Join our Folding@Home team:
Main F@H site
Our team page
Support us: Subscribe Here
and buy SoylentNews Swag
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Arthur T Knackerbracket has processed the following story:
Researchers have criticised Microsoft's new Majorana 1 quantum computer, saying it has made claims about the way it works that aren't fully backed up by scientific evidence
Last month Microsoft announced, with fanfare, that it had created a new kind of matter and used it to make a quantum computer architecture that could lead to machines “capable of solving meaningful, industrial-scale problems in years, not decades”.
But since then, the tech giant has increasingly come under fire from researchers who say it has done nothing of the sort. “My impression is that the response of the expert physics community has been overwhelmingly negative. Privately, people are just outraged,” says Sergey Frolov at the University of Pittsburgh, Pennsylvania.
Microsoft’s claim rests on elusive and exotic quasiparticles called Majorana zero modes (MZMs). These can theoretically be used to create a topological qubit, a new type of quantum bit – the building blocks of information processing within a quantum computer. Because of their inherent properties, such qubits could excel at reducing errors, addressing a big shortcoming of all quantum computers in use today.
MZM’s have been theorised to emerge from the collective behaviour of electrons at the edges of thin superconducting wires. Microsoft’s new Majorana 1 chip contains several such wires and, according to the firm, enough MZMs to make eight topological qubits. A Microsoft spokesperson told New Scientist that the chip was “a significant breakthrough for us and the industry”.
Yet researchers say Microsoft hasn’t provided enough evidence to support these claims. Alongside its press announcement, the company published a paper in the journal Nature that it said confirmed its results. “The Nature paper marks peer-reviewed confirmation that Microsoft has not only been able to create Majorana particles, which help protect quantum information from random disturbance, but can also reliably measure that information from them,” said a Microsoft press release.
But editors at Nature made it explicitly clear that this statement is incorrect. A publicly available report on the peer-review process states: “The editorial team wishes to point out that the results in this manuscript do not represent evidence for the presence of Majorana zero modes in the reported devices.”
In other words, Microsoft and Nature are directly contradicting each other. “The press releases have said something totally different [than the Nature paper],” says Henry Legg at the University of St Andrews in the UK.
[...] This isn’t the only unorthodox aspect of Microsoft’s paper. Legg points out that two of the four peer reviewers initially gave rather critical and negative feedback which, in his experience, would typically disqualify a paper from publication in the prestigious journal. The peer-review report shows that by the last round of editing, one reviewer still disagreed with publication of the paper, while the other three signed off on it. A spokesperson for Nature told New Scientist that the ultimate decision to publish came down to the potential they saw for experiments with future MZMs in Microsoft’s device, rather than necessarily what it had achieved so far.
DOGE axes CISA 'red team' staffers amid ongoing federal cuts:
Elon Musk's Department of Government Efficiency (DOGE) has fired more than a hundred employees working for the U.S. government's cybersecurity agency CISA, including "red team" staffers, two people affected by the layoffs told TechCrunch.
The people, who asked not to be named, said affected employees were axed immediately when their network access was revoked with no prior warning.
The layoffs, which happened in late February and early March, are the latest round of staff cuts to hit the federal cybersecurity agency since the start of the Trump administration.
CISA spokesperson Tess Hyre declined to comment on the latest round of job cuts affecting the agency and wouldn't say how many employees had been affected. Hyre told TechCrunch that CISA's red team "remains operational" but said the agency is "reviewing all contracts to ensure that they align with the priorities of the new administration."
One of the people affected told TechCrunch that CISA red team employees, who simulate real-world attacks to identify security weaknesses in networks before attackers do, were affected by the DOGE-enforced cuts.
Another person affected by the layoffs, who asked to remain anonymous due to fear of government retaliation, told TechCrunch that laid-off employees also include staffers who worked for CISA's Cyber Incident Response Team (CIRT), which is responsible for penetration testing and vulnerability management of networks belonging to U.S. federal government departments and agencies.
[...] This is by our count the third known round of job cuts to affect CISA employees since January 20. More than 130 CISA employees were cut by DOGE earlier in February, according to reports, and several CISA employees working on election security were placed on leave in January.
