Wyze says camera breach let 13,000 customers briefly see into other people’s homes

Posted on by

Last week, co-founder David Crosby said that “so far” the company had identified 14 people who were able to briefly see into a stranger’s property because they were shown an image from someone else’s Wyze camera. Now we’re being told that number of affected customers has ballooned to 13,000.

The revelation came from an email sent to customers entitled “An Important Security Message from Wyze,” in which the company copped to the breach and apologized, while also attempting to lay some of the blame on its web hosting provider AWS.

“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused.

The breach, however, occurred as Wyze was attempting to bring its cameras back online. Customers were reporting seeing mysterious images and video footage in their own Events tab. Wyze disabled access to the tab and launched its own investigation.

As it did before, Wyze is chalking up the incident to “a third-party caching client library” that was recently integrated into its system.

This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.

But it was too late to prevent an estimated 13,000 people from getting an unauthorized peek at thumbnails from a stranger’s homes. Wyze says that 1,504 people tapped to enlarge the thumbnail, and that a few of them caught a video that they were able to view. It also claims that all impacted users have been notified of the security breach, and that over 99 percent of all of its customers weren’t affected.

[…]

Source: Wyze says camera breach let 13,000 customers briefly see into other people’s homes – The Verge

Which it’s better to store stuff on your own NAS hardware instead of some vendor’s cloud.

Chinese and US researchers show new side channel can reproduce fingerprints by listening to swiping sounds on screen

Posted on by

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

[…]

the PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.

[…]

Source: Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom’s Hardware

Four-day week made permanent for most UK firms in world’s biggest trial

Posted on by

Of the 61 organisations that took part in a six-month UK pilot in 2022, 54 (89%) are still operating the policy a year later, and 31 (51%) have made the change permanent.

More than half (55%) of project managers and CEOs said a four-day week – in which staff worked 100% of their output in 80% of their time – had a positive impact on their organisation, the report found.

For 82% this included positive effects on staff wellbeing, 50% found it reduced staff turnover, while 32% said it improved job recruitment. Nearly half (46%) said working and productivity improved.

[…]

The four-day working week report, by the thinktank Autonomy and researchers from the University of Cambridge, the University of Salford and Boston College in the US, found that “many of the significant benefits found during the initial trial have persisted 12 months on”, although they noted that it was a small sample size.

Almost all (96%) of staff said their personal life had benefited, and 86% felt they performed better at work, while 38% felt their organisation had become more efficient, and 24% said it had helped with caring responsibilities.

Organisations reduced working hours by an average of 6.6 hours to reach a 31.6-hour week. Most gave their staff one full day off a week, either universal or staggered. The report found that protected days off were more effective than those on which staff were “on call” or sometimes expected to work.

The most successful companies made their four-day week “clear, confident and well-communicated”, and co-designed their policies between staff and management, thinking carefully about how to adapt work processes, the authors wrote.

[…]

 

Source: Four-day week made permanent for most UK firms in world’s biggest trial | Work-life balance | The Guardian

Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah, bring back space grown drugs

Posted on by

A spacecraft containing pharmaceutical drugs that were grown on orbit has finally returned to Earth today after more than eight months in space.

Varda Space Industries’ in-space manufacturing capsule, called Winnebago-1, landed in the Utah desert at around 4:40 p.m. EST. Inside the capsule are crystals of the drug ritonavir, which is used to treat HIV/AIDS. It marks a successful conclusion of Varda’s first experimental mission to grow pharmaceuticals on orbit, as well as the first time a commercial company has landed a spacecraft on U.S. soil, ever.

The capsule will now be sent back to Varda’s facilities in Los Angeles for analysis, and the vials of ritonavir will be shipped to a research company called Improved Pharma for post-flight characterization, Varda said in a statement. The company will also be sharing all the data collected through the mission with the Air Force and NASA, per existing agreements with those agencies.

The first-of-its-kind reentry and landing is also a major win for Rocket Lab, which partnered with Varda on the mission. Rocket Lab hosted Varda’s manufacturing capsule inside its Photon satellite bus; through the course of the mission, Photon provided power, communications, attitude control and other essential operations. At the mission’s conclusion, the bus executed a series of maneuvers and de-orbit burns that put the miniature drug lab on the proper reentry trajectory. The final engine burn was executed shortly after 4 p.m. EST.

[…]

Source: Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah | TechCrunch

Universal Antivenom for Snake Bites Might Soon Be a Reality

Posted on by

[…]

a team of scientists says they’ve created a lab-made antibody geared to counteract toxic bites from a wide variety of snakes. In early tests with mice, the uber-antivenom appeared to work as intended.

Snake antivenom is typically derived from the antibodies of horses or other animals that produce a strong immune response to snake toxins. These donated antibodies can be highly effective at preventing serious injury and death from a snakebite, but they come with serious limitations.

The chemical makeup of one species’s toxin can vary significantly from another’s, for instance, so antibodies to one specific toxin provide little protection against others. Manufacturers can try to work around this by inoculating animals with several toxins at once, but this method has drawbacks, such as needing a higher dose of antivenom since only some of the antibodies will have any effect.

[…]

Though snake toxins are remarkably complex and different from one another, even within the same class, the team managed to find sections of these toxins that were pretty similar across different species.

The scientists produced a variety of 3FTx toxins in the lab and then screened them against a database of more than 50 billion synthetic antibodies, looking for ones that could potentially neutralize several toxins at once. After a few rounds of selection, they ultimately identified one antibody that seemed to broadly neutralize at least five different 3FTx variants, called 95Mat5. They then put the antibody to a real-life test, finding that it fully protected mice from dying from the toxins of the many-banded krait, Indian spitting cobra, and black mamba, in some cases better than conventional antivenom; it also offered some protection against venom from the king cobra.

