Less than 1% of used clothing gets recycled into new garments, overwhelming countries like Ghana with discards. From a report: It’s a disaster decades in the making, as clothing has become cheaper, plentiful and ever more disposable. Each year the fashion industry produces more than 100 billion apparel items, roughly 14 for every person on Earth and more than double the amount in 2000. Every day, tens of millions of garments are tossed out to make way for new, many into so-called recycling bins. Few are aware that old clothes are rarely recycled into new ones because the technology and infrastructure don’t exist to do that at scale.
Instead, discarded garments enter a global secondhand supply chain that works to prolong their life, if only a little, by repurposing them as cleaning rags, stuffing for mattresses or insulation. But the rise of fast fashion — and shoppers’ preference for quantity over quality — has led to a glut of low-value clothing that threatens to tank the economics of that trade and inordinately burdens developing countries. Meanwhile, the myth of circularity spreads, shielding companies and consumers from the inconvenient reality that the only way out of the global textile waste crisis is to buy less, buy better and wear longer. In other words, to end fast fashion.
[…] Globally, less than 1% of used clothing is actually remade into new garments, according to the Ellen MacArthur Foundation, a UK nonprofit. (In contrast, 9% of plastic and about half of paper gets recycled.) The retailers have vowed that what they collect will never go to landfill or waste. But the reality is far messier. Garments dropped at in-store take-back programs enter the multibillion-dollar global secondhand supply chain, joining a torrent of discards from charity bins, thrift stores and online resale platforms like ThredUp and Sellpy. The complex task of sorting through that waste stream falls to a largely invisible global industry of brokers and processors. Their business depends on exporting much of the clothing to developing countries for rewear. It’s the most profitable option and, in theory, the most environmentally responsible, because reusing items consumes less resources than recycling them.
[…]An important clinical trial is now underway in the UK. The study is the first to transfuse red blood cells grown in the lab from donated stem cells into humans. Should this research pay off, these blood cells would be incredibly valuable for people with rare blood types, though they wouldn’t replace the need for traditional blood donation.
The RESTORE trial, as it’s known, is being conducted by scientists from the UK’s National Health Services and various universities. At least 10 healthy volunteers are expected to be enrolled in the study. All of them will receive two mini-transfusions, spaced four months apart and in random order, of the lab-grown blood cells and standard cells, both of which are derived from the same donor. As of early Monday, two participants have already gotten the lab-grown blood cells and so far appear to have experienced no side-effects.
The first-of-its-kind experiment is a Phase I trial, meaning that it’s primarily designed to test the safety of a novel or experimental treatment. But the lab-grown cells are theoretically fresher than the mix of newer and older blood cells taken from a typical blood donation (on average, red blood cells live for about 120 days). So the researchers are hoping that the lab-grown cells survive longer than the standard cells in their recipients.
“If our trial, the first such in the world, is successful, it will mean that patients who currently require regular long-term blood transfusions will need fewer transfusions in [the] future, helping transform their care,” said chief researcher Cedric Ghevaert, a hematologist and a professor in transfusion medicine at the University of Cambridge, in a statement released by the NHS.
[…]
Should this project turn out to be a success, lab grown blood cells still won’t replace the donated supply anytime soon. The team’s process is much less efficient than what the human body can do. Currently, for instance, they need about 24 liters of their nutrient solution to filter out one to two tablespoons of red blood cells. Meanwhile, about 45% of our blood is composed of red blood cells.
Even if mass-produced lab-grown blood cells are a far off possibility, they may still be able to help many people in the near future. This technology could one day provide a more reliable and longer-lasting supply of blood cells to people who have a rare mix of blood types or who have developed conditions that make it difficult to receive standard transfusions, such as sickle cell disease.
A new experiment has shown that zapping clouds with electrical charge can alter droplet sizes in fog or, potentially, help a constipated cloud to rain.
Last year Giles Harrison, from the University of Reading, and colleagues from the University of Bath, spent many early mornings chasing fogs in the Somerset Levels, flying uncrewed aircraft into the gloop and releasing charge. Their findings, published in Geophysical Research Letters, showed that when either positive or negative charge was emitted, the fog formed more water droplets.
“Electric charge can slow evaporation, or even – and this is always amazing to me – cause drops to explode because the electric force on them exceeds the surface tension holding them together,” said Harrison.
The findings could be put to good use in dry regions of the world, such as the Middle East and north Africa, as a means of encouraging clouds to release their rain. Cloud droplets are larger than fog droplets and so more likely to collide, and Harrison and his colleagues believe that adding electrical charge to a cloud could help droplets to stick together and become more weighty.
China’s government-owned utility State Power Investment Corporation (SPIC) has launched the world’s first commercial offshore floating solar that’s paired with an offshore wind turbine.
SPIC is one of five major electrical utility companies in China, and the world’s largest photovoltaic power generation enterprise. The pilot is located off the coast of Haiyang, a city in Shandong, eastern China.
The project uses Norway-based Ocean Sun‘s patented floating solar power technology.
The two solar floaters (see the photo above) have an installed capacity of 0.5 megawatts peak. They’re connected to a transformer on a SPIC-owned wind turbine and then a subsea cable runs from the wind turbine to the power grid.
If the pilot is successful, the plan is to build a 20 MW floating wind-solar farm in 2023 using Ocean Sun’s technology.
Ocean Sun signed an agreement to license its proprietary floating solar technology for the project in July. This project is fully funded by SPIC, and Ocean Sun’s first “truly offshore installation.”
In July, Børge Bjørneklett, CEO and founder of Ocean Sun, said [translation edited for clarity]:
Shandong Province is projecting 42GW of floating solar installations in the next few years, and Ocean Sun will now be a contender for some of this volume. These waters see challenging annual typhoons, and all involved parties are aware of the risks. Ocean Sun will improve our product with learnings from this exposed site.
A wind-solar hybrid system potentially offers the advantage of improving power output reliability. Solar peaks during the day, and whereas offshore wind turbines typically generate most of their power in the afternoon and evening.
The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
The miscreant then repeatedly tried to log into the contractor’s Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access. However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber’s corporate network, systems, and data.
[…]
Microsoft and Cisco Systems were also victims of MFA fatigue – also known as MFA spamming or MFA bombing – this year, and such attacks are rising rapidly. According to Microsoft, between December 2021 and August, the number of multi-factor MFA attacks spiked. There were 22,859 Azure Active Directory Protection sessions with multiple failed MFA attempts last December. In August, there were 40,942.
[…]
In an MFA fatigue situation, the attacker uses the stolen credentials to try to sign into an protected account over and over, overwhelming the user with push notifications. The user may initially tap on the prompt saying it isn’t them trying to sign in, but eventually they wear down from the spamming and accept it just to stop their phone going off. They may assume it’s a temporary glitch or an automated system causing the surge in requests.