A total lunar eclipse will occur on March 13-14, 2025 — the first on Earth since 2022 — but only the night side of the planet will get to see it. During this global event, which will occur at the same time across the world, the lunar surface will turn reddish for 65 minutes — a phenomenon often dubbed a "blood moon."
Although the point of greatest eclipse will be in the Pacific Ocean, North America and South America will get the best views. Some areas of Europe will get a slight view of the moonset, and East Asia will glimpse the spectacle at moonrise.
[...] The total lunar eclipse on March 13-14, 2025, will last just over six hours, beginning with a penumbral eclipse — when the moon enters Earth's fuzzy outer shadow and loses brightness — from 11:57 p.m. to 1:09 a.m. EDT (03:57 to 05:09 UTC). There will then be a partial phase — when the moon begins to enter Earth's darker umbral shadow and starts to turn red — from 1:09 a.m. to 2:26 a.m. (05:09 to 06:26 UTC). Totality — when the whole moon is within Earth's umbra — will last 65 minutes, from 2:26 a.m. to 3:31 a.m. EDT (06:26 to 07:31 UTC). The spectacle then reverses, with totality followed by a partial phase from 3:31 to 4:47 a.m. (07:31 to 08:47 UTC) and a penumbral phase from 4:47 to 6 a.m. EDT (08:47 to 10:00 UTC).
The entire eclipse will be visible — and at its best — across most of the Americas, with glimpses for Europe, Africa and East Asia. Here's a breakdown of the eclipse's visibility by region:
- North America: All phases of the eclipse will be visible across all 50 U.S. states (including Alaska and Hawaii), Canada and Mexico.
- South America: Most of the continent will witness the entire event, with totality visible from Brazil, Argentina and Chile starting after midnight on March 14.
- Europe: Western Europe — including Spain, France and the U.K. — will see totality as the moon sets early on the morning of March 14.
- Africa: Extreme Western Africa — including Cape Verde, Morocco and Senegal — will see totality as the moon sets early on the morning of March 14.
- Oceania: New Zealanders will see the eclipse in its later stages, with the moon already in partial shadow as it rises on March 14.
[...] Europe gets a poor view of this total lunar eclipse. In London, the penumbral phase will be viewable from 3:47 a.m. GMT on March 14 and the partial phase from 5:09 a.m. GMT. However, the full moon will set at 6:22 a.m. GMT, just before totality begins, so the only spectacle will be a barely distinguishable line of Earth's shadow across the moon as it sinks into the western horizon. Locations farther west get a slightly better view. From Cardiff, Wales, totality will begin at 6:26 a.m. GMT, 10 minutes before the local moonset, while in Dublin, the local moonset isn't until 6:48 a.m. GMT.
Arguably, the only locations in Europe to see this eclipse in an impressive way are Iceland and Greenland. From Reykjavik, Iceland, totality occurs between 06:26 and 7:31 a.m. GMT, and the local moonset isn't until 7:58 a.m.
The Hacker News has an interesting article on a PHP-CGI RCE flaw that is being exploited in the wild.
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical report published Thursday.
"The attacker utilizes plugins of the publicly available Cobalt Strike kit 'TaoWu' for-post exploitation activities."
Targets of the malicious activity encompass companies across technology, telecommunications, entertainment, education, and e-commerce sectors in Japan.
[...] "We assess with moderate confidence that the attacker's motive extends beyond just credential harvesting, based on our observation of other post-exploitation activities, such as establishing persistence, elevating to SYSTEM level privilege, and potential access to adversarial frameworks, indicating the likelihood of future attacks," Raghuprasad said.
The popular political poll news and analysis website, 538, is being shut down as part of a broader shuttering effort across ABC News and Disney Entertainment, the Wall Street Journal reported on Tuesday night.
Disney is reportedly cutting 200 positions across ABC News Group and Disney Entertainment Networks, including shutting down the data-driven 538.
[...] FiveThirtyEight, which is named after the number of electors in the US electoral college, has become a popular website for predictions, analysis and watching the polls in the months and days leading up to election night.