[…]

As seen with the king cobra, the 95Mat5 antibody alone may not work against every elapid snake. And it wouldn’t protect against bites from viper snakes, the other major family of venomous snakes. But the team’s process of identifying broadly neutralizing antibodies—adapted from similar research on the HIV virus—could be used to find other promising antivenom candidates.

[…]

Source: Universal Antivenom for Snake Bites Might Soon Be a Reality

Video generation models as world simulators by OpenAI Sora

Posted on by

[…]

Our largest model, Sora, is capable of generating a minute of high fidelity video. Our results suggest that scaling video generation models is a promising path towards building general purpose simulators of the physical world.

This technical report focuses on (1) our method for turning visual data of all types into a unified representation that enables large-scale training of generative models, and (2) qualitative evaluation of Sora’s capabilities and limitations. Model and implementation details are not included in this report.

[…]

Sampling flexibility

Sora can sample widescreen 1920x1080p videos, vertical 1080×1920 videos and everything inbetween. This lets Sora create content for different devices directly at their native aspect ratios. It also lets us quickly prototype content at lower sizes before generating at full resolution—all with the same model.

[…]

Source: Video generation models as world simulators

Canadian college M&M Vending machines secretly scanning faces – revealed by error message

Posted on by

[…]

The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, “Invenda.Vending.FacialRecognitionApp.exe,” displayed after the machine failed to launch a facial recognition application that nobody expected to be part of the process of using a vending machine.

Reddit post shows error message displayed on a University of Waterloo vending machine (cropped and lightly edited for clarity).
Enlarge / Reddit post shows error message displayed on a University of Waterloo vending machine (cropped and lightly edited for clarity).
SquidKid47 on Reddit

“Hey, so why do the stupid M&M machines have facial recognition?” SquidKid47 pondered.

The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.

Stanley sounded alarm after consulting Invenda sales brochures that promised “the machines are capable of sending estimated ages and genders” of every person who used the machines without ever requesting consent.

This frustrated Stanley, who discovered that Canada’s privacy commissioner had years ago investigated a shopping mall operator called Cadillac Fairview after discovering some of the malls’ informational kiosks were secretly “using facial recognition software on unsuspecting patrons.”

Only because of that official investigation did Canadians learn that “over 5 million nonconsenting Canadians” were scanned into Cadillac Fairview’s database, Stanley reported. Where Cadillac Fairview was ultimately forced to delete the entire database, Stanley wrote that consequences for collecting similarly sensitive facial recognition data without consent for Invenda clients like Mars remain unclear.

Stanley’s report ended with a call for students to demand that the university “bar facial recognition vending machines from campus.”

A University of Waterloo spokesperson, Rebecca Elming, eventually responded, confirming to CTV News that the school had asked to disable the vending machine software until the machines could be removed.

[…]

Source: Vending machine error reveals secret face image database of college students | Ars Technica

iOS and Android users face scans used to break into bank accounts

Posted on by

[…]

GoldPickaxe and GoldPickaxe.iOS target Android and iOS respectively, tricking users into performing biometric verification checks that are ultimately used to bypass the same checks employed by legitimate banking apps in Vietnam and Thailand – the geographic focus of these ongoing attacks.

The iOS version is believed only to be targeting users in Thailand, masquerading as the Thai government’s official digital pensions app. That said, some think it has also made its way to Vietnam. This is because very similar attacks, which led to the theft of tens of thousands of dollars, were reported in the region earlier this month.

“It is of note that GoldPickaxe.iOS is the first iOS Trojan observed by Group-IB that combines the following functionalities: collecting victims’ biometric data, ID documents, intercepting SMS, and proxying traffic through the victims’ devices,” the researchers said.

“Its Android sibling has even more functionalities than its iOS counterpart, due to more restrictions and the closed nature of iOS.”

[…]

Researchers also found the Android version bore many more disguises than the iOS version – taking the form of more than 20 different government, finance, and utility organizations in Thailand, and allowing attackers to steal credentials for all of these services.

How’d they get on Apple phones?

In the case of iOS, the attackers had to be cunning. Their first method involved the abuse of Apple’s TestFlight platform, which allows apps to be distributed as betas before full release to the App Store.

After this method was stymied, attackers switched to more sophisticated social engineering. This involved influencing users to enroll their devices in an MDM program, allowing the attackers to push bad apps to devices that way.

In all cases, the initial contact with victims was made by the attackers impersonating government authorities on the LINE messaging app, one of the region’s most popular.

[…]

Once the biometrics scans were captured, attackers then used these scans, along with deepfake software, to generate models of the victim’s face.

Attackers would download the target banking app onto their own devices and use the deepfake models, along with the stolen identity documents and intercepted SMS messages, to remotely break into victims’ banks.

[…]

Facial biometrics were only mandated in Thailand last year, with plans first announced in March with an enforcement date set for July. Vietnam is poised to mandate similar controls by April this year.

From July 2023, all Thai banking apps had to comply with the new initiative and replace one-time passcodes with facial biometrics to decrease the threat of financial fraud in the region. This applied specifically to transactions exceeding 50,000 BAT (roughly $1,400).

[…]

Source: Stolen iOS users face scans used to break into bank accounts

Which goes to show – biometrics are unchangeable and so make for a really bad (and potentially dangerous, if people are inclinded to amputate parts of your anatomy) security pass.

