Germany Is Threatening Biohackers With Prison

Posted on by
Reply

Over the last few years, advances in science have made the kind of experiments once only accessible to PhDs with fancy labs far more attainable. College undergrads are constructing gene drives. Anyone can buy a kit on the internet to concoct their own bioluminescent beer.
[…]
The German government, it seems, is none too pleased with this development. Two weeks ago its consumer protection office issued a statement making clear just how upset it is: Any science enthusiast doing genetic engineering outside of a licensed facility, it wrote, might face a fine of €50,000 or up to three years in prison.
[…]
The law behind the German DIY bio crackdown isn’t new. The government was simply reminding so-called biohackers of a long-existing law that forbids genetic engineering experiments outside of laboratories supervised and licensed by the state.
[…]
“The statement has to be seen in light of the newly formed DIY biology scene and due to the appearance of low-priced DIY biology kits in online shops,” the BVL told Gizmodo, via email.
[…]
The BVL conceded that the new rules will make it virtually impossible for a lone scientist to meet the legal requirements to do genetic engineering. To begin with, any lab needs a project manager qualified by academic credentials such as a master’s degree in science. Labs also require a commissioner for biological safety who is similarly qualified.

“This makes genetic engineering experiments rather unattractive for individuals,” the BVL’s spokesman said.

Source: Germany Is Threatening Biohackers With Prison

On the one hand I understand the need for oversight and ethics, on the other hand, it should be a lot easier for individuals to play and learn in this field. It must be possible to balance the two needs.

New smartphone app looks inside objects, shows what else is in there

Posted on by
Reply

A new app from Fraunhofer development engineers looks directly inside objects and displays specific constituents. It has numerous uses: For instance, apples can be scanned for pesticide residues. Applications will be added successively following the Wikipedia principle.
[…]
Such scans usually require a special hyperspectral camera: It adjusts to different colored light each time and ascertains how much of a color’s light is reflected by an object, thus generating a complete spectral fingerprint of the object. The development engineers use a mathematical model to extract just about any information on an object, e.g. its constituents, from its spectral fingerprint. “Since hyperspectral cameras aren’t integrated in smartphones, we simply reversed this principle,” explains Seiffert. “The camera gives us a broadband three-channel sensor, that is, one that scans every wavelength and illuminates an object with different colored light.” This means that, instead of the camera measuring luminous intensity in different colors, the display successively illuminates the object with a series of different colors for fractions of a second. Thus, if the display casts only red light on the object, the object can only reflect red light – and the camera can only measure red light. Intelligent analysis algorithms enable the app to compensate a smartphone’s limited computing performance as well as the limited performance of the camera and display.

Source: New smartphone app looks inside objects

Blueprint for a microwave trapped ion quantum computer released

Posted on by
Reply

The availability of a universal quantum computer may have a fundamental impact on a vast number of research fields and on society as a whole. An increasingly large scientific and industrial community is working toward the realization of such a device. An arbitrarily large quantum computer may best be constructed using a modular approach. We present a blueprint for a trapped ion–based scalable quantum computer module, making it possible to create a scalable quantum computer architecture based on long-wavelength radiation quantum gates. The modules control all operations as stand-alone units, are constructed using silicon microfabrication techniques, and are within reach of current technology. To perform the required quantum computations, the modules make use of long-wavelength radiation–based quantum gate technology. To scale this microwave quantum computer architecture to a large size, we present a fully scalable design that makes use of ion transport between different modules, thereby allowing arbitrarily many modules to be connected to construct a large-scale device. A high error–threshold surface error correction code can be implemented in the proposed architecture to execute fault-tolerant operations. With appropriate adjustments, the proposed modules are also suitable for alternative trapped ion quantum computer architectures, such as schemes using photonic interconnects.

Source: Blueprint for a microwave trapped ion quantum computer

Cisco’s Prime Home lets hackers hijack people’s routers, from one single point at the ISP

Posted on by
Reply

“An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication,” Cisco said today. “An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges.”

Note that “administrator” was italicized by the networking giant. Super serious.