But the website's workforce had been slowly dwindling for a couple of years. The 15 employees still with the outlet make up less than half of the team from 2023, when it had about 35 employees.
The decline began when 538's founder, Nate Silver, left the company two years ago when his Disney contract expired.
[...] The broader media landscape has been hit with mass layoffs seemingly nonstop for months. Last month, MSNBC announced a massive shakeup at the network that included letting go of Joy Reid and her production team, as well as no longer using the Spanish-language network Telemundo.
Short-cut method pinpoints a galaxy apparently formed from just hydrogen and helium:
Staring deep into space and far back in time, a team of astronomers may have spotted a galaxy full of stars made from only the primordial gas created in the Big Bang. Such "population III stars" would have formed from hydrogen and helium and nothing else, and researchers have been searching for them for decades, racking up many disputed sightings. If confirmed, the discovery, made with NASA's JWST space observatory, opens a window on the starting point of the chemical enrichment of the universe, in which the heavier elements needed to make planets and life began to be forged in stellar explosions.
"It's very exciting," says astronomer Elka Rusta of the University of Florence. "We hypothesize that [population III stars] exist from theory, but they have never been directly observed."
The nature of population III stars remains uncertain. Most theorists think they were huge, with masses up to 1000 times that of the Sun, 10 times larger than any star around today. That's because a cloud of gas collapsing to form a star needs to cool, which requires ionizing the atoms in the gas when they collide. But tightly bound hydrogen and helium atoms are hard to ionize, unlike the heavier elements found in later generations of stars. So a cloud of primordial gas would just keep growing as it pulled in more gas under its own gravity, reaching an enormous size before finally becoming dense enough to ignite nuclear fusion in its core.
The gigantic stars that resulted would also burn hot and fast, ending in a supernova explosion after just a few million years. That brief first flash of population III stars is hard for astronomers to spot in galaxies that went on to shine steadily for billions of years with smaller, longer lived stars. But the spectrum of the light from the giant stars might give them away. Different elements absorb and emit characteristic wavelengths of light. Population III stars would produce very strong emission lines for hydrogen and helium and would lack completely spectral lines produced by heavier elements.
[...] The team still refers to it as a candidate because without a detailed spectrum it's impossible to rule out other, less exciting possibilities. For example, GLIMPSE-16043 could be a cloud of lingering primordial gas that is being energized by light from a black hole gorging on matter. Or it could simply be a smaller cluster of stars much closer to Earth that is mimicking a population III spectrum. To settle the issue, "ultimately, you will need spectroscopy," Sobral says. Naidu says JWST officials have awarded the project some high-priority observing time in June to get a spectrum.
If population III stars prove to be big and bright, the ultraviolet light they emit could have played a key role in the youthful universe: ionizing the neutral hydrogen gas between galaxies. And small primordial galaxies like GLIMPSE-16043 could be the predecessors of ultrafaint dwarf galaxies close to our own Milky Way that appear to contain very ancient stars only slightly enriched by heavier elements, notes Tim Beers of the University of Notre Dame. Some astrophysicists think those current stars are the children of population III stars, Beers says, and by studying them astrophysicists could learn about their ancient forebears. "I find it exciting that you can draw a straight line from what we see around the Milky Way to this proposed birthplace."
arXiv Reference: https://doi.org/10.48550/arXiv.2501.11678
These days most ISPs allow self-hosting to some extent. Programmer Mira Welner has published a 15-step tutorial to getting a working static web site up and running on a Raspberry Pi:
While tutorials abound in regards to getting a basic webserver set up, there is a difference between a functional server and a good usable website. I've been working on getting my personal site set up over the course of the past five years, spending an hour or so every month working on improving the Pi. I never intended for this personal project to become so lengthy or complex, but eventually I ended up with a fairly robust system for running, maintaining, and editing my website. This tutorial will describe what I've learned throughout the process of creating this site in 15 steps, so that you can use it to create and maintain your own sites.
This tutorial assumes that you already know how to use the command line, and that you have some understanding of HTML and CSS. That is about it.