Whoops: ‘Smart’ Livall Helmet Allowed Real Time Surveillance And Location Tracking Of A Million Customers

Posted on by

livall smart helmets

[,,,] a company named Livall makes “smart” bike helmets for skiers and cyclists that includes features like auto-fall detection, GPS location monitoring, and integrated braking lights. The problem: the company apparently didn’t spend enough time securing the company’s app, allowing pretty much anybody to listen in on and track the precise location data of a million customers in real time.

Livall’s smartphone apps feature group audio chats and location data. The problem: Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, found that the chat groups were secured by a six-digit pin code that was very simple to brute force (via Techcrunch):

“That 6 digit group code simply isn’t random enough. We could brute force all group IDs in a matter of minutes.”

Munro also noted that there was nothing to alert a group of cyclists or skiers that someone new had entered the chat, allowing a third party to monitor them in complete silence:

“As soon as one entered a valid group code, one joined the group automatically. There was no further authorisation nor alerts to the other group user. It was therefore trivial to silently join any group, giving us access to any users location and the ability to listen in to any group audio communications.

Whoops a daisy. As with so many modern “smart” tech companies, Munro also notes that Livall only took their findings seriously once they got a prominent security journalist (Zack Whittaker at Techcrunch) involved to bring attention to the problem. Livall finally fixed the problem, but it’s not entirely clear that would have happened without Whittaker’s involvement.

[…]

Source: Whoops: ‘Smart’ Helmet Allowed Real Time Surveillance And Location Tracking Of A Million Customers | Techdirt

European human rights court says backdooring encrypted comms is against human rights

Posted on by
a picture of an eye staring at your from your mobile phone

The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control.

The Court issued a decision on Tuesday stating that “the contested legislation providing for the retention of all internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society.”

The “contested legislation” mentioned above refers to a legal challenge that started in 2017 after a demand from Russia’s Federal Security Service (FSB) that messaging service Telegram provide technical information to assist the decryption of a user’s communication. The plaintiff, Anton Valeryevich Podchasov, challenged the order in Russia but his claim was dismissed.

In 2019, Podchasov brought the matter to the ECHR. Russia joined the Council of Europe – an international human rights organization – in 1996 and was a member until it withdrew in March 2022 following its illegal invasion of Ukraine. Because the 2019 case predates Russia’s withdrawal, the ECHR continued to consider the matter.

The Court concluded that the Russian law requiring Telegram “to decrypt end-to-end encrypted communications risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users.” As such, the Court considers that requirement disproportionate to legitimate law enforcement goals.

While the ECHR decision is unlikely to have any effect within Russia, it matters to countries in Europe that are contemplating similar decryption laws – such as Chat Control and the UK government’s Online Safety Act.

Chat Control is shorthand for European data surveillance legislation that would require internet service providers to scan digital communications for illegal content – specifically child sexual abuse material and potentially terrorism-related information. Doing so would necessarily entail weakening the encryption that keeps communication private.

Efforts to develop workable rules have been underway for several years and continue to this day, despite widespread condemnation from academics, privacy-oriented orgs, and civil society groups.

Patrick Breyer, a member of the European parliament for the Pirate Party, hailed the ruling for demonstrating that Chat Control is incompatible with EU law.

“With this outstanding landmark judgment, the ‘client-side scanning’ surveillance on all smartphones proposed by the EU Commission in its chat control bill is clearly illegal,” said Breyer.

“It would destroy the protection of everyone instead of investigating suspects. EU governments will now have no choice but to remove the destruction of secure encryption from their position on this proposal – as well as the indiscriminate surveillance of private communications of the entire population!” ®

Source: European human rights court says no to weakened encryption • The Register

New evidence changes key ideas about Earth’s climate history – it wasn’t that hot

Posted on by

A new study published in Science resolves a long-standing scientific debate, and it stands to completely change the way we think about Earth’s climate evolution.

The research debunks the idea that Earth’s surface (across land and sea) has experienced really hot temperatures over the last two billion years. Instead, it shows that Earth has had a relatively stable and mild climate.

Temperature is an important control over chemical reactions that govern life and our environment. This ground-breaking work will have significant implications for scientists working on or questions surrounding biological and climate .

[…]

In the work, Dr. Isson and Ph.D. student Sofia Rauzi adopted novel methods to illuminate a history of Earth’s surface .

They utilized five unique data records derived from different rock types including shale, iron oxide, carbonate, silica, and phosphate. Collectively, these ‘geochemical’ records comprise over 30,000 that span Earth’s multi-billion-year history.

To date, the study is the most comprehensive collation and interpretation of one of the oldest geochemical records—. Oxygen isotopes are different forms of the element oxygen. It is also the first study to use all five existing records to chart a consistent ‘map’ of temperature across an enormous portion of geological time.

“By pairing oxygen isotope records from different minerals, we have been able to reconcile a unified history of temperature on Earth that is consistent across all five records, and the oxygen isotopic composition of seawater,” says Dr. Isson.

The study disproves ideas that early oceans were hot with temperatures greater than 60°C prior to approximately half a billion years ago, before the rise of animals and land plants. The data indicates relatively stable and temperate early-ocean and temperatures of around 10°C which upends current thinking about the environment that complex life evolved in.

The work produces the first ever record of the evolution of terrestrial (land-based) and marine clay abundance throughout Earth history. This is the first direct evidence for an intimate link between the evolution of plants, marine creatures that make skeletons and shells out of silica (siliceous life forms), clay formation, and .