Cisco pitches Prime Home as a “solution” for ISPs and connected device vendors, allowing companies to control devices such as ISP-issued cable modems, routers, and set top boxes in subscribers’ homes from afar. It uses “Broadband Forum’s TR-069 suite of protocols to provision and manage in-home devices.”

That means that a successful attack on an ISP’s installation of Prime Home would allow a criminal to take administrator-level control of the Prime Home GUI and meddle with all the devices connected to that particular service. As there are no workarounds or mitigations for the bug, Cisco is recommending that administrators install the update as soon as possible.

Source: Home-pwners: Cisco’s Prime Home lets hackers hijack people’s routers, no questions asked • The Register

Our galaxy is being pushed towards Shapley attractor from Dipole repeller by gravity flows

Posted on by
Reply

The presence of a large underdensity, the dipole repeller, is predicted based on a study of the velocity field of our Local Group of galaxies. The combined effects of this super-void and the Shapley concentration control the local cosmic flow.
[…]
Our Local Group of galaxies is moving with respect to the cosmic microwave background (CMB) with a velocity 1 of V CMB = 631 ± 20 km s−1 and participates in a bulk flow that extends out to distances of ~20,000 km s−1 or more

Source: The dipole repeller

Figure 1: A face-on view of a slice 6,000 km s−1 thick, normal to the direction of the pointing vector rˆ=(0.604,0.720,−0.342).

Three different elements of the flow are presented: mapping of the velocity field is shown by means of streamlines (seeded randomly in the slice); red and grey surfaces present the knots and filaments of the V-web, respectively; and equi-gravitational potential (ϕ) surfaces are shown in green and yellow. The potential surfaces enclose the dipole repeller (in yellow) and the Shapley attractor (in green) that dominate the flow. The yellow arrow originates at our position and indicates the direction of the CMB dipole (galactic longitude l = 276°, galactic latitude b = 30°). The distance scale is given in units of km s−1.

Figure 2: A 3D view of the velocity field.

It is shown here by means of the flow streamlines (in black–blue, left panel) and of the anti-flow (in yellow–red, right panel). Anti-flow is defined here by the negative (namely, the reverse) of the velocity field. The same streamlines are seeded on a regular grid and are coloured according to the magnitude of the velocity. The flow streamlines diverge from the repeller and converge on the attractor. For the anti-flow, the divergence and convergence switch roles: they diverge from the attractor and converge on the repeller. The knots and filaments of the V-web are shown for reference. Cartesian supergalactic coordinates (SGX, SGY, SGZ) are assumed here. (For a 3D view, look at the accompanying Supplementary Video, at time 00:56–01:28.)

Linux encryption app Cryptkeeper has universal password: ‘p’

Posted on by
Reply

The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper invokes encfs and attempts to enter paranoia mode with a simulated ‘p’ keypress – instead, it sets passwords for folders to just that letter.

Cryptkeeper’s developer appears to have abandoned the project. Luckily, it’s not used by that many people – although it makes the bug no less tragically hilarious.

Source: You’re taking the p… Linux encryption app Cryptkeeper has universal password: ‘p’ • The Register

PostScript printers extremely vulnerable outside of the network

Posted on by
Reply

If PostScript is the printer driver, the printer is vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers here.

The bugs range from attackers exfiltrating copies of what’s sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets.

The work from the University Alliance Ruhr landed on Full Disclosure here (with five vendor-specific follow-ups), and as they note: “This vulnerability has presumably been present in every PostScript printer [for] 32 years as solely legitimate PostScript language constructs are abused.”

Source: We don’t want to alarm you, but PostScript makes your printer an attack vector • The Register

Bypassing Authentication on NETGEAR Routers

Posted on by
Reply

“Hmm, what is that unauth.cgi thingy? and what does that id number mean?”, I thought to myself.