Any always-on system is going to need to draw as little current as possible, and it is hard to beat a Raspberry Pi Zero 2 W which uses under 150 mA. This tutorial stands out as better than most others because of the small details filled in necessary to go from "Hello, World" page to a working, public web site.
Previously:
(2025) AI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore Robots.Txt
(2025) A Better DIY Seismometer Can Detect Faraway Earthquakes
(2024) How the Raspberry Pi is Transforming Synthesizers
(2023) Free Raspberry Pi 4B in Abandoned Scooters
... and many more.
X outage: Thousands report issues with Elon Musk's platform:
Elon Musk's social media platform X, formerly known as Twitter, experienced massive outages throughout Monday morning that impacted thousands of users in the US and UK.
The outage came as platform monitor Downdetector said it had seen tens of thousands of reports from US users of technical issues affecting the platform.
There were more than 8,000 outage reports from UK users shortly before 14:00 GMT, following a brief but notable surge of reports on Monday morning.
Connection issues lasted for some users into the afternoon.
Many users trying to access the platform and refresh feeds on its app and desktop site during Monday's outages were met with a loading icon.
Musk claims the outages stemmed from a "massive cyber-attack" that originated "in the Ukraine area".
But the technology billionaire, who has been a frequent critic of Ukraine and its President Volodymyr Zelensky, offered no evidence to support the claim and did not say whether or not he thought state actors were involved.
Earlier, he posted on X that "either a large, coordinated group and/or a country is involved".
[...] "We're not sure exactly what happened but there was a massive cyber-attack to try and bring down the X system with [Internet Protocol] addresses originating in the Ukraine area," Musk said in an interview with the Fox Business channel.
Alp Toker, director of Netblocks, which monitors the connectivity of web services, said its own metrics suggested the outages could well be linked to a cyber-attack.
"What we've been seeing is consistent with what we've seen in past denial of service attacks, rather than a configuration or coding error in the platform," he told the BBC.
Elon Musk Claims X Being Targeted in 'Massive Cyberattack' as Service Goes Down
Elon Musk claims X being targeted in 'massive cyberattack' as service goes down:
Elon Musk's X social media platform is experiencing multiple outages. Downdetector.com says more than 28,000 users reported an outage at 11:28 a.m.
The social media platform X (FKA Twitter) went down three separate times with the longest outage lasting several hours starting around 7 a.m. PT/10 a.m. ET.
No official words has come from X save for a single tweet from owner Elon Musk claiming that the outage was due to a 'massive cyberattack.'
More than 40,000 Downdetector reports poured in from users during the second outage — around 35,000 during the third outage — stating that they couldn't even get the X website to load, and it spiked hard again for a third one.
Elon Musk Says DOGE Involvement is Making It Harder to Run His Businesses
Elon Musk says DOGE involvement is making it harder to run his businesses:
In an interview with Fox's Larry Kudlow on Monday, billionaire Elon Musk admitted that his involvement with the Department of Government Efficiency (DOGE), Donald Trump's initiative to reduce federal spending, is making it tougher to run his many businesses: X, Tesla, xAI, SpaceX, The Boring Company, Neuralink, and Starlink.
"How are you running your other businesses?" Kudlow asked at one point. "With great difficulty," Musk replied. "Frankly, I can't believe I'm here doing this."
Musk and DOGE, which has around 100 staffers — a number that Musk expects to climb to 200 — have been criticized for overpromising and underdelivering on spending cuts across U.S government agencies. Government contracting experts say that DOGE's online record of reductions contains inaccurate information and inflates claims of "savings" by including misleading math about contract cancellations.
DOGE has also put the U.S.'s data and computing infrastructure at risk through its work, according to cybersecurity analysts. DOGE staffers, some of whom have little experience working with government systems, have reportedly accessed agency data through insecure means and copied that data onto unprotected servers.
[...] While Musk complains that his work advising DOGE has stretched him thin, the billionaire has been accused of using the initiative to weaken regulations that oversee his business ventures.
When asked by Kudlow if he would extend his involvement in DOGE by "another year," Musk said, "Yeah." "We're just getting things done, as opposed to writing a report," Musk added. "Like, reports don't mean anything. You've got to actually take action."