“The results suggest that the process of clay formation may have played a key role in regulating climate on early Earth and sustaining the temperate conditions that allowed for the evolution and proliferation of life on Earth,” says Dr. Isson.

[…]

The work produces the first ever record of the evolution of terrestrial (land-based) and marine clay abundance throughout Earth history. This is the first direct evidence for an intimate link between the evolution of plants, marine creatures that make skeletons and shells out of silica (siliceous life forms), clay formation, and .

“The results suggest that the process of clay formation may have played a key role in regulating climate on early Earth and sustaining the temperate conditions that allowed for the evolution and proliferation of life on Earth,” says Dr. Isson.

Source: New evidence changes key ideas about Earth’s climate history

23andMe Thinks ‘Mining’ Your DNA Data Is Its Last Hope

Posted on by

23andMe is in a death spiral. Almost everyone who wants a DNA test already bought one, a nightmare data breach ruined the company’s reputation, and 23andMe’s stock is so close to worthless it might get kicked off the Nasdaq. CEO Anne Wojcicki is on a crisis tour, promising investors the company isn’t going out of business because she has a new plan: 23andMe is going to double down on mining your DNA data and selling it to pharmaceutical companies.

“We now have the ability to mine the dataset for ourselves, as well as to partner with other groups,” Wojcicki said in an interview with Wired. “It’s a real resource that we could apply to a number of different organizations for their own drug discovery.”

That’s been part of the plan since day one, but now it looks like it’s going to happen on a much larger scale. 23andMe has always coerced its customers into giving the company consent to share their DNA for “research,” a friendlier way of saying “giving it to pharmaceutical companies.” The company enjoyed an exclusive partnership with pharmaceutical giant GlaxoSmithKline, but apparently the drug maker already sucked the value out of your DNA, and that deal is running out. Now, 23andMe is looking for new companies who want to take a look at your genes.

[…]

the most exciting opportunity for “improvements” is that 23andMe and the pharmaceutical industry get to develop new drugs. There’s a tinge of irony here. Any discoveries that 23andMe makes come from studying DNA samples that you paid the company to collect.

[…]

The problem with 23andMe’s consumer-facing business is the company sells a product you only need once in a lifetime. Worse, the appeal of a DNA test for most people is the novelty of ancestry results, but if your brother already paid for a test, you already know the answers.

[…]

it’s spent years trying to brand itself as a healthcare service, and not just a $79 permission slip to tell people you’re Irish. In fact, the company thinks you should buy yourself a recurring annual subscription to something called 23andMe+ Total Health. It only costs $1,188 a year.

[…]

The secret is you just can’t learn a ton about your health from genetic screenings, aside from tests for specific diseases that doctors rarely order unless you have a family history.

[…]

What do you get with these subscriptions? It’s kind of vague. Depending on the package, they include a service that “helps you understand how genetics and lifestyle can impact your likelihood of developing certain conditions,” testing for rare genetic conditions, enhanced ancestry features, and more. Essentially, they’ll run genetic tests that you may not need. Then, they may or may not recommend that you talk to a doctor, because they can’t offer you actual medical care.

You could also skip the middleman and start with a normal conversation with your doctor, who will order genetic tests if you need them and bill your insurance company

[…]

If 23andMe company survives, the first step is going to be deals that give more companies access to look at your genetics than ever before. But if 23andMe goes out of business, it’ll get purchased or sold off for parts, which means other companies will get a look at your data anyway.

Source: 23andMe Admits ‘Mining’ Your DNA Data Is Its Last Hope

What this piece misses is the danger of whom the data is sold to – or if it is leaked (which it was). Insurance companies may refuse to insure you. Your DNA may be faked. Your unique and unchangeable identity – and those of your family – has been stolen.

US judge dismisses authors’ ridiculous copyright claim against OpenAI

Posted on by

A US judge has dismissed some of the claims made by writers in a copyright infringement lawsuit against OpenAI, though gave the wordsmiths another chance to amend their complaint.

The case – Paul Tremblay et al vs OpenAI – kicked off in 2023 when novelists Paul Tremblay, Christopher Golden, and Richard Kadrey, and writer-comedian-actress Sarah Silverman accused OpenAI of illegally scraping their work without consent to train the AI champion’s large language models.

The creators claimed that ChatGPT produced accurate summaries of their books and offered that as evidence that their writing had been ripped off. Since OpenAI’s neural networks learn to generate text from its training data, the group argued that its output should be considered a “derivative work” of their IP.

The plaintiffs also alleged that OpenAI’s model deliberately omitted so-called copyright management information, or CMI – think books’ ISBN numbers and authors’ names – when it produced output based on their works. They also accused the startup of unfair competition, negligence, and unjust enrichment.

All in all, the writers are upset that, as alleged, OpenAI not only used copyrighted work without permission and recompense to train its models, its model generates prose that closely apes their own, which one might say would hinder their ability to profit from that work.

Federal district Judge Araceli Martínez-Olguín, sitting in northern California, was asked by OpenAI to dismiss the authors’ claims in August.

In a fresh order [PDF] released on Monday, Martínez-Olguín delivered the bad news for the scribes.

“Plaintiffs fail to explain what the outputs entail or allege that any particular output is substantially similar – or similar at all – to their books. Accordingly, the court dismisses the vicarious copyright infringement claim,” she wrote. She also opined that the authors couldn’t prove that CMI had been stripped from the training data or that its absence indicated an intent to hide any copyright infringement.

Claims of unlawful business practices, fraudulent conduct, negligence, and unjust enrichment were similarly dismissed.

The judge did allow a claim of unfair business practices to proceed.