Luckily for me the Internet connection had come back on its own, but I was now a man on a mission, so I started to look around to see if there were any known vulnerabilities for my VEGN2610. It turned out that there are none. :< I started looking up what that "unauth.cgi" page could be, and I found 2 publicly disclosed exploits from 2014, for different models that manage to do unauthenticated password disclosure. Booyah! Exactly what I need. (link 1 & link 2) Those two guys found out that the number we get from unauth.cgi can be used with passwordrecovered.cgi to retrieve the credentials. I tested the method described in both, and voila - I have my password, now I can go to sleep happy and satisfied. I woke up the next morning excited by the discovery, I thought to myself: "3 routers with same issue… Coincidence? I think not". Luckily, I had another, older NETGEAR router laying around; I tested it and bam! Exploited.

Source: CVE-2017-5521: Bypassing Authentication on NETGEAR Routers

Suffered a breach? Expect to lose cash, opportunities, and customers – report

Posted on by
Reply

More than a third of organisations that experienced a breach last year reported substantial customer, opportunity and revenue loss.

The finding is one of the key takeaways from the latest edition of Cisco’s annual cybersecurity report, which also suggests that defenders are struggling to improve defences against a growing range of threats.

The vast majority (90 per cent) of breached organisations are improving threat defence technologies and processes following attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security policies.

More than half of organisations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organisations that experienced an attack, the effect can be substantial: 22 per cent of breached organisations lost customers and 29 per cent lost revenue, with 38 per cent of that group losing more than 20 per cent of revenue. A third (33 per cent) of breached organisations lost business opportunities.

Source: Suffered a breach? Expect to lose cash, opportunities, and customers – report • The Register

Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

Posted on by
Reply

Phone numbers, browser histories, and social media posts are all examples of the sort of data that could be mined from those entering the US under Trump’s “extreme vetting” policy, Department of Homeland Security secretary John Kelly said today.

As Talking Points Memo reported, Kelly held a press conference this afternoon to discuss the president’s new (and massively unpopular) travel ban. When pressed to explain what the “extreme vetting” part of the order could involve, Kelly answered, “It might be certainly an accounting of what websites they visit.” He stressed, however, that the new rules—whatever form they may take—are still “under development.”

“It might be telephone contact information [and] social media,” he continued. “We have to be convinced that people that come here, there’s a reasonable expectation that we don’t know who they are and what they’re coming here for and what their backgrounds are.”

Source: Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

2016 Hard Drive Reliabilty Benchmark Stats by Backblaze

Posted on by
Reply

Backblaze has recorded and saved daily hard drive statistics from the drives in our data centers since April 2013. At the end of 2016 we had 73,653 spinning hard drives. Of that number, there were 1,553 boot drives and 72,100 data drives.

[…]

In 2016, three drives models ended the year with zero failures, albeit with a small number of drives. Both the 4 TB Toshiba and the 8 TB HGST models went the entire year without a drive failure. The 8 TB Seagate (ST8000NM0055) drives, which were deployed in November 2016, also recorded no failures.

The total number of failed drives was 1,225 for the year. That’s 3.36 drive failures per day or about 5 drives per workday, a very manageable workload. Of course, that’s easy for me to say, since I am not the one swapping out drives.

The overall hard drive failure rate for 2016 was 1.95%. That’s down from 2.47% in 2015 and well below the 6.39% failure rate for 2014.

Source: 2016 Hard Drive Reliabilty Benchmark Stats

Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

Posted on by
Reply

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted.

Source: Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

Aviation Headsets Guide

Posted on by
Reply

It starts with the type of headset you need. You have PNR = passive noise reduction, ANR = active noise reduction and earpiece type headsets.

PNR relies on the shell and the seal (which is gel or foam [gel when broken will leak and requires a full replacement of the seal, foam will live through it. Apparently foam also works better around spectacles / sunglasses. Gel tends to offer slightly better noise cancellation]) to cancel the noise of the propeller. ANR send out noise cancellation signals to cancel the noise of the prop. These require batteries. The noise cancellation qualities are usually measured in db (eg 24 dB NRR)

Other differences are
* Are there volume buttons on one or both earpieces
* can you select mono / stereo? Usually you just want mono
* is there a music input for your ipod / phone
* bluetooth onboard?
* weight
* adjustability of the headband (NB large adjustable screws are prone to breakage and banging into stuff)
* material of the headband (you want metal, as it is more adjustable and less prone to breaking)
* quality and materiaal of the padding around the headband (for comfort)
* the quality of the speakers
* is it a fixed or adjustable boom for the mic
* the quality of the mic (how well the mic filters ambient noise and automatically starts transmitting when you start speaking)
* price

Some more information can be found in 2015 plane and pilot headset buyers guide

NB. If you get gel ear seals, make sure you get some protective covers: they will help save the gel seals and also keep your ears at a more comfortable temperature. The covers are very cheap and replacement ear seals are pretty expensive.