Original Submission #1 Original Submission #2 Original Submission #3
A Paleoarchaean impact crater in the Pilbara Craton, Western Australia:
The role of meteorite impacts in the origin, modification, and destruction of crust during the first two billion years of Earth history (4.5–2.5 billion years ago; Ga) is disputed. Whereas some argue for a relatively minor contribution overall, others have proposed that individual giant impactors (10–50 km diameter) can initiate subduction zones and deep mantle plumes, arguably triggering a chain of events that formed cratons, the ancient nuclei of the continents. The uncertainty is compounded by the seeming absence of impact structures older than 2.23 Ga, such that the evidence for the terrestrial impact flux in the Hadean and Archaean eons is circumstantial. Here, we report the discovery of shatter cones in a complex, dominantly metasedimentary layer, the Antarctic Creek Member (ACM), in the centre of the East Pilbara Terrane, Western Australia, which provide unequivocal evidence for a hypervelocity meteorite impact. The shocked rocks of the crater floor are overlain by (unshocked) carbonate breccias and pillow lavas, stratigraphically constraining the age of the impact to 3.47 Ga and confirming discovery of the only Archaean crater known thus far.
With more than a million craters exceeding 1 km in diameter, and around forty more than 100 km across1,2, the Moon preserves an exquisite record of the intense bombardment endured by bodies in the inner solar system during the first billion years or so of its history (Fig. 1a)3. On Earth, this early impact record has seemingly been lost, reflecting the destructive efficiency of erosion and subduction in recycling primary (basaltic, oceanic) crust back into the convecting mantle. Nevertheless, the oldest parts of many cratons, the ancient Archaean (4.0–2.5 billion years ago; Ga) nuclei of the continents, formed at or before 3.5 Ga4, and should preserve some evidence for an impact flux that would have exceeded that of a similar area of the Moon of comparable age5,6,7 (Fig. 1a). However, the oldest recognized terrestrial impact structure, at Yarrabubba, Western Australia, is dated at 2.23 Ga8. Where are all the Archaean craters?
Finding direct evidence for Archaean impacts (i.e., craters or impact structures8), and thereby better constraining the Archaean impact flux, is important. Large impactors (here bodies or 10 km in diameter) travelling in excess of 10 km.s–1 deliver enormous quantities of kinetic energy, most of which will decay to heat, warming the crust and upper mantle9, with potential consequences for plausible tectonic modes on the early Earth10,11. Further, numerical models have shown that individual bolide impacts can instigate subduction, mantle upwellings (plumes), and voluminous production of primary (basaltic) crust12,13,14. Moreover, impacts provide a ready mechanism to fracture (brecciate) the crust and, in the presence of a hydrosphere15, drive intense hydrothermal alteration of this regolith, concentrating key mineral deposits16. Notably, impact craters may have provided the physical and chemical environments required for life to emerge on Earth and elsewhere17,18.
The East Pilbara Terrane (EPT), part of the Pilbara Craton of Western Australia, is a near-pristine, approximately 200 km diameter fragment of (mostly) Paleoarchaean (3.53–3.23 Ga) cratonic crust comprising domes of sodic granite (TTG) separated by steeply-inclined greenstone belts dominated by ultrabasic to basic volcanic rocks19 (Fig. 1b). Many interpret the EPT as a long-lived volcanic plateau formed by polyphase plume-driven magmatism, probably involving short-lived episodes of (proto)subduction19,20,21. More recently, it has been argued that the EPT ultimately formed at the site of a large bolide impact22, and that such an origin for the initiation of cratons may be generally applicable22,23.
Here, we report the discovery of an impact crater at the North Pole Dome, near the centre of the EPT (Fig. 1b, c). Exceptionally preserved shatter cones within a dominantly siliciclastic horizon (Fig. 2a, b), the Antarctic Creek Member (ACM), which has previously been shown to contain spherules (quenched and devitrified impact-melt droplets)24,25, provide unequivocal evidence for a hypervelocity meteorite impact 3.47 billion years ago. Both spherules and shatter cones are found within the same siliciclastic unit within the ACM, requiring at least two (one proximal, one distal) Paleoarchaean or earlier impact events7,26.