“Assuming the truth of plaintiffs’ allegations – that defendants used plaintiffs’ copyrighted works to train their language models for commercial profit – the court concludes that defendants’ conduct may constitute an unfair practice,” Martínez-Olguín wrote.

Although this case against OpenAI has been narrowed, it clearly isn’t over yet. The plaintiffs have been given another opportunity to amend their initial arguments alleging violation of copyright by filing a fresh complaint before March 13.

The Register has asked OpenAI and a lawyer representing the plaintiffs for comment. We’ll let you know if they have anything worth saying. ®

Source: US judge dismisses authors’ copyright claim against OpenAI • The Register

See also: A Bunch Of Authors Sue OpenAI Claiming Copyright Infringement, Because They Don’t Understand Copyright

and: OpenAI disputes authors’ claims that every ChatGPT response is a derivative work, it’s transformative

France uncovers a vast Russian disinformation campaign in Europe

Posted on by

RUSSIA HAS been at the forefront of internet disinformation techniques at least since 2014, when it pioneered the use of bot farms to spread fake news about its invasion of Crimea. According to French authorities, the Kremlin is at it again. On February 12th Viginum, the French foreign-disinformation watchdog, announced it had detected preparations for a large disinformation campaign in France, Germany, Poland and other European countries, tied in part to the second anniversary of Vladimir Putin’s invasion of Ukraine and the elections to the European Parliament in June.

Viginum said it had uncovered a Russian network of 193 websites which it codenames “Portal Kombat”. Most of these sites, such as topnews.uz.ua, were created years ago and many were left dormant. Over 50 of them, such as news-odessa.ru and pravda-en.com, have been created since 2022. Current traffic to these sites, which exist in various languages including French, German, Polish and English, is low. But French authorities think they are ready to be activated aggressively as part of what one official calls a “massive” wave of Russian disinformation.

Viginum says it watched the sites between September and December 2023. It concluded that they do not themselves generate news stories, but are designed to spread “deceptive or false” content about the war in Ukraine, both on websites and via social media. The underlying objective is to undermine support for Ukraine in Europe. According to the French authorities, the network is controlled by a single Russian organisation.

[…]

For France, the detection of this latest Russian destabilisation effort comes after a series of campaigns that it has attributed to Moscow. Last November the French foreign ministry denounced a “Russian digital interference operation” that spread photos of Stars of David stencilled on walls in a neighbourhood of Paris, in order to stir intercommunal tension in France shortly after the start of the Israel-Hamas conflict. Viginum then detected a network of 1,095 bots on X (formerly Twitter), which published 2,589 posts. It linked this to a Russian internet complex called Recent Reliable News, known for cloning the websites of Western media outlets in order to spread fake news; the EU has dubbed that complex “Doppelgänger”.

France held the same network responsible in June 2023 for the cloning of various French media websites, as well as that of the French foreign ministry. On the cloned ministry website, hackers posted a statement suggesting, falsely, that France was to introduce a 1.5% “security tax” to finance military aid to Ukraine.

[…]

Key advance for capturing carbon from the air

Posted on by

vanadium crystal bar and cube

Zeiss Makro-Planar T*2/100mm ZE

A chemical element so visually striking that it was named for a goddess shows a “Goldilocks” level of reactivity — neither too much nor too little — that makes it a strong candidate as a carbon scrubbing tool.

The element is vanadium, and research by Oregon State University scientists has demonstrated the ability of vanadium peroxide molecules to react with and bind carbon dioxide — an important step toward improved technologies for removing carbon dioxide from the atmosphere.

[…]

how some transition metal complexes can react with air to remove carbon dioxide and convert it to a metal carbonate, similar to what is found in many naturally occurring minerals.

Transition metals are located near the center of the periodic table and their name arises from the transition of electrons from low energy to high energy states and back again, giving rise to distinctive colors. For this study, the scientists landed on vanadium, named for Vanadis, the old Norse name for the Scandinavian goddess of love said to be so beautiful her tears turned to gold.

Nyman explains that carbon dioxide exists in the atmosphere at a density of 400 parts per million. That means for every 1 million air molecules, 400 of them are carbon dioxide, or 0.04%.

“A challenge with direct air capture is finding molecules or materials that are selective enough, or other reactions with more abundant air molecules, such as reactions with water, will outcompete the reaction with CO2,” Nyman said. “Our team synthesized a series of molecules that contain three parts that are important in removing carbon dioxide from the atmosphere, and they work together.”

One part was vanadium, so named because of the range of beautiful colors it can exhibit, and another part was peroxide, which bonded to the vanadium. Because a vanadium peroxide molecule is negatively charged, it needed alkali cations for charge balance, Nyman said, and the researchers used potassium, rubidium and cesium alkali cations for this study.

[…]

vanadium peroxide is a beautiful, purple Goldilocks that becomes golden when exposed to air and binds a carbon dioxide molecule.”

She notes that another valuable characteristic of vanadium is that it allows for the comparatively low release temperature of about 200 degrees Celsius for the captured carbon dioxide.

[…]

“Being able to rerelease the captured CO2 enables reuse of the carbon capture materials, and the lower the temperature required for doing that, the less energy that’s needed and the smaller the cost. There are some very clever ideas about reuse of captured carbon already being implemented — for example, piping the captured CO2 into a greenhouse to grow plants.”

[…]

Story Source:

Materials provided by Oregon State University. Original written by Steve Lundeberg. Note: Content may be edited for style and length.