Apparently it’s better to have PNR than a poor ANR headset, poor ANR headsets are pretty disastrous.

Bose headsets are the absolute best in ANR, followed closely by Lightspeed. Prices vary from $ 800,- to $ 1300,-

In the PNR world, David Clark is the old world standard but they are quite expensive (and expensive!)

So the one I originally wanted was the Kore Aviation KA-1 $ 150,- with carrying case and foam ear seals. Unfortunately they wouldn’t ship to the Netherlands, so there was no way. (the ear covers are here)

In the end I bought the Rugged Air RA900 headset with ear covers. They retail at $199 but I found them at Mypilotstore for $165 I am very happy with these, even though the first set they delivered had a broken speaker lead. Rugged Radios replaced the entire unit quickly and hassle free and I have had no problems since. The mic picks up spoken words immediately and the speakers are high quality.

Finally you have child headsets in prices ranging from $ 80 to upwards. I quite like the Rugged Air RA250 Child’s Headset but it doesn’t have a flexible boom mike, which I think is a drawback.

There is also the possibility to turn any headset into a bluetooth compatible unit for streaming music or picking up phone calls with this bluetooth streamer for $24,-

Happy flying!

Viruses, spyware found in ‘alarming’ number of Android VPN apps

Posted on by
Reply

A team from CSIRO’s Data 61, University of NSW and UC Berkley in the US found a whole bunch of Android VPN apps contain viruses, spyware and other adware.

Researchers analysed the apps available for Android to look for nasties like trojans, spyware and adware — giving each an “anti-virus rank (AV)” based on what they found. The lower the rank, the better.

They found of the 283 apps they analysed, 38 per cent contained malware or malvertising (malicious advertising containing viruses).

“The findings are alarming and showing some very, very serious security and privacy issues,” Data61 researcher Dali Kaafar said.

“If they embed some malware that means that particular malware can see all the other traffic that is originating from your device.

Source: Viruses, spyware found in ‘alarming’ number of Android VPN apps

Dropbox: Oops, yeah, we didn’t actually delete all your files – this bug kept them in the cloud

Posted on by
Reply

“Typically, we permanently remove files and folders from our servers within 60 days of a user deleting them. However, the deleted files and folders impacted by this bug had metadata inconsistencies,” Dropbox employee Ross S said on the company’s support forum.

“So we quarantined and excluded them from the permanent deletion process until the metadata could be fixed.”

Dropbox noted that the data was only visible to the accounts of the users, and at no time did any third party have access to the exposed files.

This after users had been complaining that old files, some more than a half-decade in the past, had been showing up.

“Several different folders of old files from 2009–2011, deleted years ago but suddenly reappearing overnight,” wrote one user. “And I definitely haven’t connected to an old computer, either.”

Source: Dropbox: Oops, yeah, we didn’t actually delete all your files – this bug kept them in the cloud • The Register

Ouch, that’s pretty nasty: who knows how many other old files Dropbox (which makes money off analysing your data) has “accidentally” not deleted. Or maybe the bug was that they suddenly became visible to the user?

google/glazier: A tool for automating the installation of the Microsoft Windows operating system on various device platforms.

Posted on by
Reply

Glazier

Glazier is a tool for automating the installation of the Microsoft Windows operating system on various device platforms.

Why Glazier?

Glazier was created with certain principles in mind.

Text-based & Code-driven

With Glazier, imaging is configured entirely via text files. This allows technicians to leverage source control systems to maintain and develop their imaging platform. By keeping imaging configs in source control, we gain peer review, change history, rollback/forward, and all the other benefits normally reserved for writing code.

