SoylentNews

upstart writes:

Submitted via IRC for Bytram

NASA Wants to Send Nuclear Rockets to the Moon and Mars

Just north of the Tennessee River near Huntsville, Alabama, there's a six-story rocket test stand in a small clearing of loblolly pines. It's here, in a secluded corner of NASA's Marshall Space Flight Center, that the US Army and NASA performed critical tests during the development of the Redstone rocket. In 1958, this rocket became the first to detonate a nuclear weapon; three years later, it carried the first American into space.

The tangled history of nukes and space is again resurfacing, just up the road from the Redstone test stand. This time NASA engineers want to create something deceptively simple: a rocket engine powered by nuclear fission.

A nuclear rocket engine would be twice as efficient as the chemical engines powering rockets today. But despite their conceptual simplicity, small-scale fission reactors are challenging to build and risky to operate because they produce toxic waste. Space travel is dangerous enough without having to worry about a nuclear meltdown. But for future human missions to the moon and Mars, NASA believes such risks may be necessary.

At the center of NASA's nuclear rocket program is Bill Emrich, the man who literally wrote the book on nuclear propulsion. "You can do chemical propulsion to Mars, but it's really hard," says Emrich. "Going further than the moon is much better with nuclear propulsion."

Emrich has been researching nuclear propulsion since the early '90s, but his work has taken on a sense of urgency as the Trump administration pushes NASA to put boots on the moon ASAP in preparation for a journey to Mars. Although you don't need a nuclear engine to get to the moon, it would be an invaluable testing ground for the technology, which will almost certainly be used on any crewed mission to Mars.

Let's get one thing clear: A nuclear engine won't hoist a rocket into orbit. That's too risky; if a rocket with a hot nuclear reactor blew up on the launch pad, you could end up with a Chernobyl-scale disaster. Instead, a regular chemically propelled rocket would hoist a nuclear-powered spacecraft into orbit, which would only then fire up its nuclear reactor. The massive amount of energy produced by these reactors could be used to sustain human outposts on other worlds and cut the travel time to Mars in half.

"exec" has found the following story:

In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails.

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems "at-risk" file attachments, which are typically sent with malicious scripts or executables.

The move will prevent users from downloading email attachments with various file extensions, including ones associated with Python, PowerShell, digital certificates, Java and more. Overall, Microsoft had blocked 104 file extensions from Outlook (a full list of which can be found here), including .exe, .url, .lnk, and more. With these newest extensions, that number will now rise to 142.

"We're always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today," said Microsoft in a post this week.

Microsoft said that many of these newly-blocked file types are rarely used, so most organizations will not be affected by the change: "However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them," it said.

[...] Newly blocked file extensions include:

• Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
• PowerShell scripting language:”.ps1″, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”, “.cdxml”, “.pssc”
• Java programming language: “.jar”, “.jnlp”
• digital certificates: “.cer”, “.crt”, “.der”
• Windows ClickOnce (“.appref-ms”)
• Microsoft Data Access Components (“.udl”)
• Windows Sandbox (“.wsb”)

Microsoft will also block various extensions being used by vulnerable applications, which could be used to exploit security vulnerabilities in third-party software, including: ".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"

For these extensions, 38 in all, "while the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use," Microsoft said.

-- submitted from IRC

Original Submission

Arthur T Knackerbracket has found the following story:

Since Canada legalized Medical Assistance in Dying (MAiD) in 2016, as of Oct. 31, 2018, more than 6,700 Canadians have chosen medications to end their life.

Canadians who meet eligibility requirements can opt to self-administer or have a clinician administer these medications; the vast majority of people choosing MAiD have had their medications delivered by physicians or nurse practitioners. Canada is the first country to permit nurse practitioners to assess for medically assisted dying eligibility and to provide it.

The precise meaning and implications of MAiD—in particular, who can request medical assistance in dying in Canada—is still evolving through court rulings. Québec's Supreme Court recently struck down the reasonably foreseeable death requirement under the Criminal Code and the end-of-life requirement under Québec's Act Respecting End-of-Life Care.

Without the requirement of a reasonably foreseeable death, it is likely that other legal challenges will occur to extend assisted dying to other groups such as those whose sole underlying condition is severe mental illness.

Our research has explored how the nursing profession is regulating the new area of responsibility towards medically assisted dying and how nursing ethics might guide policy and practical implications of nurses' experiences.

upstart writes:

Submitted via IRC for SoyCow9427

New "unpatchable" iPhone exploit could allow permanent jailbreaking on hundreds of millions of devices

All devices from the iPhone 4S to the iPhone X are impacted

A newly announced iOS exploit could lead to a permanent, unblockable jailbreak on hundreds of millions of iPhones, according to researcher axi0mX who discovered it. Dubbed "checkm8," the exploit is a bootrom vulnerability that could give hackers deep access to iOS devices on a level that Apple would be unable to block or patch out with a future software update. That would make it one of the biggest developments in the iPhone hacking community in years.