[…]
sometimes the attacker will pose as part of the organization’s IT staff, messaging the employee to accept the access attempt.
[…]
Ensuring authentication apps can’t be fat-fingered and requests wrongly accepted before they can be fully evaluated, for instance, would be handy. Adding intelligent handling of logins, so that there’s a cooling off period after a bout of MFA spam, is, again, useful, too.
And on top of this, some forms of MFA, such as one-time authentication tokens, can be phished along with usernames and passwords to allow a miscreant to login as their victim. Finding and implementing a phish-resistant MFA approach is something worth thinking about.
[…]
Some companies are on the ball. Microsoft, for instance, is making number matching a default feature in its Authenticator app. This requires a user who responds to an MFA push notification using the tool to type in a number that appears on their device’s screen to approve a login. The number will only be sent to users who have been enabled for number matching, according to Microsoft.
They’re also adding other features to Authenticator, including showing users what application they’re signing into and the location of the device, based on its IP address, that is being used for signing in. If the user is in California but the device is in Europe, that should raise a big red flag. That also ought to be automatically caught by authentication systems, too.
[…]
As to limiting the number of unsuccessful MFA authentication requests: Okta limits that number to five; Microsoft and Duo offer organizations the ability to implement it in their settings and adjust the number of failed attempts before the user’s account is automatically locked. With Microsoft Authenticator, enterprises also can set the number of minutes before an account lockout counter is reset.
Back in 2013, Techdirt wrote about “the monster lurking inside free trade agreements”. Formally, the monster is known as Investor-State Dispute Settlement (ISDS), but here on Techdirt we call it “corporate sovereignty“, because that is what it is: a system of secret courts that effectively places companies above a government, by allowing them to sue a nation if the latter takes actions or brings in laws that might adversely affect their profits.
In 2015, we warned that corporate sovereignty would threaten EU plans to protect the environment in the TAFTA/TTIP trade deal between the US and the EU. TAFTA/TTIP never happened, but fossil fuel companies were able to to use other treaties to demand over $18 billion as “compensation” for the potential loss of future profits as the result of increasing government action to tackle climate change.
Chief among those treaties with corporate sovereignty provisions was the Energy Charter Treaty (ECT), which is designed to protect investments in the energy sector. Research by the International Institute for Sustainable Development (IISD) shows that the fossil fuel industry accounts for almost 20% of known ISDS cases, making it the most litigious group. Recently there has been a wave of corporate sovereignty cases brought by fossil fuel companies, with most settled in their favor. The average amount awarded was over $600 million, almost five times the amount given in non-fossil fuel cases.
It has become clear that corporate sovereignty represents a serious threat to countries’ plans to tackle the climate crisis. The obvious solution is simply to withdraw from the ECT, but there’s a problem. Article 47 of the treaty states:
The provisions of this Treaty shall continue to apply to Investments made in the Area of a Contracting Party by Investors of other Contracting Parties or in the Area of other Contracting Parties by Investors of that Contracting Party as of the date when that Contracting Party’s withdrawal from the Treaty takes effect for a period of 20 years from such date.
This “sunset clause” means any of the 53 signatories to the ECT can be sued in the secret ISDS courts for 20 years after withdrawing from the treaty. As a result of this, the EU in particular has been pushing for the ECT to be “modernized”, and recently announced an “agreement in principle” to achieve that. However, it still contains a corporate sovereignty tribunal system:
The modernised ECT will allow the Contracting Parties to exclude new fossil fuel related investments from investment protection and to phase out protection for the already existing investments. This phasing out of protection for fossil fuel investments will take place within a shorter timeframe than in the case of a withdrawal from the ECT, for both existing and new investments: existing fossil fuel investments will be phased out after 10 years under modernised rules (instead of 20 years under current rules) and new investment in fossil fuels will be excluded after 9 months.
Countries that later withdraw from the modernized ECT can be sued for 10 years, rather than the current 20 years. Several EU countries have decided that is not good enough, and have announced their intention to withdraw from the treaty immediately, as Politico reports:
Spain, the Netherlands and Poland have all declared their intention to exit the Energy Charter Treaty (ECT). Italy left in 2015. Germany, France and Belgium are examining their options, officials from those countries said.
France has confirmed that it will be pulling out, as has Belgium. For those countries that leave before the “modernized” ECT comes into force, companies can potentially use the sunset clause to sue them during the full 20 years afterwards. The only solution that addresses the serious threat of corporate sovereignty is to remove the sunset clause completely from the ECT. According to one analysis from the IISD, that’s possible if a group of ECT’s contracting parties agree to the move amongst themselves (“inter se”) as part of a joint withdrawal:
There is a legal basis for a withdrawal from the ECT with an inter se neutralization of the survival clause. In contrast to the continued protection of existing and certain future fossil fuel investments under the EU’s amendment proposal, such a withdrawal would put an immediate end to treaty-based fossil fuel protection and ISDS among all withdrawing states. In the short term, this would significantly reduce ISDS risks, given that 60% of the cases based on the ECT are intra-EU. It would also enable the EU and its member states to comply with the EU’s climate objectives and EU law. If further contracting states were to join, the ISDS risk to strong climate action would be further reduced and could pave the way for a fresh, unencumbered negotiation of a truly modern energy treaty that would support the expedited phase-out from fossil fuels and the transition to renewable energy.
It’s an imperfect solution, but better than the half-hearted “modernized” ECT proposed by the EU. The current mess shows that the issue should have been addressed ten years ago, when the problems of the “lurking monster” of corporate sovereignty first became apparent.
Dr. Bik is a microbiologist who has worked at Stanford University and for the Dutch National Institute for Health who is “blessed” with “what I’m told is a better-than-average ability to spot repeating patterns,” according to their new Op-Ed in the New York Times.
In 2014 they’d spotted the same photo “being used in two different papers to represent results from three entirely different experiments….” Although this was eight years ago, I distinctly recall how angry it made me. This was cheating, pure and simple. By editing an image to produce a desired result, a scientist can manufacture proof for a favored hypothesis, or create a signal out of noise. Scientists must rely on and build on one another’s work. Cheating is a transgression against everything that science should be. If scientific papers contain errors or — much worse — fraudulent data and fabricated imagery, other researchers are likely to waste time and grant money chasing theories based on made-up results…..
But were those duplicated images just an isolated case? With little clue about how big this would get, I began searching for suspicious figures in biomedical journals…. By day I went to my job in a lab at Stanford University, but I was soon spending every evening and most weekends looking for suspicious images. In 2016, I published an analysis of 20,621 peer-reviewed papers, discovering problematic images in no fewer than one in 25. Half of these appeared to have been manipulated deliberately — rotated, flipped, stretched or otherwise photoshopped. With a sense of unease about how much bad science might be in journals, I quit my full-time job in 2019 so that I could devote myself to finding and reporting more cases of scientific fraud.