Reuse and templating allows for config sharing across multiple image types.

Configs can be consumed by unit tests, build simulators, and other helper infrastructure to build a robust, automated imaging pipeline.

Source controlled text makes it easy to integrate configs across multiple branches, making it easy to QA new changes before releasing them to the general population.

Scalability

Glazier distributes all data over HTTPS, which means you can use as simple or as advanced of a distribution platform as you need. Run it from a simple free web server or a large cloud-based CDN.

Proxies make it easy to accelerate image deployment to remote sites.

Extensible

Glazier makes it simple to extend the installer by writing a bit of Python or Powershell code.

Source: GitHub – google/glazier: A tool for automating the installation of the Microsoft Windows operating system on various device platforms.

Wine 2.0 Released

Posted on by
Reply

The Wine team is proud to announce that the stable release Wine 2.0 is now available. This release represents over a year of development effort and around 6,600 individual changes. The main highlights are the support for Microsoft Office 2013, and the 64-bit support on macOS. It also contains a lot of improvements across the board, as well as support for many new applications and games.

Source: WineHQ – News – Wine 2.0 Released

Wine stands for Wine is not an emulator and can be used to run windows and mac programmes on a linux OS

Boffins perfect 3D bioprinter that produces slabs of human skin

Posted on by
Reply

In a paper for the journal Biofabrication, the team details how the printer lays down bioinks containing human plasma as well as primary human fibroblasts and keratinocytes. The printer first lays down a layer of external epidermis and then a thicker layer of fibroblasts that produce collagen, which will make the flesh strong and elastic.

“Knowing how to mix the biological components, in what conditions to work with them so that the cells don’t deteriorate, and how to correctly deposit the product is critical to the system,” said Juan Francisco del Cañizo, of the Hospital General Universitario.

The end result is a 100-cm2 slab of skin, printed in 35 minutes, that can be transplanted onto patients. Its production can be automated to a large degree. The skin can also be used to test the irritant qualities of consumer products without having to shave animals and use them as test subjects.

“We use only human cells and components to produce skin that is bioactive and can generate its own human collagen, thereby avoiding the use of the animal collagen that is found in other methods,” the team notes in its paper.

Source: Gimme some skin: Boffins perfect 3D bioprinter that produces slabs of human flesh • The Register

Introducing Malwarebytes Anti-Ransomware Beta

Posted on by
Reply

a completely proactive and signature-less technology that is able to detect and block even the most dangerous of ransomware variants like CryptoWall4, CryptoLocker, Tesla, and CTB-Locker.

Malwarebytes Anti-Ransomware monitors all activity in the computer and identifies actions which are typical of ransomware activity. It keeps track of all activity and, once it has enough evidence to determine a certain process or thread to be ransomware, blocks the infection and quarantines the ransomware before it has a chance to encrypt users’ files. During development Malwarebytes Anti-Ransomware has blocked every single ransomware variant we have thrown at it. We are extremely satisfied with its results and are excited to bring this technology to our user community for further testing.

As this is the very first beta we do encourage beta users to install the product in non-production environments for testing purposes only.

Source: Introducing Malwarebytes Anti-Ransomware Beta – Anti-Ransomware Beta – Malwarebytes Forums

Cryptostalker, a Tool to Detect Crypto-Ransomware on Linux

Posted on by
Reply

Cryptostalker and the original project randumb are the work of Sean Williams, a developer from San Francisco. Mr. Williams wanted to create a tool that monitored the filesystem for newly written files, and if the files contained random data, the sign of encrypted content, and they were written at high speed, it would alert the system’s owner.

Right now, the project is only available for Linux, but as you can read below in our interview with Mr. Williams, there’s a plan to port the tool for Windows.

If tests go well enough, then Windows users may have a new method of getting warned against the deadly wave of crypto-ransomware that’s been recently hitting users around the globe.

Source: Cryptostalker, a Tool to Detect Crypto-Ransomware on Linux – EXCLUSIVE

The No More Ransom Project: tools and howtos to decrypt ransomware from the EU

Posted on by
Reply

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.

Source: The No More Ransom Project