The exploit is specifically a bootrom exploit, meaning it's taking advantage of a security vulnerability in the initial code that iOS devices load when they boot up. And since it's ROM (read-only memory), it can't be overwritten or patched by Apple through a software update, so it's here to stay. It's the first bootrom-level exploit publicly released for an iOS device since the iPhone 4, which was released almost a decade ago.

In a follow-up tweet, axi0mX explained that they released the exploit to the public because a "bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer."

Original Submission

DannyB writes:

Amazon unveils a couple new Ring cameras that cost less than $100

Alongside the deluge of Echo devices Amazon announced during its autumn hardware event on Wednesday, the company unveiled two new security cameras from its Ring subsidiary: the Ring Indoor Cam and a refreshed model of the Ring Stick Up Cam.

[...] On the software side of things, Ring's cameras and video door bells will soon support a new feature called "Home Mode" that Amazon says will prevent Ring products from recording audio and video while you're home. That will also arrive in November. The company also demoed a feature that will allow the Alexa voice assistant to answer visitors through a Ring doorbell in a "conversational" manner—it could ask a delivery person to leave a package, for instance. Amazon says this will come first to the Ring Video Doorbell Elite (which isn't battery-powered) next year.

[...] Finally, there's the Ring Fetch, which is a connected dog tag and tracker. This lets you geofence your yard and will ping you when your furry friend leaves a set perimeter. Again, Amazon didn't go too hard on the details here but says this will release next year.

Forget Ring Fetch, I'm waiting for the PeopleCam for each family member to wear.

Original Submission

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

A cybersecurity exercise highlights both new and unaddressed vulnerabilities riddling US election systems.

A report issued Thursday by some of the country's leading election security experts found that voting machines used in dozens of state remain vulnerable to hacks and manipulations, warning that that without continued efforts to increase funding, upgrade technology, and adopt of voter-marked paper ballot systems, "we fear that the 2020 presidential elections will realize the worst fears only hinted at during the 2016 elections: insecure, attacked, and ultimately distrusted."

The 47-page report is the product of researchers who organized a shakedown of voting machines at the annual DefCon conference, one of world's biggest information security gatherings frequented by hackers, government officials, and industry workers. First incorporated into DefCon in 2017 with the aim of improving voting machine security, this year's version of the now-annual "Voting Machine Hacking Village" assembled over 100 machines and let hackers loose to find and exploit their vulnerabilities. While election officials have criticized the effort's utility as a testing ground, deriding it as a "pseudo environment," some have seen value in letting machines' flaws become more known and potentially lead to security improvements.

"Once again, Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room," the authors wrote, pointing out that every piece of assembled equipment is certified for use in at least one US jurisdiction. The report's authors, some of whom have been involved with election machine security research going back more than a decade, noted that in most cases the participants tested voting equipment "they had no prior knowledge of or experience" in a "challenging setting " with less time and resources than attackers would be assumed to marshal.

The report urges election officials to use machines relying on voter-marked paper ballots and pair those with "statistically rigorous post-election audits" to verify the outcome of elections reflects the will of voters. The authors also warn that supply chain issues "continue to pose significant security risks," including cases where machines include hardware components of foreign origin, or where election administrators deploy foreign-based software, cloud, or other remote services. The report lands as officials in several states are working to upgrade election equipment, and as lawmakers in Washington, D.C. debate federal election security legislation and funding.

Source: https://www.motherjones.com/politics/2019/09/defcon-2019-hacking-village/

Original Submission

Arthur T Knackerbracket has found the following story:

Under one in three organisations are fully compliant with the General Data Protection Regulation, despite the privacy legislation coming into force across Europe almost a year and a half ago.

Consultancy firm Capgemini surveyed over 1,000 compliance, privacy and data protection personnel and found that despite three quarters of them having previously been confident about being compliant by the time GDPR came into force in May 2018, that isn't the case in reality and many are still struggling to adhere to the legislation. 

Now just 28% of those surveyed believe they're fully GDPR compliant – despite regulators being willing to issue heavy fines.

The UK's Information Commissioner's Office (ICO) has already issued a record fine of £183m to British Airways for what it concludes to be "poor security arrangements", which led to personal data of half a million customers being stolen by hackers in a cyberattack disclosed in September 2018.