Using my pattern-matching eyes and lots of caffeine, I have analyzed more than 100,000 papers since 2014 and found apparent image duplication in 4,800 and similar evidence of error, cheating or other ethical problems in an additional 1,700. I’ve reported 2,500 of these to their journals’ editors and — after learning the hard way that journals often do not respond to these cases — posted many of those papers along with 3,500 more to PubPeer, a website where scientific literature is discussed in public….
Unfortunately, many scientific journals and academic institutions are slow to respond to evidence of image manipulation — if they take action at all. So far, my work has resulted in 956 corrections and 923 retractions, but a majority of the papers I have reported to the journals remain unaddressed.
Manipulated images “raise questions about an entire line of research, which means potentially millions of dollars of wasted grant money and years of false hope for patients.” Part of the problem is that despite “peer review” at scientific journals, “peer review is unpaid and undervalued, and the system is based on a trusting, non-adversarial relationship. Peer review is not set up to detect fraud.”
But there’s other problems. Most of my fellow detectives remain anonymous, operating under pseudonyms such as Smut Clyde or Cheshire. Criticizing other scientists’ work is often not well received, and concerns about negative career consequences can prevent scientists from speaking out. Image problems I have reported under my full name have resulted in hateful messages, angry videos on social media sites and two lawsuit threats….
Things could be about to get even worse. Artificial intelligence might help detect duplicated data in research, but it can also be used to generate fake data. It is easy nowadays to produce fabricated photos or videos of events that never happened, and A.I.-generated images might have already started to poison the scientific literature. As A.I. technology develops, it will become significantly harder to distinguish fake from real.
Science needs to get serious about research fraud.
Among their proposed solutions? “Journals should pay the data detectives who find fatal errors or misconduct in published papers, similar to how tech companies pay bounties to computer security experts who find bugs in software.”
Certain star clusters do not seem to be following current understandings of Isaac Newton’s laws of gravity, according to new research published on Wednesday.
The study, published in the Monthly Notices of the Royal Astronomical Society, analyzed open star clusters which are formed when thousands of stars are born in a short time period in a huge gas cloud.
As the stars are born, they blow away the remnants of the gas cloud, causing the cluster to expand and create a loose formation of dozens to thousands of stars held together by weak gravitational forces.
As the clusters dissolve, the stars accumulate on two “tidal tails:” one pulled behind the cluster and the other pushed forward.
“According to Newton’s laws of gravity, it’s a matter of chance in which of the tails a lost star ends up,” explains Dr. Jan Pflamm-Altenburg of the Helmholtz Institute of Radiation and Nuclear Physics at the University of Bonn. “So both tails should contain about the same number of stars. However, in our work we were able to prove for the first time that this is not true: In the clusters we studied, the front tail always contains significantly more stars nearby to the cluster than the rear tail.”
Dr. Tereza Jerabkova, a co-author of the paper, explained that it is very difficult to determine which stars belong to which tail.
“To do this, you have to look at the velocity, direction of motion and age of each of these objects,” said Jerabkova, who managed to develop a method to accurately count the stars for the first time using data from the European Space Agency’s Gaia mission.
The perks of a modified theory
When the researchers looked at the data, they found that it did not fit Newton’s law of gravity and instead fit better with an alternate theory called Modified Newtonian Dynamics (MOND).
“Put simply, according to MOND, stars can leave a cluster through two different doors,” explained Prof. Dr. Pavel Kroupa of the Helmholtz Institute of Radiation and Nuclear Physics. “One leads to the rear tidal tail, the other to the front. However, the first is much narrower than the second – so it’s less likely that a star will leave the cluster through it. Newton’s theory of gravity, on the other hand, predicts that both doors should be the same width.”
The researchers simulated the stellar distribution expected according to the MOND theory and found that it lined up well with what they observed in the data from the Gaia mission.
Dr. Ingo Thies, who played a key role in the simulations, explained that the researchers needed to rely on relatively simple computational methods in the study since currently there are no mathematical tools for more detailed analyses of the MOND theory.
The simulations also coincided with the Gaia data in terms of how long the star clusters typically survive, which is much shorter than would be expected according to Newton’s laws.
“This explains a mystery that has been known for a long time,” said Kroupa. “Namely, star clusters in nearby galaxies seem to be disappearing faster than they should.”
The MOND theory is controversial as modifications to Newton’s laws of gravity would have far-reaching consequences for other areas of physics as well, although they would solve many problems facing cosmology.
Amazon didn’t protect one of its internal servers, allowing anyone to view a database named “Sauron” which was full of Prime Video viewing habits.
As TechCrunch reports(Opens in a new window), the unprotected Elasticsearch database was discovered by security researcher Anurag Sen(Opens in a new window). Contained within the database, which anyone who knew the IP address could access using a web browser, were roughly 215 million records of Prime Video viewing habit information. The data included show/movie name, streaming device used, network quality, subscription details, and Prime customer status.
Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile.
A Whitehall source said all ministers involved in national security would be expected to attend fresh training with the security services this week ‘to ensure everyone is aware how this material should be handled’.
Ministers will be warned they should never use their personal mobile phones to conduct Government business as they are likely to be the target of hostile states such as Russia, China, North Korea and Iran.
Pauline Neville-Jones, former chairman of Britain’s joint intelligence committee, yesterday said she was ‘not at all tolerant of the notion that it’s OK for ministers to use private mobile phones’.
The warnings follow astonishing revelations in yesterday’s Mail on Sunday that Miss Truss’s personal mobile was spied on by hackers thought to be working for Moscow while she was foreign secretary.
Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile
The hack was discovered during the Tory leadership contest in the summer, but a news blackout was ordered by Boris Johnson and Cabinet Secretary Simon Case. Even MPs and officials with top level security clearance were kept in the dark.
Miss Truss is said to have been so worried about the potential damage to her leadership bid that she ‘had trouble sleeping’ until the news was suppressed.
Messages dating back up to a year are thought to have been downloaded, including highly sensitive discussions with fellow foreign ministers about issues such as arms shipments to Ukraine.
Hacked messages are said to have included private criticisms of Mr Johnson by Miss Truss and Kwasi Kwarteng, potentially opening them up to blackmail attempts at a time when they were both senior ministers in his government.
Parliamentary sources yesterday said the shocking incident was now likely to be investigated by the Intelligence and Security Committee, which oversees the work of the security services.
It’s been nearly a decade since the Pebble smartwatch started shipping to backers of its wildly successful initial Kickstarter campaign, but there’s still life in the ol’ dog yet. The wearables are now compatible with Pixel 7 and Pixel 7 Pro, as well as 64-bit-only Android devices that will arrive later.