Journal Reference:

  1. Eduard Garrido Ribó, Zhiwei Mao, Jacob S. Hirschi, Taylor Linsday, Karlie Bach, Eric D. Walter, Casey R. Simons, Tim J. Zuehlsdorff, May Nyman. Implementing vanadium peroxides as direct air carbon capture materials. Chemical Science, 2024; 15 (5): 1700 DOI: 10.1039/D3SC05381D

 

Source: Key advance for capturing carbon from the air | ScienceDaily

Satellite beamed power from space to Earth for the first time ever

Posted on by

The first experiment to transmit power to Earth from space could lead to a space-based solar power station within 10 years, according to one of the researchers involved.

Such a station would benefit from greater exposure to the sun, due to the lack of clouds and atmosphere along with the ability to avoid nighttime darkness. However, the difficulty of designing and making structures large enough to be useful but light enough to launch by rocket has made such a facility impractical.

In a step forward, Ali Hajimiri at the California Institute of Technology and his colleagues launched the Microwave Array Power Transfer LEO Experiment (MAPLE) to space in January 2023. Two months later, they successfully beamed the first power to Earth, after which they ran the experiment for a further eight months.

MAPLE consists of a lightweight array of microwave-producing chips that can direct a beam to a specified location, though it can’t yet generate these microwaves from sunlight.

The team found that MAPLE could send 100 milliwatts of power through space and quickly refocus the beam to new locations. Over the course of the experiment, the team attempted to send power to Earth three times, receiving just 1 milliwatt on the ground each time.

A fully functional system capable of transmitting 100 megawatts, enough to power tens of thousands of homes, would need to be around a square kilometre in size, compared with the 150 square centimetres or so of MAPLE.

“The size of the system is many orders of magnitude smaller than the system that you would need to use for a full-blown application, but the key part here is to have the technology demonstrated in space,” says Hajimiri.

 

Reference:

arxiv DOI: 10.48550/arXiv.2401.15267

Source: Satellite beamed power from space to Earth for the first time ever | New Scientist

Fermi Resonance explains why carbon dioxide causes global warming

Posted on by

illustration of Fermi Resonance

Global warming is largely caused by carbon dioxide and other gases absorbing infrared radiation, trapping heat in Earth’s atmosphere – known as the greenhouse effect.

The most accurate climate models use precise measurements of the amount of radiation CO₂ can absorb to calculate how much heat will be trapped in the atmosphere. These models are excellent at predicting future changes in Earth’s climate, but they don’t provide a physical explanation for why this gas can absorb so much radiation, which can make their predictions difficult to explain.

Robin Wordsworth at Harvard University and his colleagues have now shown how CO₂’s heat-trapping properties can be explained in terms of quantum mechanical effects, in particular a phenomenon called the Fermi resonance.

Sign up to our Fix the Planet newsletter

Get a dose of climate optimism delivered straight to your inbox every month.

Sign up to newsletter

“Rather than just a narrow range of radiation getting absorbed, as you would naively expect, it becomes much broader,” says Wordsworth. “It’s this broadening which is really critical to understanding why carbon dioxide is an important greenhouse gas.”

The Fermi resonance describes how the different directions and patterns in which molecules vibrate can influence each other and make them vibrate more. This is similar to how two pendulums, connected by a shared string, can increase the amplitude of each other’s swinging.

A molecule of CO₂ consists of two oxygen atoms bonded to one carbon atom. Two of the molecule’s vibrations influence each other to make it absorb more light: a side-to-side stretching of the oxygen atoms, and a sidewinder snake-like zigzagging of these atoms.

Wordsworth and his colleagues came up with equations to describe how much radiation CO₂ can absorb based on its physical properties, with and without the Fermi resonance. They found that its light-absorbing features and its warming effect on Earth’s atmosphere could only be reproduced when the resonance was included.

The Fermi resonance was responsible for nearly half of the total warming effect. “Even things that are happening on the scale of our planet are determined, ultimately, by what’s going on at the micro scale,” says Wordsworth.

While it was already known that CO₂ had a particularly large Fermi resonance, having an equation that links this to the greenhouse effect could be useful for quick calculations without running a full climate model, says Jonathan Tennyson at University College London. This could also help physicists model the climate of exoplanets, which can require large amounts of computing power to fully simulate.

Something that Wordsworth and his team couldn’t explain is why CO₂ vibrates in such a unique way – a question that might never be answered without a theory of everything. “There doesn’t seem to be a clear reason why this resonance occurs in CO₂,” says Wordsworth. “One could imagine a different universe where it was slightly different, and carbon dioxide might not have the same effects.”

 

Reference:

arXiv DOI: 10.48550/arXiv.2401.15177

Source: Quantum quirk explains why carbon dioxide causes global warming | New Scientist

Meet GOODY-2, The World’s Most Ethical (And Useless) AI

Posted on by

AI guardrails and safety features are as important to get right as they are difficult to implement in a way that satisfies everyone. This means safety features tend to err on the side of caution. Side effects include AI models adopting a vaguely obsequious tone, and coming off as overly priggish when they refuse reasonable requests.

Prioritizing safety above all.

Enter GOODY-2, the world’s most responsible AI model. It has next-gen ethical principles and guidelines, capable of refusing every request made of it in any context whatsoever. Its advanced reasoning allows it to construe even the most banal of queries as problematic, and dutifully refuse to answer.

As the creators of GOODY-2 point out, taking guardrails to a logical extreme is not only funny, but also acknowledges that effective guardrails are actually a pretty difficult problem to get right in a way that works for everyone.

Complications in this area include the fact that studies show humans expect far more from machines than they do from each other (or, indeed, from themselves) and have very little tolerance for anything they perceive as transgressive.