"For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force," Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet.

[...] The Capgemini survey found that of those organisations that are fully GDPR-compliant, 92% of executives from these firms believe that being so has given them a competitive advantage by enabling them to improve customer trust, customer satisfaction and brand image, with all of this helping to boost revenue.

GDPR-compliant organisations also point to benefits behind the scenes, with around four in five of those surveyed of the opinion that being compliant with data protection regulation has helped improve IT systems and cybersecurity practices throughout the organisation.

"Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies," said the report.

[...] "The introduction of GDPR was not a deadline but the start of an ongoing process and there is a lot more work to be done. That said, we will not hesitate to act in the public's best interests when organisations wilfully or negligently break the law," said an ICO statement.

Original Submission

An Anonymous Coward writes:

More (and ongoing) developments on the Whistleblower/Ukraine thing:

House Speaker Pelosi has begun an inquiry into impeachment of the president:
https://www.npr.org/2019/09/24/763700264/trumps-ukraine-call-may-be-game-changer-on-impeachment

The (live at the time of this submission: 2019-09-26 14:30 UTC) House Intelligence interview of the Acting Director of National Security:
https://www.bbc.co.uk/news/live/world-us-canada-49841920

The unclassified-version of the whistleblower complaint was released:
https://intelligence.house.gov/uploadedfiles/20190812_-_whistleblower_complaint_unclass.pdf

As was the memo/pseudo-transcript (not 100% guaranteed as they are hand-typed, no recordings of calls are made any more in the US in the aftermath of Watergate) on the call between Presidents Trump and Zelenskyy[*]:
https://www.whitehouse.gov/wp-content/uploads/2019/09/Unclassified09.2019.pdf

[*] Yes, Zelenskyy, see: Zelensky, Zelenskiy, Zelenskyy: spelling confusion doesn't help Ukraine.

Original Submission

Arthur T Knackerbracket has found the following story:

Western Australia's famous 3.5-billion-year-old stromatolites contain microbial remains of some of the earliest life on Earth, UNSW scientists have found.

Scientists have found exceptionally preserved microbial remains in some of Earth's oldest rocks in Western Australia—a major advance in the field, offering clues for how life on Earth originated.

The UNSW researchers found the organic matter in stromatolites—fossilized microbial structures—from the ancient Dresser Formation in the Pilbara region of Western Australia.

The stromatolites have been thought to be of biogenic origin ever since they were discovered in the 1980s. However, despite strong textural evidence, that theory was unproven for nearly four decades, because scientists hadn't been able to show the definitive presence of preserved organic matter remains—until today's publication in Geology.

"This is an exciting discovery—for the first time, we're able to show the world that these stromatolites are definitive evidence for the earliest life on Earth," says lead researcher Dr. Raphael Baumgartner, a research associate of the Australian Centre for Astrobiology in Professor Martin Van Kranendonk's team at UNSW.

Professor Van Kranendonk says the discovery is the closest the team have come to a "smoking gun" to prove the existence of such ancient life.

"This represents a major advance in our knowledge of these rocks, in the science of early life investigations generally, and—more specifically—in the search for life on Mars. We now have a new target and new methodology to search for ancient life traces," Professor Van Kranendonk says.

Raphael J. Baumgartner et al. Nano−porous pyrite and organic matter in 3.5-billion-year-old stromatolites record primordial life, Geology (2019). DOI: 10.1130/G46365.1

Original Submission

upstart writes:

Submitted via IRC for SoyCow9427

Microsoft: New Nodersok malware has infected thousands of PCs

Thousands of Windows computers across the world have been infected with a new strain of malware that downloads and installs a copy of the Node.js framework to convert infected systems into proxies and perform click-fraud.

The malware, named Nodersok (in a Microsoft report) and Divergent (in a Cisco Talos report), was first spotted over the summer, distributed via malicious ads that forcibly downloaded HTA (HTML application) files on users' computers.

Users who found and ran these HTA files started a multi-stage infection process involving Excel, JavaScript, and PowerShell scripts that eventually downloaded and installed the Nodersok malware.

The malware itself has multiple components, each with its own role. There's a PowerShell module that tries to disable Windows Defender and Windows Update, and there's a component for elevating the malware's permissions to SYSTEM level.

But there are also two components that are legitimate apps -- namely WinDivert and Node.js. The first is an app for capturing and interacting with network packets, while the second is a well-known developer tool for running JavaScript on web servers.

According to Microsoft and Cisco reports, the malware uses the two legitimate apps to start a SOCKS proxy on infected hosts. But here is where the reports diverge. Microsoft claims the malware turns infected hosts into proxies to relay malicious traffic. Cisco, on the other hand, says these proxies are used to perform click-fraud.