As noted by Ars Technica, Katharine Berry, who works on Wear OS and is a prominent member of the Rebble group that’s keeping the Pebble ecosystem alive, wrote that the latest Pebble update comes four years after the previous one. The last update allowed for many of the Pebble app’s functions to run on independent servers. Fitbit, which Google has since bought, shut down Pebble’s servers in 2018, two years after buying some of the smartwatch maker’s assets.
Along with Pixel 7 compatibility, the latest update also improves Caller ID reliability on recent versions of Android. While the app isn’t available on the Google Play Store, the APK is signed with official Pebble keys and retains Google Fit integration, Berry noted.
It’s amazing how amazed the writer of this article is that there are still updates for 10 year old hardware. Shouldn’t it be the norm that hardware is supported for as long as it works – and that should be in the 30/40 year range instead of the 2/3 year range?
The study, published today in Science, was led by Finland’s Aalto University and resulted in a powerful, ultra-tiny spectrometer that fits on a microchip and is operated using artificial intelligence.
The research involved a comparatively new class of super-thin materials known as two-dimensional semiconductors, and the upshot is a proof of concept for a spectrometer that could be readily incorporated into a variety of technologies—including quality inspection platforms, security sensors, biomedical analyzers and space telescopes.
[…]
Traditional spectrometers require bulky optical and mechanical components, whereas the new device could fit on the end of a human hair, Minot said. The new research suggests those components can be replaced with novel semiconductor materials and AI, allowing spectrometers to be dramatically scaled down in size from the current smallest ones, which are about the size of a grape.
[…]
The device is 100% electrically controllable regarding the colors of light it absorbs, which gives it massive potential for scalability and widespread usability
[…]
In medicine, for example, spectrometers are already being tested for their ability to identify subtle changes in human tissue such as the difference between tumors and healthy tissue.
For environmental monitoring, Minot added, spectrometers can detect exactly what kind of pollution is in the air, water or ground, and how much of it is there.
[…]
“If you’re into astronomy, you might be interested in measuring the spectrum of light that you collect with your telescope and having that information identify a star or planet,” he said. “If geology is your hobby, you could identify gemstones by measuring the spectrum of light they absorb.”
As furious anti-government protests swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones.
Iran’s tight grip on the country’s connection to the global internet has proven an effective tool for suppressing unrest. The lack of clarity about what technological powers are held by the Iranian government — one of the most opaque and isolated in the world — has engendered its own form of quiet terror for prospective dissidents. Protesters have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown.
While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran’s data clampdown may be explained through the use of a system called “SIAM,” a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.
According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept.
“SIAM can control if, where, when, and how users can communicate,” explained Gary Miller, a mobile security researcher and fellow at the University of Toronto’s Citizen Lab. “In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.”
[…]
Based on the manuals, SIAM offers an effortless way to throttle a phone’s data speeds, one of roughly 40 features included in the program. This ability to downgrade users’ speed and network quality is particularly pernicious because it can not only obstruct one’s ability to use their phone, but also make whatever communication is still possible vulnerable to interception.
Referred to within SIAM as “Force2GNumber,” the command allows a cellular carrier to kick a given phone off substantially faster, more secure 3G and 4G networks and onto an obsolete and extremely vulnerable 2G connection. Such a network downgrade would simultaneously render a modern smartphone largely useless and open its calls and texts to interception
[…]
downgrading users to a 2G connection could also expose perilously sensitive two-factor authentication codes delivered to users through SMS.
[…]
SIAM also provides a range of tools to track the physical locations of cell users, allowing authorities to both follow an individual’s movements and identify everyone present at a given spot. Using the “LocationCustomerList” command allows SIAM operators to see what phone numbers have connected to specified cell towers along with their corresponding IMEI number, a unique string of numbers assigned to every mobile phone in the world. “For example,” Miller said, “if there is a location where a protest is occurring, SIAM can provide all of the phone numbers currently at that location.”
SIAM’s tracking of unique device identifiers means that swapping SIM cards, a common privacy-preserving tactic, may be ineffective in Iran since IMEI numbers persist even with a new SIM
[…]
user data accessible through SIAM includes the customer’s father’s name, birth certificate number, nationality, address, employer, billing information, and location history, including a record of Wi-Fi networks and IP addresses from which the user has connected to the internet.
[…]
SIAM allows its operators to learn a great deal not just about where a customer has been, but also what they’ve been up to, a bounty of personal data that, Miller said, “can enable CRA to create a social network/profile of the user based on his/her communication with other people.”
By entering a particular phone number and the command “GetCDR” into SIAM, a system user can generate a comprehensive Call Detail Record, including the date, time, duration, location, and recipients of a customer’s phone calls during a given time period. A similar rundown can be conducted for internet usage as well using the “GetIPDR” command, which prompts SIAM to list the websites and other IP addresses a customer has connected to, the time and date these connections took place, the customer’s location, and potentially the apps they opened. Such a detailed record of internet usage could also reveal users running virtual private networks, which are used to cover a person’s internet trail by routing their traffic through an encrypted connection to an outside server. VPNs — including some banned by the government — have become tremendously popular in Iran as a means of evading domestic web censorship.
Though significantly less subtle than being forced onto a 2G network, SIAM can also be used to entirely pull the plug on a customer’s device at will. Through the “ApplySuspIp” command, the system can entirely disconnect any mobile phone on the network from the internet for predetermined lengths of time or permanently. Similar commands would let SIAM block a user from placing or receiving calls.
Despite warnings of Chinese and Russian mischief and manipulation ahead of the US midterm elections, it seems American companies and citizens are perfectly capable of denting democracy on their own.
A Washington judge fined Meta $24.6 million this week after ruling that Facebook intentionally broke [PDF] the state’s campaign finance transparency laws 822 times. This fine was the maximum amount, we’re told, and represents the largest-ever penalty of its kind in the US.
To put the fine in perspective: it’s about half a day of Meta’s quarterly profits, which in these uncertain economic times dropped to $4.4 billion for Q3 this year.
In addition to paying the pocket change, Meta was ordered [PDF] by the judge to reimburse the Washington state attorney general’s costs, and noted these fees should be tripled “as punitive damages for Meta’s intentional violations of state law.”
While the exact amount hasn’t been determined, Attorney General Bob Ferguson said that legal bill totals $10.5 million for Facebook’s “arrogance.” Again, pocket change.
“It intentionally disregarded Washington’s election transparency laws. But that wasn’t enough,” Ferguson said. “Facebook argued in court that those laws should be declared unconstitutional. That’s breathtaking.”
The state requires internet outfits like Meta that display political ads on their websites and in their apps to keep records on these campaigns and make these details publicly available. This includes the cost of the advert and who paid for it along with information on which users were targeted and how far the ads reached.
Meta, which at the time was known as Facebook, repeatedly failed to do this, denying netizens details of who was pushing political ads on them. Specifically, the tech giant did not “maintain and make available for public inspection books of account and related materials” regarding the political ads, according to court documents [PDF] filed in 2020.