At the base of the Pilbara Supergroup, the 10–15 km thick Warrawoona Group is dominated by weakly metamorphosed ultramafic to mafic volcanic rocks with subordinate felsic volcanic/volcaniclastic rocks and chert19 (Fig. 1b, c). Pillow lavas near its base are pervasively hydrothermally altered and cut by chert–barite veins and overlain by chemical sediments (mostly chert) containing the oldest known (stromatolite) fossils27. At higher stratigraphic levels, within the core of a structural dome (the North Pole Dome; Fig. 1c), a 2–3 km thick sequence of ultramafic–mafic volcanic rocks (the Mount Ada Basalt) contains a thin (up to 20 m) sedimentary unit, the Antarctic Creek Member, which consists of (silicified and carbonate-altered) felsic to mafic volcaniclastic rocks, chert, argillite, arenite and jaspilite intruded by dolerite19,28.
The ACM preserves evidence for the oldest known meteorite impact in the form of one or more layers containing spherules19,24, interpreted by most as globally-distributed airfall impact ejecta19,24,25,29,30, but whose petrogenesis is debated31,32. It contains detrital zircon grains with 207Pb/206Pb ages of 3470 ± 2 Ma24, providing a maximum depositional age, but has not been dated directly. However, underlying felsic rocks near the base of the Mount Ada Basalt (3469 ± 3 Ma), and at the base of the overlying sequence of felsic volcanic rocks (the Duffer Formation; 3468 ± 2 Ma constrain deposition of the ACM to around 3470 Ma (3469.2 + 1.8/–1.2 Ma; ref. 19).
Fieldwork in 2021 in a small area of the North Pole Dome identified shatter cones throughout most of the thickness of the ACM (Fig. 2a; Supplementary Fig. 1). The shatter cones crop out more-or-less continuously for at least several hundred metres extending broadly northeast from where the ACM crosses the track at 21° 02' 54" S, 119° 23' 35" E (Fig. 1c). At outcrop, the variably curved surfaces of the shatter cones are smooth, with divergent and branching ribs and a mean apical angle of around 90° (Fig. 2a; Supplementary Information Fig. 1a–d; see also a 3D model at: https://sketchfab.com/3d-models/shatter-cone-2-cd89206c6d6b4765be766659a6e377da), similar to the average of literature values33. Although the orientation of individual cone axes varies, almost all are steeply inclined and splay (the ribs diverge) downwards (Fig. 2a; Supplementary Fig. 1a–d)33, consistent with a right-way-up stratigraphy19. On a larger scale, the cones are clearly visible as hut-like structures, some several metres tall, which extend across the hillside (Supplementary Fig. 1e).
Immediately overlying the shocked (shatter cone-bearing) ACM is a 5–10 m thick stratabound sequence of polymictic carbonate breccias (occupying the more strongly eroded gully in Supplementary Information Fig. 1e) containing angular fragments of underlying rocks, conspicuously chert (Supplementary Information Fig. 2). The stratabound layer of carbonate breccias is clearly distinct from the (very recent) calcrete deposits that cover the surface of many exposures, and includes distinctive orange dykes up to a metre thick (Supplementary Fig. 2b) that extend for many tens of metres into the footwall. Directly overlying the carbonate breccias are hydrothermally altered basalts (the upper part of the Mount Ada Basalt), which are pillowed near their base (Supplementary Fig. 1e, f) and contain layers of chert at higher stratigraphic levels. We have found no shatter cones in either the pillow basalts or carbonate breccias/dykes.
Shatter cones are the only unequivocal macroscopic indicator of a hypervelocity bolide impact33,34,35. Those discovered at the North Pole Dome (Fig. 2a, b; Supplementary Fig. 1), a structure interpreted by some as a volcanic edifice27, are exceptionally well preserved, retaining delicate features including striated and 'horse-tailed' conical fractures that rival those at the type locality at Steinheim, Germany36. The shatter cones occur within a lithologically and structurally complex, dominantly (at least locally) siliciclastic unit, the ACM, with very low zircon yield24, which we interpret as (subsequently silicified and lithified) subaqueous regolith formed by disaggregation of the uppermost basaltic crust (locally the lower Mount Ada Basalt) by impacts, of which portions were likely reworked, possibly by later impacts or their consequences (e.g., fall out, debris flows, tsunamis).[...]
