongly encouraged to determine whether they are affected using Spycheck, a free and open-source tool we have developed that verifies whether their systems are vulnerable to Thunderspy. If it is found to be vulnerable, Spycheck will guide users to recommendations on how to help protect their system.
[…]
The Thunderspy vulnerabilities have been discovered and reported by Björn Ruytenberg. Please cite this work as:
Björn Ruytenberg. Breaking Thunderbolt Protocol Security: Vulnerability Report. 2020. https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf
Researchers at the Allen Institute for Brain Science, a Seattle nonprofit dedicated to neuroscience, have been painstakingly recording every brain cell and every connection between those neurons in mice for the past several years. The result represents major progress since an earlier, simpler map they released in 2016. The now-complete map encompasses about 100 million cells, the institute reported in a paper published today (May 7) in the journal Cell.
[…]
Typically, researchers trace connections between brain cells using thin slices of tissue that can be imaged and explored layer by layer. To build a comprehensive, three-dimensional map, the Allen Institute team instead broke the mouse brain into “voxels” — 3D pixels — and then mapped the cells and connections within each voxel.
The result comprises an “average” of the brains of 1,675 laboratory mice, to make sure the map was as standard as possible.
Mice are common “model organisms” in neuroscience. Their brains have fairly similar structures to humans’, they can be trained, they breed easily, and researchers have already developed robust understandings of how their brains work.
The hope is that the map will bring that understanding to a new level, the Allen Institute said. In doing so, neuroscientists will have a tool with which to develop new research programs and accelerate research already underway. The institute compared its achievement to 1990s-era efforts to sequence different organisms’ DNA for the first time, projects that transformed the way biologists work
Syed Shah usually buys and sells stocks and currencies through his Interactive Brokers account, but he couldn’t resist trying his hand at some oil trading on April 20, the day prices plunged below zero for the first time ever. The day trader, working from his house in a Toronto suburb, figured he couldn’t lose as he spent $2,400 snapping up crude at $3.30 a barrel, and then 50 cents. Then came what looked like the deal of a lifetime: buying 212 futures contracts on West Texas Intermediate for an astonishing penny each.
What he didn’t know was oil’s first trip into negative pricing had broken Interactive Brokers Group Inc. Its software couldn’t cope with that pesky minus sign, even though it was always technically possible — though this was an outlandish idea before the pandemic — for the crude market to go upside down. Crude was actually around negative $3.70 a barrel when Shah’s screen had it at 1 cent. Interactive Brokers never displayed a subzero price to him as oil kept diving to end the day at minus $37.63 a barrel.
At midnight, Shah got the devastating news: he owed Interactive Brokers $9 million. He’d started the day with $77,000 in his account.
“I was in shock,” the 30-year-old said in a phone interview. “I felt like everything was going to be taken from me, all my assets.”
To be clear, investors who were long those oil contracts had a brutal day, regardless of what brokerage they had their account in. What set Interactive Brokers apart, though, is that its customers were flying blind, unable to see that prices had turned negative, or in other cases locked into their investments and blocked from trading. Compounding the problem, and a big reason why Shah lost an unbelievable amount in a few hours, is that the negative numbers also blew up the model Interactive Brokers used to calculate the amount of margin — aka collateral — that customers needed to secure their accounts.
Thomas Peterffy, the chairman and founder of Interactive Brokers, says the journey into negative territory exposed bugs in the company’s software. “It’s a $113 million mistake on our part,” the 75-year-old billionaire said in an interview Wednesday. Since then, his firm revised its maximum loss estimate to $109.3 million. It’s been a moving target from the start; on April 21, Interactive Brokers figured it was down $88 million from the incident.
Customers will be made whole, Peterffy said. “We will rebate from our own funds to our customers who were locked in with a long position during the time the price was negative any losses they suffered below zero.”
[…]
Besides locking up because of negative prices, a second issue concerned the amount of money Interactive Brokers required its customers to have on hand in order to trade. Known as margin, it’s a vital risk measure to ensure traders don’t lose more than they can afford. For the 212 oil contracts Shah bought for 1 cent each, the broker only required his account to have $30 of margin per contract. It was as if Interactive Brokers thought the potential loss of buying at one cent was one cent, rather than the almost unlimited downside that negative prices imply, he said.
“It seems like they didn’t know it could happen,” Shah said.
But it was known industrywide that CME Group Inc.’s benchmark oil contracts could go negative. Five days before the mayhem, the owner of the New York Mercantile Exchange, where the trading took place, sent a notice to all its clearing-member firms advising them that they could test their systems using negative prices. “Effective immediately, firms wishing to test such negative futures and/or strike prices in their systems may utilize CME’s ‘New Release’ testing environments” for crude oil, the exchange said.
Interactive Brokers got that notice, Peterffy said. But he says the firm needed more time to upgrade its trading platform.
IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.
“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call yesterday.
McLoughlin also expects the incident to incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.
The Cognizant CFO says the company has now fully recovered from the ransomware infection and restored the majority of its services.
Incident only impacted internal network
Speaking on the ransomware attack, Cognizant CEO Brian Humphries said the incident only impacted its internal network, but not customer systems.
More precisely, Humphries said the ransomware incident impacted (1) Cognizant’s select system supporting employees’ work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.
[…]
Cognizant held meetings with customers, however, the meetings did not go smoothly as Cognizant avoided sharing any actual details of what had happened.
ZDNet learned of the incident as it was going on, at the time, on April 17, when several disgruntled customers had reached out to this reporter about the company attempting to hide a major security breach under the guise of “technical issues” and cutting off access to a series of services.
Initially, customers feared that a hacker had either stole user data from servers, or a ransomware incident had taken place, and the ransomware spread to customer servers, encrypting their data and the servers becoming inaccessible.
Customers were thrown in full paranoia mode after Cognizant sent an internal alert to all customers, urging clients to block traffic for a list of IP addresses.
[…]
Cognizant losses from the incident are in the same range reported last year by aluminum producer Norsk Hydro, which reported that a March 2019 ransomware incident would cause total revenue losses of more than $40 million, a number it later adjusted to nearly $70 million during the year.
Humphries said that Cognizant is now working to address the concerns of customers who opted to suspend Cognizant services in the wake of the ransomware attack, which also impacted Cognizant’s current bottom line.
Cognizant reported a Q1 2020 revenue of $4.2 billion, up 2.8% over Q1 2019.
The number of SEC filings listing ransomware as a major forward-looking risk factor to companies’ profits has skyrocketed in recent years from 3 filings in 2014 to 1,139 in 2019, and already 743 in 2020. Companies are seeing today ransomware attacks as a real risk for their bottom lines as ransomware incidents tend to cause reputational damage to stock prices and financial losses due to lost revenue as most victims take weeks and months to fully recover.
Samsung has patched a serious security hole in its smartphones that can be exploited by maliciously crafted text messages to hijack devices.
It appears no user interaction is required: if Samsung’s messaging app bundled with phones since 2015 receives a booby-trapped MMS, it will parse it automatically before the user even opens it. This will trigger a vulnerability in the Skia graphics library, used by the app to decode the message’s embedded Qmage image. The end result is code execution on the device, allowing the miscreant who sent it to potentially snoop on their victim and come up with other mischief.
The remote-code execution flaw, labeled SVE-2020-16747, was discovered and reported by Google Project Zero’s Mateusz Jurczyk. You can find an in-depth explanation of the bug here.
Today I’m happy to release new research I’ve been working on for a while: 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom “Qmage” image codec supported by Skia on Samsung devices. Demo: https://t.co/8KRIhy4Fpk
Samsung has pushed out updates to supported phones to squash the bug, which should be installed ASAP before someone weaponizes an exploit for this programming blunder. If you are still waiting for a patch, switching your default message app to another messaging application, and not Samsung’s, and disabling automatic MMS parsing, may help.
The patch coincides with Android’s monthly release of security fixes: all owners of devices running supported versions of Android will want to check for and install relevant updates in May’s patch batch.
This latest wedge includes fixes for a remote code execution flaw in the Android AAC decoder (CVE-2020-0103) and a critical Android framework elevation-of-privilege bug (CVE-2020-0096) that together can be exploited to gain total control of the device.
The other vulnerabilities at the 01 patch level are as follows. For the Android framework, two additional elevation-of-privilege bugs (CVE-2020-0097, CVE-2020-0098) that grant malware already on the device not-quite-total control over a device, and for the media framework, one EoP flaw (CVE-2020-0094) and three information disclosure bugs (CVE-2020-0093, CVE-2020-0100, CVE-2020-0101).
The Android system patches cover the aforementioned AAC remote code bug as well as four EoP (CVE-2020-0102, CVE-2020-0109, CVE-2020-0105, CVE-2020-0024) and three information disclosure bugs (CVE-2020-0092, CVE-2020-0106, CVE-2020-0104) holes.
At the 05 level, patches for components outside of the core Android package, fixes were posted for two kernel flaws allowing EoP (CVE-2020-0110) and information disclosure (CVE-2019-19536). Four fixes were posted for information disclosure bugs in MediaTek components (CVE-2020-0064, CVE-2020-0065, CVE-2020-0090, CVE-2020-0091).
A total of 18 patches were posted for flaws in Qualcomm components, though the details on those bugs were not given.
Those with supported Google-branded devices should get the May fixes directly from the Chocolate Factory, while other Android devices should see the fixes come from their respective vendors and carriers. This can happen anywhere from immediately to several weeks from now, to never, depending on the supplier.