[…]
So-called “pink-slime newsrooms” — hyper-partisan publications that are dressed up as independent regional media — are spending millions of dollars on Facebook and Instagram ad campaigns in battleground states in the lead-up to America’s November midterm elections, a NewsGuard Misinformation Monitor found. These ads either push netizens to obviously left or right-leaning articles, or are snippets of articles contained within the ad.
Four of these outlets, some backed by Republican and others Democratic donors, have collectively spent $3.94 million on ad campaigns running simultaneously on Meta’s platforms so far in 2022, according to an investigation by the media trust org. The ad content or the articles they link to are at best highly partisan, and at worse play fast and loose with the truth to push a point. The goal, it seems, is to get people fired up enough to vote for one particular side, while appearing to be published by a normal media operation rather than a political campaign.
[…]
Their strategy seems to work, too. One of the publishers, Courier Newsroom, in an August 2022 case study, touted spending $49,000 on Facebook ads targeting 12 Iowa counties ahead of the state’s June 2022 primary election. The political spending resulted in 3,300 more votes, which NewsGuard suggested likely went to Democrats.
last December when the lander detected a massive quake on Mars.
Now, scientists know what caused the red planet to rumble. A meteoroid slammed into Mars 2,174 miles (3,500 kilometers) away from the lander and created a fresh impact crater on the Martian surface.
The ground literally moved beneath InSight on December 24, 2021, when the lander recorded a magnitude 4 marsquake. Before and after photos captured from above by the Mars Reconnaissance Orbiter, which has been circling Mars since 2006, spotted a new crater this past February.
Before and after photos taken by the Mars Reconnaissance Orbiter show where a meteoroid slammed into Mars on December 24, 2021.
NASA/JPL-Caltech/MSSS
When scientists connected the dots from both missions, they realized it was one of the largest meteoroid strikes on Mars since NASA began studying the red planet. Images from the orbiter’s two cameras showed the blast zone of the crater, which allowed scientists to compare it with the epicenter of the quake detected by InSight.
The journal Science published two new studies describing the impact and its effects on Thursday.
The space rock also revealed boulder-size ice chunks when it slammed into Mars. They were found buried closer to the warm Martian equator than any ice that has ever been detected on the planet.
Boulder-size ice chunks can be seen scattered around and outside the new crater’s rim.
NASA/JPL-Caltech/University of Arizona
“The image of the impact was unlike any I had seen before, with the massive crater, the exposed ice, and the dramatic blast zone preserved in the Martian dust,” said Liliya Posiolova, orbital science operations lead for the orbiter at Malin Space Science Systems in San Diego, in a statement.
[…]
When the meteoroid crashed into Mars, it created a crater in the planet’s Amazonis Planitia region spanning 492 feet (150 meters) across and 70 feet (21 meters) deep. Some of the material blasted out of the crater landed as far as 23 miles (37 kilometers) away. Teams at NASA also captured sound from the impact, so you can listen to what it sounds like when a space rock hits Mars.
The images captured by the orbiter, along with seismic data recorded by InSight, make the impact one of the largest craters in our solar system ever observed as it was created. Mars is littered with massive craters, but they’re much older than any mission to explore the red planet.
[…]
Ice beneath the Martian surface could be used for drinking water, rocket propellant and even growing crops and plants by future astronauts. And the fact that the ice was found so near the equator, the warmest region on Mars, might make it an ideal place to land crewed missions to the red planet.
[…]
Sadly, InSight’s mission is running out of time. Increasing amounts of dust have settled on the lander’s solar panels, only exacerbated by a continent-size dust storm detected on Mars in September, and its power levels keep dropping.
The beige clouds are a continent-size dust storm imaged by the Mars Reconnaissance Orbiter on September 29. The locations of the Perseverance, Curiosity and InSight missions are also labeled.
NASA/JPL-Caltech/MSSS
Fortunately, the storm didn’t pass over InSight directly — otherwise, the darkness of the storm would have ended the mission. But the weather event has kicked a lot of dust up into the atmosphere, and it has cut down the amount of sunlight reaching InSight’s solar panels, said Bruce Banerdt, InSight principal investigator at NASA’s Jet Propulsion Laboratory in Pasadena, California.
InSight lander’s final selfie on Mars shows why its mission is ending
The mission scientists estimate InSight will likely shut down in the next six weeks, ending a promising mission to unlock the interior of Mars.
if you’ve been paying attention over the last couple of years, anti-cheat software is quickly becoming the new DRM. Access to root layers of the computer complaints, complaints about performance effects, complaints about how the software tracks customer behavior, and now finally we have the good old “software isn’t letting me play my game” type of complaint. This revolves around Kotaku’s Luke Plunkett, whose writing I’ve always found valuable, attempting to review EA’s latest FIFA game.
I have reviewed FIFA in some capacity on this website for well over a decade, but regular readers who are also football fans may have noticed I haven’t said a word about it this year. That’s because, over a month after the PC version’s release, I am still locked out of it thanks to a broken, over-zealous example of anti-cheat protection.
Publisher EA uses Easy Anti-Cheat, which has given me an error preventing me from even launching the game that every published workaround—from running the program as an administrator to disabling overlays (?) to editing my PC’s bios (??!!)—hasn’t solved. And so for one whole month, a game that I own and have never cheated at in my life, remains unplayable. I’ve never even made it to the main menu.
Well, gosh golly gee, that sure seems like a problem. And Plunkett isn’t your average FIFA customer. He’s a professional in the gaming journalism space and has reviewed a metric ton of games in the past. If he can’t get into the game due to this anti-cheat software, what hope does the average gamer have?
He goes on to note that FIFA isn’t the only game with this problem. EA also published Battlefield 2042, which Plunkett notes at least lets him boot into the game menu and allows him to play the game for a few minutes before it freezes up entirely. The same anti-cheat software appears to be the issue there as well.
Now, console gamers may chalk this all up to the perils of PC gaming. But that is, frankly, bullshit. This isn’t a hardware problem. It’s a publisher and software problem.
[…]
there’s certainly cheating going on in these games, but it seems like the anti-cheat software is the one cheating customers out of the games they bought.
New, highly detailed images of the artificial islands China has built in the South China Sea have emerged. They show the intricacies of the radar installations, airfields, and naval gun emplacements, among buildings and other structures, located there.
Captured by photographer Ezra Acayan flying in an aircraft near the man-made fortresses in the Spratly Islands, the images are some of the most detailed yet available of what China is up to there and they give a totally new perspective compared to the daily satellite images we see of these locations.
Close-ups of one island in Cuarteron Reef show naval gun emplacements on a series of towers of increasing height, backed by a radar gunnery director. Atop the battlement-like setup is a large radome. The radar’s elevated position would give it a better line of sight over the horizon. These types of weapons installation have been something of a staple at these island outposts. In this case, it looks to host Type 730/1130 close-in weapon system (CIWS) and a H/PJ76 76mm multi-purpose deck gun. These would provide highly-localized defense against low-flying air threats, like cruise missiles, aircraft, and drones, as well as protection against vessels near the island.