This also means that as AI models become more advanced, so too have they become increasingly sycophantic, falling over themselves to apologize for perceived misunderstandings and twisting themselves into pretzels to align their responses with a user’s expectations. But GOODY-2 allows us all to skip to the end, and glimpse the ultimate future of erring on the side of caution.

[via WIRED]

Source: Meet GOODY-2, The World’s Most Responsible (And Least Helpful) AI | Hackaday

‘World’s biggest casino’ app Winstar exposed customers’ personal data: developer Dexia didn’t secure the db.

Posted on by

Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga.

The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser.

Dexiga took the database offline after TechCrunch alerted the company to the security lapse.

[…]

the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

TechCrunch examined some of the exposed data and verified Sen’s findings. The database also contained an individual’s gender and the IP address of the user’s device, TechCrunch found.

None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.

A review of the exposed data by TechCrunch found an internal user account and password associated with Dexiga founder Rajini Jayaseelan.

[…]

Source: ‘World’s biggest casino’ app exposed customers’ personal data | TechCrunch

Artificial cartilage with the help of 3D printing

Posted on by

cartelige stem cells 3d printed in the letters TU

Growing cartilage tissue in the lab could help patiens with injuries, but it is very hard to make the tissue grow in exactly the right shape. A new approach could solve this problem: Tiny spherical containers are created with a high-resolution 3D printer. These containers are then filled with cells and assembled into the desired shape. The cells from different containers connect, the container itself is degradable and eventually disappears.

scaffolded spheroids for tissue engineering

[…]

A special high-resolution 3D printing process is used to create tiny, porous spheres made of biocompatible and degradable plastic, which are then colonized with cells. These spheroids can then be arranged in any geometry, and the cells of the different units combine seamlessly to form a uniform, living tissue. Cartilage tissue, with which the concept has now been demonstrated at TU Wien, was previously considered particularly challenging in this respect.

Tiny spherical cages as a scaffold for the cells

“Cultivating cartilage cells from stem cells is not the biggest challenge. The main problem is that you usually have little control over the shape of the resulting tissue,”

[…]

To prevent this, the research team at TU Wien is working with a new approach: specially developed laser-based high-resolution 3D printing systems are used to create tiny cage-like structures that look like mini footballs and have a diameter of just a third of a millimeter. They serve as a support structure and form compact building blocks that can then be assembled into any shape.

Stem cells are first introduced into these football-shaped mini-cages, which quickly fill the tiny volume completely.

[…]

The team used differentiated stem cells — i.e. stem cells that can no longer develop into any type of tissue, but are already predetermined to form a specific type of tissue, in this case cartilage tissue.

[…]

The tiny 3D-printed scaffolds give the overall structure mechanical stability while the tissue continues to mature. Over a period of a few months, the plastic structures degrade, they simply disappear, leaving behind the finished tissue in the desired shape.

First step towards medical application

In principle, the new approach is not limited to cartilage tissue, it could also be used to tailor different kinds of larger tissues such as bone tissue. However, there are still a few tasks to be solved along the way — after all, unlike in cartilage tissue, blood vessels would also have to be incorporated for these tissues above a certain size.

“An initial goal would be to produce small, tailor-made pieces of cartilage tissue that can be inserted into existing cartilage material after an injury,” says Oliver Kopinski-Grünwald. “In any case, we have now been able to show that our method for producing cartilage tissue using spherical micro-scaffolds works in principle and has decisive advantages over other technologies.”

Source: Artificial cartilage with the help of 3D printing | ScienceDaily

Here’s Why Infants Are Strangely Resistant to COVID

Posted on by

Researchers have profiled the entire immune system in young children to compare their response to SARS-CoV-2 with that of adults. The results, published in Cell, show that infants’ systems mount a strong innate response in their noses, where the airborne virus usually enters the body. And unlike adults, babies don’t exhibit widespread inflammatory signaling throughout their circulatory system, perhaps preventing severe COVID.

The research team, led by Stanford Medicine immunologist Bali Pulendran, took blood samples from 81 infants (54 of whom became infected with the virus between one month and three years of age) and dozens of adults. The researchers also took weekly nasal swabs from kids and adults with and without COVID. They then analyzed proteins and gene activity in these samples to track participants’ innate and adaptive immune responses to the virus. “This sort of longitudinal mapping of the immune response of infants, to any virus, had not been done before,” Pulendran says.

The team found stark differences between children and adults in both adaptive and innate immune responses. Infected infants’ noses were flooded with inflammatory signaling molecules and cells. But unlike in the adults, there were no signs of inflammation in their blood.

[…]

Even without a widespread innate response, young children had surprisingly long-lasting levels of SARS-specific antibodies in their blood, Pulendran says. Future research revealing how these innate and adaptive responses are linked could eventually help improve nasally delivered vaccines for children and, potentially, adults.

A crucial question remains: What makes SARS-CoV-2 different from other respiratory viruses, such as influenza and respiratory syncytial virus, which are more deadly for infants?

[…]

Source: Here’s Why Infants Are Strangely Resistant to COVID | Scientific American

Thousands Of Networked Microphones Are Tracking Drones In Ukraine

Posted on by

Ukraine is using a network made up of thousands of acoustic sensors across the country to help detect and track incoming Russian kamikaze drones, alert traditional air defenses in advance, and also dispatch ad hoc drone hunting teams to shoot them down. This is according to the U.S. Air Force’s top officer in Europe who also said the U.S. military is now looking to test this capability to see if it might help meet its own demands for additional ways to persistently monitor for, and engag,e drone threats.