This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material.
YouTube summary: Oldest Crater on Earth May Rewrite Textbooks on Plate Tectonics
https://www.theregister.com/2025/03/10/infosec_in_brief/
Infosec in Brief -- Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.
Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms.
"These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub," according to Microsoft's threat research team.
GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths.
Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."
The attackers built four to five redirect layers in the campaign, each of which followed on from the GitHub dropper to install more nastiness that it appears were designed to steal information including stored browser credentials.
Microsoft noted that the malicious repos have since been taken down, and provided plenty of indicators of compromise and other valuable information in its report to aid in hunting down and stopping related campaigns.
US supreme court weakens rules on discharge of raw sewage into water supplies:
The US supreme court has weakened rules on the discharge of raw sewage into water supplies in a 5-4 ruling that undermines the 1972 Clean Water Act.
The CWA is the principal law governing pollution control and water quality of the nation's waterways.
The Republican super majority court ruled on Tuesday that the Environmental Protection Agency (EPA) cannot employ generic, water body-focused pollution discharge limits to Clean Water Act permit holders, and must provide specific limitations to pollution permittees.
The ruling is a win for San Francisco, which challenged nonspecific, or "narrative," wastewater permits that the EPA issues to protect the quality of surface water sources like rivers and streams relied upon for drinking water.
In a 5-4 ruling written by Justice Samuel Alito, the court blocked the EPA from issuing permits that make a permittee responsible for surface water quality, or "end result" permits – a new term coined by the court.
"The agency has adequate tools to obtain needed information from permittees without resorting to end-result requirements," wrote Justice Samuel Alito, who was joined by Chief Justice John Roberts and Justices Clarence Thomas and Brett Kavanaugh, along with Justice Neil Gorsuch, who joined part of the majority opinion.
The EPA issued San Francisco a permit allowing it to discharge pollutants from its combined sewer system into the Pacific Ocean. The permit's conditions include prohibitions on discharges that contribute to a violation of applicable water quality standards. The permit included generic prohibitions on the impacts to water quality, as part of the EPA's efforts to halt San Francisco's releases of raw sewage into the Pacific Ocean during rainstorms.
San Francisco challenged these conditions, arguing that EPA lacks statutory authority to impose them. The US Court of Appeals for the ninth circuit in July 2023 upheld EPA's authority to issue generic limits on discharges under the Clean Water Act. San Francisco took the case to the supreme court.
The case drew the attention of powerful business groups including the National Mining Association and US Chamber of Commerce, which wrote amicus briefs in support of San Francisco's position. It was the first case to grapple with Clean Water Act regulations since the court struck down Chevron deference in Loper Bright Enterprises v Raimondo in June 2024, though it was barely mentioned during oral arguments.
"The city is wrong," according to Justice Amy Coney Barrett, who wrote the dissenting opinion, which was joined by the three Democratic justices, Sotomayor, Kagan and Jackson. "The relevant provision of the Clean Water Act directs EPA to impose any more stringent limitation that is necessary to meet... or required to implement any applicable water quality standard."
[Ed note: Most of the headlines for this story uses the security vendor's description of this is a "backdoor", which is getting called out as deliberate clickbait and hype given the physical access needed to load malicious code --hubie]
Undocumented commands found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.
"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.
"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.
In their RootedCON presentation, the Tarlogic researchers explained that interest in Bluetooth security research has waned but not because the protocol or its implementation has become more secure.
Instead, most attacks presented last year didn't have working tools, didn't work with generic hardware, and used outdated/unmaintained tools largely incompatible with modern systems.
Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.
Armed with this new tool, which enables raw access to Bluetooth traffic, Targolic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.
In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.
Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake.
The risks arising from these commands include malicious implementations on the OEM level and supply chain attacks.