An artificial island built by China in Cuarteron Reef on October 25, 2022, in the Spratly Islands, South China Sea. Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A similar setup is seen on another structure that does not feature the large dome on the other end of the small island.
Photo by Ezra Acayan/Getty Images
What could be a truck-mounted phased array radar is also visible, as are various objects covered with camouflage tarps. The main building is festooned with domes and antennae and also features deck-like extensions with some sort of systems mounted that are also covered. Tall antennas and lines connecting them dot the forested area.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A wider view shows all these features and a large helipad.
Photo by Ezra Acayan/Getty Images
China has been arming its manufactured islands with weapon systems since not long after they took shape. As we pointed out in this previous piece, these close-in defensive weapons are installed on roughly 30-foot-wide platforms set atop clusters of hexagonal concrete towers, in some cases built near, or as part of, a larger radar system. These images are the best look we have gotten of these structures yet.
Several photos show the finished airfield on the island built out of Fiery Cross Reef. As seen in the image below, the runway is flanked by hangars and a large tower topped with a radome. Nearby is a field of what appear to be communications antennas and another assortment of domes. Across a harbor, another series of domed towers and a four-door garage-like structure on a concrete pad are seen. The exact use of these garages is unclear, but, as we have speculated before, they could be used to house, service, and rapidly deploy transporter-erector-launchers (TELs) used to fire surface-to-air, anti-ship, and/or surface-to-surface missiles.
Another angle on the same island gives a closer look and the relative size and arrangement of additional domes. Various trucks and other systems are also seen.
Photo by Ezra Acayan/Getty Images
Two photos show one of the most built-up areas on Fiery Cross Reef. In them, a KJ-500 airborne early warning and control (AEW&C) aircraft is visible on the taxiway. These and other intelligence-gathering and submarine-hunting airframes frequently operate from the airfield there. You can also see examples of the much larger, multi-story hangars on the island. Along with residential and administrative buildings, Fiery Cross Island also includes a sports track and field, among other living quarters, recreational facilities, and administrative buildings. There is also a red-and-white lighthouse.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A closer look at the same facility shows the smaller hangars and what appears to be a medical landing pad, painted with a red cross. The smaller, more fighter-sized hangars can be seen here too, as well as the terminal building.
Photo by Ezra Acayan/Getty Images
Another full-size runway and airfield are seen in great detail in the photo below of the artificial island on Mischief Reef. An aircraft can be seen inside the open hangar at the top of the image, but it is difficult to identify what type it may be. Something like a Y-9 or another four-engine turboprop aircraft is most likely what is in there. As with most of the photographs, there is little sign of activity on the ground at any of the installations. The images also give a good idea of just how large the airfield is. During a contingency operation, it could be loaded up with dozens of combat aircraft, from fighters to bombers.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A wider-angle view of the same island shows a collection of building at the near end and another array of radome-topped towers at the far end. A large low-slung structure that is covered in grass is also seen in the distance. It is not clear what this would be used for, but weapons storage is one possibility. Beyond the towers, four aids to navigation mark the visibly deeper channel between the island and another section of the reef.
Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The harbor and part of the living and admin section of Mischief Reef. Notice it is a bit less congested than some of China’s other man-made island layouts. Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The picture of Mischief Reef above notably shows a pair of Type 022 Houbei class catamaran fast attack missile craft, readily recognizable by their distinct camouflage scheme. The first reports that the People’s Liberation Army Navy had deployed Type 022s to this outpost emerged last year. These boats are relatively small, but can carry up to eight YJ-83 subsonic anti-ship missiles, along with their bow-mounted 30mm H/PJ-13 Gatling-type guns.
A closer look at the two Type 022 Houbei class missile boats seen moored at Mischief Reef. Photo by Ezra Acayan/Getty Images
The image below shows a relatively small artificial island on Hughes Reef, also in the Spratly Islands, with a large tower at one end, a narrow road and what appears to be a helicopter pad in the middle, and a multi-story building at the other end, complete with what looks like a large swimming pool. The main structure is very similar to the one on Cuarteron Reef with similar decks and roof elements. The large square pylons are of interest, although it is not clear what their purpose is or was.
Photo by Ezra Acayan/Getty Images
Another of the smaller man-made islands is on Gaven Reef. It features a very similar central structure, but it also has gun platforms extending from it sporting 76mm deck guns. A harbor area and a handful of large domes are also visible.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Port facilities are visible in the below photo of an artificial island built on Subi Reef. Much undeveloped ground and planted areas are among a large cluster of buildings. The island also features a tall, slender lighthouse at one end, another of the four-door garage-like facilities, and at least one radar dome similar to those seen on other islands.
The artificial island built by China in Subi Reef. Ezra Acayan/Getty Images
Another angle of Subi Reef’s airfield shows the large number of hangars packed into the space, with the same smaller, fighter-sized ones set closer to the runway and the much larger, multi-story hangars set back. Also, note the vehicles seemingly blocking the runway. This could be a normal precaution when planes are nearby, in this case, the camera ship.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Another angle shows the extent of the support buildings and antennas farms.
Photo by Ezra Acayan/Getty Images
A wider angle of the island. Photo by Ezra Acayan/Getty Images
Beijing has aggressively asserted its claim to these and other disputed shoals in the South China Sea. By artificially expanding some existing islands, building new ones, and establishing a permanent military presence, China seeks to solidify these claims, regardless of what the international community or its neighbors think of them.
The reefs are strategically located between countries that contest China’s claim to the region and stake their own assertions on defensive and economic access. Malaysia, the Philippines, and Vietnam all have territorial claims to the areas in which China has built islands and planted its flag.
A map showing Chinese military outposts in the Spratly Islands at the southern end of the South China Sea, including those seen in the pictures in this story, as well as other non-Chinese facilities in the hotly contested region. DOD
China has long sought to create a near-seamless anti-access/area-denial bubble covering almost the entire South China Sea. Building such extensive infrastructure on these manufactured spits of land is a key part of that plan. Aside from short-range weapons like the naval guns visible in these photos, China has deployed longer-range systems to some of these islands. Clearly, their infrastructure was designed to help conceal these mobile systems when not in use or not on high alert and they could pour in additional capabilities with little notice.
As outlined in the newly published National Defense Strategy, the U.S. military considers China the pacing threat as it contemplates potential future conflict. Each U.S. military service is preparing to operate across the vast distances of the Pacific as it challenges Chinese expansionism in the region. The U.S. Navy also takes responsibility for maintaining freedom of navigation through the contested South China Sea, often steaming carrier strike groups and other ships, along with those of allies and partner nations, through the area and within sight of Chinese naval vessels. This has led to some very tense maritime encounters.