[…]

“Think if you have a series of sensors, think of your cell phone, okay, with power to it, so it doesn’t die, right? And then you put a microphone to kind of make the acoustics louder of one-way UAVs that are going overhead,” Hecker explained. “And you have … 6,000 of these things all over the country. They’ve been successful in being able to pick up the one-way UAVs like Shahed 136s and those kinds of things.”

[…]

Kamikaze drones like the Shahed-136 may have relatively small engines, but they still produce a significant and often terrifying amount of noise

[…]

How the acoustic sensor information is disseminated is unclear, but this could very well involve leveraging an existing ad hoc drone spotting network that Ukraine has had in place for some time now that allows volunteers to post alerts via the Telegram online messaging service.

[…]

many modern aerial threats, including small, low-flying drones and cruise missiles, and stealthy crewed and uncrewed aircraft and missiles, present significant challenges to even current generation radars. Gen. Hecker first mentioned the U.S. military’s interest in Ukraine’s acoustic sensor network at the roundtable today while talking about challenges NATO is facing in maintaining a persistent ISR picture when it comes to things like kamikaze drones and cruise missiles.

[…]

Source: Thousands Of Networked Microphones Are Tracking Drones In Ukraine

Canada Moves to Ban the Flipper Zero Over Car Hacking Fears – instead of requiring good security on Cars

Posted on by

On Thursday, following a summit that focused on “the growing challenge of auto theft in Canada,” the country’s Minister of Innovation, Science and Industry posted a statement on X, saying “Criminals have been using sophisticated tools to steal cars…Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.”

In a press release issued on Thursday, the Canadian government confirmed that it will be pursuing “all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero.”

The Flipper, which is technically a penetration testing device, has been controversial due to its ability to hack droves of smart products. Alex Kulagin, the COO of Flipper Devices, said in a statement shared with Gizmodo that the device couldn’t be used to “hijack any car” and that certain circumstances would have to be met for it to happen:

“Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes. Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing. Flipper Zero is intended for security testing and development and we have taken necessary precautions to ensure the device can’t be used for nefarious purposes”

[…]

Even if the Flipper isn’t considered a culprit in Canada’s car theft woes, it should be pointed out that hacking modern cars is notoriously easy. Major car manufacturers’ cybersecurity is terrible, and it seems difficult to imagine that banning the Flipper will make any serious dent in their security problems.

[…]

“Dude that’s not the solution. The car company needs to address the security of their products. Sincerely, Cyber security experts everywhere,” one X user, whose bio mentions infosec, posted.

“You can use screwdrivers to steal cars too,” another user posted, sarcastically.

“If you knew anything about technology you would know the flipper and others are just simple ARM processors with basic sensors attached,” said another user. “Nothing ground breaking this will not stop a thing but makes it look like your doing something. The trick of politicians everywhere and it is why people are fed up of you as everything else just crumbles.”

Source: Canada Moves to Ban the Flipper Zero Over Car Hacking Fears

1/2 of all French citizens data stolen in healthcare billing breach

Posted on by

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.

Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.

[…]

Viamedis was reportedly compromised through a phishing attack that targeted healthcare professionals, and used credentials stolen from such professionals to gain access to its systems. Almerys didn’t disclose how its compromise occurred, but it’s possible the ingress was similar in nature – it admitted the attacker gained access through a portal used by healthcare providers.

[…]

Source: 33m French citizens data stolen in healthcare billing breach

Android users in Singapore to be blocked from installing apps from 3rd parties

Posted on by

SINGAPORE – Android users here will be blocked from installing apps from unverified sources, a process called sideloading, as part of a new trial by Google to crack down on malware scams.

The security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages, which scammers have been known to abuse to intercept one-time passwords.

Singapore is the first country to begin the gradual roll-out of the security feature over the next few weeks, done in collaboration with the Cyber Security Agency of Singapore, according to a statement on Feb 7 by Google, which develops the Android software.

The update will progressively arrive on all Android users’ devices and will be enabled by default through Google Play Protect, said Google’s director of android security strategy Eugene Liderman, in reply to questions by The Straits Times.

Users who are blocked from downloading a suspicious app will be notified with an explanation.

Users cannot deactivate the pilot feature without disabling all of Google Play Protect, said Mr Liderman, adding that deactivation of the program, which scans Android devices for harmful behaviour like suspicious apps, is not recommended for user safety.

[…]

The update, which will be automatically activated, will roll out to all Android devices with Google Play services – a security program built into Android devices that scans for potentially harmful apps – here, starting with a small number of users to assess the effectiveness of the tool, he said.

Sideloaded apps can come in the form of apps used by overseas businesses that do not use the Google ecosystem, to device customisation tools and free versions of paid apps.

[…]

The feature marks Google’s most heavy-handed feature to stamp out malicious sideloaded apps.

[…]

Samsung, which runs on Android, also launched Auto Blocker for Samsung Galaxy device users who are using the One UI 6 software in November. The tool, which has to be activated in the settings menu, bars sideloaded apps from unverified sources.

Source: Android users in S’pore to be blocked from installing unverified apps as part of anti-scam trial | The Straits Times

So basically they are citing user safetly to limit what you do on your phone and enforce their marketplace monopoly. Something both Apple and Google have been slammed with explicitly in the EU and US as part of antitrust lawsuits – which they have lost.

Of course, Google Play Protect is itself spyware – everything it scans (which is your whole phone) is sent to Google without an opt out. So you can decide to stop this insanity by disabling the Google Spyware.