The Internet Corporation for Assigned Names and Numbers (ICANN), one of the core entities for Internet governance and operations, announced that it had been compromied in late November via a "Spear-Phishing" attack.
They state that the compromised credentials were used to access more sensitive systems. Specifically, they mention:
The attacker obtained administrative access to all files in the CZDS [Centralized Zone Data System]. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
They also identified unauthorized access to (ostensibly innocuous parts of) the ICANN GAC [Governmental Advisory Committee] Wiki as well as user-level accounts on the ICANN Blog and the ICANN WHOIS information portal.
While they're not terribly specific about how the attack happened aside from mentioning that the "email credentials of several ICANN staff members" were compromised, it doesn't take much imagination to figure out where it probably went from there. The impact seems rather minimal, but given the level of control that ICANN has over DNS, it does make one wonder how close we came to a major incident.
Peter Baker reports at the NYT that in a deal negotiated during 18 months of secret talks hosted largely by Canada and encouraged by Pope Francis, the United States will restore full diplomatic relations with Cuba and open an embassy in Havana for the first time in more than a half-century. In addition, the United States will ease restrictions on remittances, travel and banking relations, and Cuba will release 53 Cuban prisoners identified as political prisoners by the United States government.
Although the decades-old American embargo on Cuba will remain in place for now, the administration signaled that it would welcome a move by Congress to ease or lift it should lawmakers choose to. “We cannot keep doing the same thing and expect a different result. It does not serve America’s interests, or the Cuban people, to try to push Cuba toward collapse.
We know from hard-learned experience that it is better to encourage and support reform than to impose policies that will render a country a failed state,” said the White House in a written statement. "The United States is taking historic steps to chart a new course in our relations with Cuba and to further engage and empower the Cuban people."
Tim Cushing lists this under the self-inflicted-reputation-wounds-are-surprisingly-pricey dept.
Geek gadget also-ran KlearGear gained internet infamy thanks to the following paragraph tucked away on its "Terms of Sale and Use" page:
In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.
Tacked onto this absurd redefining of "fair and honest feedback" was a $3,500 fee. This was [leveled] at a couple who complained about the non-delivery of products it had paid for. This went to court, and the couple was awarded over $300,000 in a default [judgment] when KlearGear no-showed.
For the most part, this would seem to be a cautionary tale--something other companies would take into consideration when crafting their own terms of service. But some companies are still apparently willing to dance with the Devil Streisand by including onerous fees tied to the phrase "fair and honest feedback." Not only will the enforcement of this clause likely result in large amounts of public shaming, but in some states, this may actually be illegal.
In the interest of discouraging future KlearGears from dragging their customers' credit ratings through the mud in response to bad reviews, we present a list of companies that still maintain similar clauses on their websites, along with dollar amounts demanded if this clause is violated.
The MIT Technology Review has an article up on Swedish journalists and researchers who expose internet trolls.
Back at the Troll Hunter office, a whiteboard organized Aschberg’s agenda. Dossiers on other trolls were tacked up in two rows: a pair of teens who anonymously slander their high school classmates on Instagram, a politician who runs a racist website, a male law student who stole the identity of a young woman to entice another man into an online relationship. In a sign of the issue’s resonance in Sweden, a pithy neologism has been coined to encompass all these forms of online nastiness: näthat (“Net hate”). Troll Hunter, which has become a minor hit for its brash tackling of näthat, is currently filming its second season.
This article covers the television show Trolljägarna (Troll Hunter), and the activities of a group of volunteer researchers called Researchgruppen (Research Group) in tracking and exposing internet trolls and touches on the privacy issues and potential backlash from other groups of this kind of work.
National Geographic reports:
When Herbert G. Claudius's family would ask him if he'd ever sunk an enemy submarine during his decades in the U.S. Navy, Claudius would say that he thought he did once. He'd seen oil and debris after a fierce battle he'd led against a German U-boat in the Gulf of Mexico in 1942.
The Navy didn't agree, and since a passenger ship, the Robert E Lee, had been sunk by the submarine (U-166) just 25 miles (40 kilometers) from the U.S. mainland, they removed Claudius from command and sent him back to anti-sub-warfare school.