With the complex installations seen on its archipelagos of artificial islands, China presents a solid deterrent to challengers of its claims and could rapidly shut down, or at least directly challenge, any movements through the region under threat of activating all its capabilities that can be deployed on and around its island outposts.
“On October 8th, PayPal updated its terms of service agreement to include a clause enabling it to withdraw $2,500 from users’ bank accounts simply for posting anything the company deems as misinformation or offensive,” reports Grit Daily. “Unsurprisingly, the backlash was instant and massive,” causing the company to backtrack on the policy and claim the update was sent out “in error.” Now, after the criticism on social media died down, severalmediaoutlets are reporting that the company quietly reinstated the questionable misinformation fine — even though that itself may be a bit of misinformation. From a report: Apparently, they believed that everyone would just accept their claim and immediately forget about the incident. So the clause that was a mistake and was never intended to be included in PayPal’s terms of service magically ended up back in there once the criticism died back down. That sounds plausible, right? And as for what constitutes a “violation” of the company’s terms of service, the language is so vaguely worded that it could encompass literally anything.
The term “other forms of intolerance” is so broad that it legally gives the company grounds to claim that anyone not fully supporting any particular position is engaging in “intolerance” because the definition of the word is the unwillingness to accept views, beliefs, or behavior that differ from one’s own. So essentially, this clause gives PayPal the perceived right to withdraw $2,500 from users accounts for voicing opinions that PayPal disagrees with. As news of PayPal’s most recent revision spreads, I anticipate that the company’s PR disaster will grow, and with numerous competing payment platforms available today, this could deliver a devastating and well deserved blow to the company. UPDATE: According to The Deep Dive, citing Twitter user Kelley K, PayPal “never removed the $2,500 fine. It’s been there for over a year. All they removed earlier this month was a new section that mentioned misinformation.”
She goes on to highlight the following:
1.) [T]he $2,500 fine has been there since September 2021.
2.) PayPal did remove what was originally item number 5 of the Prohibited Activities annex, the portion that contained the questionable “promoting misinformation” clause that the company claims was an “error.”
3.) [T]he other portion, item 2.f. which includes “other forms of intolerance that is discriminatory,” which some have pointed out may also be dangerous as the language is vague, has always been there since the policy was updated, and not recently added.
NASA’s Lucy spacecraft captured this image (which has been cropped) of the Earth on Oct 15, 2022, as a part of an instrument calibration sequence at a distance of 380,000 miles (620,000 km). The upper left of the image includes a view of Hadar, Ethiopia, home to the 3.2 million-year-old human ancestor fossil for which the spacecraft was named.
Lucy is the first mission to explore the Jupiter Trojan asteroids, an ancient population of asteroid “fossils” that orbit around the Sun at the same distance as Jupiter. To reach these distant asteroids, the Lucy spacecraft’s trajectory includes three Earth gravity assists to boost it on its journey to these enigmatic asteroids.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high-speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
Credits: NASA/Goddard/SwRI
On October 13, 2022, NASA’s Lucy spacecraft captured this image of the Earth and the Moon from a distance of 890,000 miles (1.4 million km). The image was taken as part of an instrument calibration sequence as the spacecraft approached Earth for its first of three Earth gravity assists. These Earth flybys provide Lucy with the speed required to reach the Trojan asteroids — small bodies that orbit the Sun at the same distance as Jupiter. On its 12 year journey, Lucy will fly by a record breaking number of asteroids and survey their diversity, looking for clues to better understand the formation of the solar system.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
A team of researchers from the National University of Singapore (NUS) have made a serendipitous scientific discovery that could potentially revolutionize the way water is broken down to release hydrogen gas—an element crucial to many industrial processes.
The team, led by Associate Professor Xue Jun Min, Dr. Wang Xiaopeng and Dr. Vincent Lee Wee Siang from the Department of Materials Science and Engineering under the NUS College of Design and Engineering (NUS CDE), found that light can trigger a new mechanism in a catalytic material used extensively in water electrolysis, where water is broken down into hydrogen and oxygen. The result is a more energy-efficient method of obtaining hydrogen.
[…]
“We discovered that the redox center for electro-catalytic reaction is switched between metal and oxygen, triggered by light,” said Assoc. Prof. Xue. “This largely improves the water electrolysis efficiency.”
[…]
an accidental power trip of the ceiling lights in his laboratory almost three years ago allowed them to observe something that the global scientific community has not yet managed to do.
Back then, the ceiling lights in Assoc. Prof. Xue’s research lab were usually turned on for 24 hours. One night in 2019, the lights went off due to a power trip. When the researchers returned the next day, they found that the performance of a nickel oxyhydroxide-based material in the water electrolysis experiment, which had continued in the dark, had fallen drastically.
“This drop in performance, nobody has ever noticed it before, because no one has ever done the experiment in the dark,” said Assoc. Prof. Xue. “Also, the literature says that such a material shouldn’t be sensitive to light; light should not have any effect on its properties.”
[…]
With their findings, the team is now working on designing a new way to improve industrial processes to generate hydrogen. Assoc. Prof. Xue is suggesting making the cells containing water to be transparent, so as to introduce light into the water splitting process.
“This should require less energy in the electrolysis process, and it should be much easier using natural light,” said Assoc. Prof. Xue. “More hydrogen can be produced in a shorter amount of time, with less energy consumed.”
[…]
More information: Xiaopeng Wang et al, Pivotal role of reversible NiO6 geometric conversion in oxygen evolution, Nature (2022). DOI: 10.1038/s41586-022-05296-7
The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.
Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.
The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
Media giant with $6.35 billion in revenue left at least three of its databases open
At least 3TB of sensitive data exposed including Thomson Reuters plaintext passwords to third-party servers
The data company collects is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums
The company has immediately fixed the issue, and started notifying their customers
Thomson Reuters downplayed the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers”
The dataset was open for several days – malicious bots are capable of discovering instances within mere hours
Threat actors could use the leak for attacks, from social engineering attacks to ransomware
The naming of ElasticSearch indices inside the Thomson Reuters server suggests that the open instance was used as a logging server to collect vast amounts of data gathered through user-client interaction. In other words, the company collected and exposed thousands of gigabytes of data that Cybernews researchers believe would be worth millions of dollars on underground criminal forums because of the potential access it could give to other systems.
Meanwhile, Thomson Reuters claims that out of three misconfigured servers the team informed the company about, two were designed to be publicly accessible. The third server was a non-production server meant for “application logs from the pre-production/implementation environment.”
[…]
For example, the open dataset held access credentials to third-party servers. The details were held in plaintext format, visible to anyone crawling through the open instance.
[…]
The team also found the open instance to contain login and password reset logs. While these don’t expose either old or new passwords, the logs show the account holder’s email address, and the exact time the password change query was sent can be seen.