Depending on how Bluetooth stacks handle HCI commands on the device, remote exploitation of the backdoor might be possible via malicious firmware or rogue Bluetooth connections.
This is especially the case if an attacker already has root access, planted malware, or pushed a malicious update on the device that opens up low-level access.
In general, though, physical access to the device's USB or UART interface would be far riskier and a more realistic attack scenario.
"In a context where you can compromise an IOT device with as ESP32 you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices, while controlling the device over Wi-Fi/Bluetooth," explained the researchers to BleepingComputer.
"Our findings would allow to fully take control over the ESP32 chips and to gain persistence in the chip via commands that allow for RAM and Flash modification."
"Also, with persistence in the chip, it may be possible to spread to other devices because the ESP32 allows for the execution of advanced Bluetooth attacks."
BleepingComputer has contacted Espressif for a statement on the researchers' findings, but a comment wasn't immediately available.
= https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/
= https://reg.rootedcon.com/cfp/schedule/talk/5
= https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
Just how tiny can something be made...and still have it work?
https://www.earth.com/news/unexpected-find-inside-the-eye-of-a-tiny-wasp-megaphragma-viggianii/
Megaphragma wasps do more than just outsmart thrips. They also show how far miniaturization can go before basic features stop working.
Most insects rely on their eyes for movement and exploration. Ommatidia form the building blocks of these compound eyes and act like small detectors for incoming light.
In Megaphragma viggianii, researchers have counted a total of 29 ommatidia, which is extremely low compared to the number in the eyes of bigger insects.
Each tiny ommatidium uses a lens that measures around 8 micrometers, but that's still enough to focus light onto specialized structures below.
The rhabdom within each ommatidium (the optical units that make up the insect's compound eye) has stayed thick enough – about 2 micrometers – to catch adequate light and send signals to the brain.
This balance between lens size and rhabdom thickness seems to preserve clear vision during daylight hours.
Packed pigment granules line the sides of each ommatidium. They block stray light that might otherwise blur the wasp's vision.
Maintaining sight at such a small scale may demand a lot of energy. Some data hint at heavy loads of mitochondria in these photoreceptor cells, suggesting that vision comes with a metabolic price.
Roughly a third of the ommatidia cluster near the dorsal region of the eye. These specialized structures appear to detect polarized light, a feature known to help insects orientate under open skies.
In many insects, the dorsal rim area is essential for successful navigation and migration. It provides steady guidance, even when visual landmarks are absent.
In addition, a few unique photoreceptor cells hide behind the first row of ommatidia. They are positioned to receive light indirectly.
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems:
While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it.
The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges.
Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices.
According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.
Originally spotted on Schneier on Security.
A Norwegian robotics firm has unveiled a knitted-nylon-covered humanoid robot designed to complete household chores.
"Neo Gamma," built by robotics company 1X, is a bipedal android equipped to perform everyday tasks such as vacuuming, tidying clothes and making coffee.
In a promotional video released Feb 21. On YouTube, the machine is shown serving tea, fixing a wonky picture frame, carrying laundry, hoovering, wiping windows and collecting groceries, before taking a seat as its human owners eat.
Although the company has said the humanoid robot is not ready to go on sale to the public, they claim the new model has been made available for limited testing in some homes. This will enable engineers to test the robot's navigational, speech and body language artificial intelligence (AI) features. These capabilities are being developed in-house, although ChatGPT developer OpenAI was an early investor.
"There is a not-so-distant future where we all have our own robot helper at home, like Rosey the Robot or Baymax," Bernt Børnich, the CEO of 1X, said in a statement. "But for humanoid robots to truly integrate into everyday life, they must be developed alongside humans, not in isolation."
"The home provides real-world context and the diversity of data needed for humanoids to grow in intelligence and autonomy. It also teaches them the nuances of human life — how to open the door for the elderly, move carefully around pets, or adapt to the unpredictability of the surrounding world," Børnich said.
[...] Its multi-joined hands use elastic motors that mimic human tendons, and it has four microphones and a speaker system integrated into its body to communicate with humans. Its knitted exterior was designed to reduce the force of potential impacts with the exterior environment and increase its overall safety.