The sub, and the Lee remained lost until found by sonar in 2001 by oil exploration crews. They were located at 5000 feet down, about 10 times the sub's crush depth.
This past summer, the wrecks were finally visited by researchers using a deep sea Remotely Operated Vehicle. The discovery was briefly covered by CNN. The ROV's cameras clearly showed depth charge damage on the forward hull. (See pictures on NatGeo link and video at CNN link).
Finally on Tuesday, Claudius was posthumously vindicated at the Pentagon, as the U.S. Secretary of the Navy announced that his ship had indeed fired the depth charges that sank German U-boat U-166. He was awarded a Legion of Merit with a Combat "V", which recognizes heroism in battle.
The rover drilled into a piece of Martian rock called Cumberland and found some ancient water hidden within it. Researchers were then able to test a key ratio in the water with Curiosity's onboard instruments to gather more data about when Mars started to lose its water, NASA officials said. In the same sample, Curiosity also detected the first organic molecules it has found. Mission scientists announced the discovery in a news conference (Dec. 15) at the American Geophysical Union's convention in San Francisco, where they also unveiled Curiosity's first detection of methane on Mars.
In the latest episode of the Sony hack, Hollywood Reporter says that Carmike Cinemas, which operates 278 theaters and 2,917 screens in 41 states, will not show the Sony comedy "The Interview" following threats of violence from hackers. Sony Pictures told exhibitors who had booked The Interview that it planned to move forward with the movie's release, but that they were free to decide not to show the film, and that the studio would support them in whatever decision they made.
Citing 9/11, the hackers issued a warning and said, "We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to." The situation is also raising concerns among studios that the threat of violence could keep some movie-goers away from the multiplex over the lucrative holiday movie-going period. "This is bad for everyone. This will stop people from going to theaters, and that affects all of us," says one source at a rival studio. "If somebody called a bomb threat for a concert, and it was credible, you'd have to cancel or postpone the concert."
PubPeer "filed a motion to quash a subpoena filed on behalf of a cancer researcher who claims that PubPeer comments noting potential image irregularities in his publications cost him a lucrative new job."
The researcher claims that the anonymous "suggestions of misconduct caused the University of Mississippi to rescind its offer of a tenured faculty position that he had accepted" in a suit "against multiple “John Does” for defamation and interference with a business relationship"
PubPeer is confident in their position and explain, "the First Amendment is on our side. It protects the right to anonymous speech. The right isn’t absolute, but it protects those who choose to remain anonymous when engaging in lawful speech".
The linked article, posted just over a week ago, has a nice walk through of how the Poweliks malware makes itself hard to detect and remove on Windows along with details of how you can actually get rid of it.
The key point is using the old hack of non-ASCII character in the keys.
It also comes with a link to download the tools used in the Article.
NASA's Voyager 1 spacecraft — the only object made by humans to reach interstellar space — might still be caught what scientists have described as a cosmic "tsunami wave," a shock wave that first hit the probe in February, according to new research. You can hear the eerie interstellar vibrations in a video, courtesy of NASA.
"Most people would have thought the interstellar medium would have been smooth and quiet," study researcher Don Gurnett, professor of physics at the University of Iowa, and the principal investigator of Voyager 1's plasma wave instrument, said in a statement from NASA. "But these shock waves seem to be more common than we thought."
El Reg reports
Apple has prevailed in an almost decade-long antitrust legal battle over the way its iPod gadgets handled music not obtained through iTunes.
A federal jury in Oakland, California, took just four hours to clear the iThings maker of wrongdoing--and tossed out calls for a $351[M] compensation package for eight million owners of late-2000s iPods. That figure could have been tripled if the iPhone giant had lost its fight.
Apple was accused in a class-action lawsuit of designing its software to remove music and other files from iPods that weren't purchased or ripped via iTunes--but the eight-person jury decided that mechanism was a legit feature.
[...]It was argued that Apple had deliberately set up iTunes to report iPods as damaged if they stored music that, essentially, wasn't sanctioned by Apple: if alien files were found by the software, users were told to restore their devices to factory settings, effectively wiping songs not purchased from or ripped from CD by iTunes.