Another piece of sensitive information includes SQL (structured query language) logs that show what information Thomson Reuters clients were looking for. The records also include what information the query brought back.
That includes documents with corporate and legal information about specific businesses or individuals. For instance, an employee of a company based in the US was looking for information about an organization in Russia using Thomson Reuters services, only to find out that its board members were under US sanctions over their role in the invasion of Ukraine.
The team has also discovered that the open database included an internal screening of other platforms such as YouTube, Thomson Reuters clients’ access logs, and connection strings to other databases. The exposure of connection strings is particularly dangerous because the company’s internal network elements are exposed, enabling threat actors’ lateral movement and pivoting through Reuter Thomson’s internal systems.
[…]
The team contacted Thomson Reuters upon discovering the leaking database, and the company took down the open instance immediately.
“Upon notification we immediately investigated the findings provided by Cybernews regarding the three potentially misconfigured servers,” a Thomson Reuters representative told Cybernews.
Scientists with the University of Chicago have discovered a way to create a material that can be made like a plastic, but conducts electricity more like a metal.
The research, published Oct. 26 in Nature, shows how to make a kind of material in which the molecular fragments are jumbled and disordered, but can still conduct electricity extremely well.
[…]
fundamentally, both of these organic and traditional metallic conductors share a common characteristic. They are made up of straight, closely packed rows of atoms or molecules. This means that electrons can easily flow through the material, much like cars on a highway. In fact, scientists thought a material had to have these straight, orderly rows in order to conduct electricity efficiently.
Then Xie began experimenting with some materials discovered years ago, but largely ignored. He strung nickel atoms like pearls into a string of of molecular beads made of carbon and sulfur, and began testing.
To the scientists’ astonishment, the material easily and strongly conducted electricity. What’s more, it was very stable. “We heated it, chilled it, exposed it to air and humidity, and even dripped acid and base on it, and nothing happened,” said Xie. That is enormously helpful for a device that has to function in the real world.
But to the scientists, the most striking thing was that the molecular structure of the material was disordered. “From a fundamental picture, that should not be able to be a metal,” said Anderson. “There isn’t a solid theory to explain this.”
Xie, Anderson, and their lab worked with other scientists around the university to try to understand how the material can conduct electricity. After tests, simulations, and theoretical work, they think that the material forms layers, like sheets in a lasagna. Even if the sheets rotate sideways, no longer forming a neat lasagna stack, electrons can still move horizontally or vertically—as long as the pieces touch.
The end result is unprecedented for a conductive material. “It’s almost like conductive Play-Doh—you can smush it into place and it conducts electricity,” Anderson said.
The scientists are excited because the discovery suggests a fundamentally new design principle for electronics technology. Conductors are so important that virtually any new development opens up new lines for technology, they explained.
One of the material’s attractive characteristics is new options for processing. For example, metals usually have to be melted in order to be made into the right shape for a chip or device, which limits what you can make with them, since other components of the device have to be able to withstand the heat needed to process these materials.
The new material has no such restriction because it can be made at room temperatures. It can also be used where the need for a device or pieces of the device to withstand heat, acid or alkalinity, or humidity has previously limited engineers’ options to develop new technology.
Medibank Private Ltd (MPL.AX), Australia’s biggest health insurer, said on Wednesday a cyber hack had compromised data of all of its of its nearly 4 million customers, as it warned of a A$25 million to A$35 million ($16 million to $22.3 million) hit to first-half earnings.
It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow. read more
Shares in the company fell more than 14%, its biggest one-day slide since listing in 2014.
Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses.
“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” chief executive David Koczkar said in a statement. “I apologise unreservedly to our customers. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.”
The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity.
“Everywhere we have identified a breach, it is now closed,” John Goodall, Medibank’s top technology executive, told an analyst call on Wednesday.
The finding, which researchers made by measuring the electrical fields around honeybee (apis mellifera) hives, reveals that bees can produce as much atmospheric electricity as a thunderstorm. This can play an important role in steering dust to shape unpredictable weather patterns; and their impact may even need to be included in future climate models.
Insects’ tiny bodies can pick up positive charge while they forage — either from the friction of air molecules against their rapidly beating wings (honeybees can flap their wings more than 230 times a second) or from landing onto electrically charged surfaces. But the effects of these tiny charges were previously assumed to be on a small scale. Now, a new study, published Oct. 24 in the journal iScience, shows that insects can generate a shocking amount of electricity.
[…]
To test whether honeybees produce sizable changes in the electric field of our atmosphere, the researchers placed an electric field monitor and a camera near the site of several honeybee colonies. In the 3 minutes that the insects flooded into the air, the researchers found that the potential gradient above the hives increased to 100 volts per meter. In other swarming events, the scientists measured the effect as high as 1,000 volts per meter, making the charge density of a large honeybee swarm roughly six times greater than electrified dust storms and eight times greater than a stormcloud.
The scientists also found that denser insect clouds meant bigger electrical fields — an observation that enabled them to model other swarming insects such as locusts and butterflies.
Locusts often swarm to “biblical scales,” the scientists said, creating thick clouds 460 square miles (1,191 square kilometers) in size and packing up to 80 million locusts into less than half a square mile (1.3 square km). The researchers’ model predicted that swarming locusts’ effect on the atmospheric electric field was staggering, generating densities of electric charge similar to those made by thunderstorms.
The researchers say it’s unlikely the insects are producing storms themselves, but even when potential gradients don’t meet the conditions to make lightning, they can still have other effects on the weather. Electric fields in the atmosphere can ionize particles of dust and pollutants, changing their movement in unpredictable ways. As dust can scatter sunlight, knowing how it moves and where it settles is important to understanding a region’s climate.
The San Diego County Water Authority has an unusual plan to use the city’s scenic San Vicente Reservoir to store solar power so it’s available after sunset. The project, and others like it, could help unlock America’s clean energy future.
Perhaps a decade from now, if all goes smoothly, large underground pipes will connect this lake to a new reservoir, a much smaller one, built in a nearby canyon about 1100 feet higher in elevation. When the sun is high in the sky, California’s abundant solar power will pump water into that upper reservoir.
It’s a way to store the electricity. When the sun goes down and solar power disappears, operators would open a valve and the force of 8 million tons of water, falling back downhill through those same pipes, would drive turbines capable of generating 500 megawatts of electricity for up to eight hours. That’s enough to power 130,000 typical homes.
Neena Kuzmich, deputy director of engineering for the San Diego County Water Authority, has been working on plans for pumped energy storage at the San Vicente reservoir.
Dan Charles for NPR
“It’s a water battery!” says Neena Kuzmich, Deputy Director of Engineering for the water authority. She says energy storage facilities like these will be increasingly vital as California starts to rely more on energy from wind and solar, which produce electricity on their own schedules, unbothered by the demands of consumers.