Apple countered that it was only preventing iPods from being hacked or damaged by third-party data. The company said the protections were implemented to prevent people from listening to pirated music--a claim the jury upheld.
As promised in London's ODF Plugfest early this year, Google announced today that it’s now officially supporting ODF files in Google Drive allowing users to import all three major ODF file formats. That includes .odt files for documents, .ods for spreadsheets, and .odp for presentations, the file types used by applications like Open Office and others supporting the open platform.
Google, like Microsoft, has not made it easy to use ODF as part of a workflow, with change tracking information, annotations, and other metadata left off the import and export process. For both companies, ODF has been seen as a migration format rather than as a working format, however Google faces significant pressure securing government business in many countries around the world, and especially the U.K. now that ODF is a requirement in so many procurement policies.
Official interest in ODF around the world is growing, and since Google wants to sell Drive and Chromebooks into government-controlled markets, ODF is becoming a gating factor.
In a Dec. 15 presentation at the 2014 International Electron Devices Meeting in San Francisco, Silicon Valley start-up Crossbar said that it has solved a major hurdle towards commercialization of its 3D/vertical resistive random-access memory (RRAM) product.
While 1TnR enables a single transistor to drive over 2,000 memory cells with very low power, it also experiences leakage of a sneak path current that interferes with the performance and reliability of a typical RRAM array. Crossbar's device solves that leakage problem by utilizing a super linear threshold layer. In that layer, a volatile conduction path is formed at the threshold voltage. This device is the industry's first selector capable of suppressing the leakage current at very small dimensions, and it has been successfully demonstrated in a four-megabit test memory chip.
Crossbar has previously made a number of bold claims about their potential NAND flash replacement: that it can fit 1 terabyte in an area the size of a postage stamp, while allowing 20x faster writes than NAND using 5% as much energy. Crossbar also claims 100,000 write cycles compared to NAND's 3,000-10,000. NAND endurance scaling issues have led Samsung, Hynix, SanDisk and Micron to pursue vertical-NAND in order to boost capacity and prolong endurance. Samsung has already commercialized V-NAND with the 850 EVO and 850 Pro SSD lines. Crossbar expects to produce RRAM for wearable devices starting in 2016, with RRAM-based SSDs appearing 18 months later.
In a related development also presented at IEDM, engineers at Stanford University have built a "four-layer prototype high-rise chip" using carbon nanotube transistors (CNTs) and RRAM. The researchers developed a new technique that transfers CNTs from a quartz growth medium to a silicon wafer using an adhesive metal film, "achieving some of the highest density, highest performance CNTs ever made." They fabricated RRAM layers directly atop each CNT logic layer while drilling thousands of interconnections between the layers.
The European Space Agency ESA reports:
[On December 16th,] ESA’s Venus Express has ended its eight-year mission after far exceeding its planned life. The spacecraft exhausted its propellant during a series of thruster burns to raise its orbit following the low-altitude aerobraking earlier this year.
The amount of data collected will occupy scientists for at least another eight years:
Studies of the planet’s ‘super-rotating’ atmosphere – it whips around the planet in only four Earth-days, much faster than the 243 days the planet takes to complete one rotation about its axis – also turned up some intriguing surprises. When studying the winds, by tracking clouds in images, average wind speeds were found to have increased from roughly 300 km/h to 400 km/h over a period of six Earth years.
At the same time, a separate study found that the rotation of the planet had slowed by 6.5 minutes since NASA’s Magellan measured it before completing its five-year mission at Venus 20 years ago. However, it remains unknown if there is a direct relationship between the increasing wind speeds and the slowing rotation.
Other data strongly hints to current volcanic activity, whose existence is still disputed today.
After several release candidates, the MIT licenced game engine Godot has reached Version 1.0. This version is the first stable release of the 2D and 3D game making tool that supports Windows, Mac, and Linux and that can export projects to a lot of different platforms (iOS, Android, Windows Phone, Chrome native client, html5...). A more comprehensive list of features can be found here.
The github wiki provides a handful of neat tutorials if you want to get started using the engine. As an extra incentive, a Winter Holiday Godot Game Jam is live if you want to share your creations.
Some additional coverage can be found on Blender Nation.