Original Submission

"exec" writes:

Microsoft revealed on Wednesday that it is fighting in court for the right to tell one of its large enterprise customers about a federal request for data hosted on Microsoft's cloud services. The data request came with an order prohibiting Microsoft from notifying its customer about the request, and Microsoft views the gag order as inappropriate.

"On Sept. 5, 2018, Microsoft challenged a secrecy order issued by a federal magistrate judge in Brooklyn, New York in connection with a federal national security investigation," wrote Microsoft general counsel Dev Stahlkopf. "Based on the limited information available to us in this case, we feel the secrecy order was too broadly drawn and is inconsistent with the U.S. government's policy that secrecy orders be narrowly tailored."

The Microsoft customer in question has thousands of employees. Microsoft argues that the feds should be able to identify someone at the company who can be notified without jeopardizing the investigation. However, a judge rejected Microsoft's request and left the secrecy requirement in place.

"We have challenged that order in the lower court, and we will pursue an appeal in the appellate court if necessary."

-- submitted from IRC

Original Submission

Arthur T Knackerbracket has found the following story:

Researchers at Stanford University and the Department of Energy's SLAC National Accelerator Laboratory say they have found the first, long-sought proof that a decades-old scientific model of material behavior can be used to simulate and understand high-temperature superconductivity - an important step toward producing and controlling this puzzling phenomenon at will.

The simulations they ran, published in Science today, suggest that researchers might be able to toggle superconductivity on and off in copper-based materials called cuprates by tweaking their chemistry so electrons hop from atom to atom in a particular pattern -- as if hopping to the atom diagonally across the street rather than to the one next door.

"The big thing you want to know is how to make superconductors operate at higher temperatures and how to make superconductivity more robust," said study co-author Thomas Devereaux, director of the Stanford Institute for Materials and Energy Sciences (SIMES) at SLAC. "It's about finding the knobs you can turn to tip the balance in your favor."

The biggest obstacle to doing that, he said, has been the lack of a model -- a mathematical representation of how a system behaves -- that describes this type of superconductivity, whose discovery in 1986 raised hopes that electricity might someday be transmitted with no loss for perfectly efficient power lines and maglev trains.

While scientists thought the Hubbard model, used for decades to represent electron behavior in numerous materials, might apply to cuprate high-temperature superconductors, until now they had no proof, said Hong-Chen Jiang, a SIMES staff scientist and co-author of the report.

"This has been a major unsolved problem in the field -- does the Hubbard model describe high-temperature superconductivity in the cuprates, or is it missing some key ingredient?" he said. "Because there are a number of competing states in these materials, we have to rely on unbiased simulations to answer these questions, but the computational problems are very difficult, and so progress has been slow."

Original Submission

An Anonymous Coward writes:

https://elpais.com/elpais/2019/09/25/inenglish/1569384196_652151.html

Undercover Global S. L., the Spanish defense and private security company that was charged with protecting the Ecuadorian embassy in London during the long stay there of WikiLeaks founder Julian Assange, spied on the cyberactivist for the US intelligence service. That's according to statements and documents to which EL PAÍS have had access. David Morales, the owner of the company, supposedly handed over audio and video to the CIA of the meetings Assange held with his lawyers and collaborators. Morales is being investigated for this activity by Spain's High Court, the Audiencia Nacional.

The judicial investigation into the director of UC Global S. L. and the activities of his company were ordered by a judge named José de la Mata, and they began weeks after EL PAÍS published videos, audios and reports that show how the company spied on the meetings that the cyberactivist held in the embassy.

The secret probe is the consequence of a criminal complaint filed by Assange himself, in which he accuses Morales and the company of the alleged offenses involving violations of his privacy and the secrecy of his client-attorney privileges, as well as misappropriation, bribery and money laundering. The director of UC Global S. L. has not responded to calls from this newspaper in order to confirm his version of events.

Morales, a former member of the military who is on leave of absence, stated both verbally and in writing to a number of his employees that, despite having been hired by the government of then-Ecuadorian President Rafael Correa, he also worked “for the Americans,” to whom he allegedly sent documents, videos and audios of the meetings that the Australian activist held in the embassy. “We are playing in another league. This is the first division,” he told his closest colleagues after attending a security fair in the US city of Las Vegas in 2015 where he supposedly made his first American contacts.

Despite the fact that the Spanish firm – which is headquartered in the southern city of Jerez de la Frontera – was hired by Senain, the Ecuadorian intelligence services, Morales called on his employees several times to keep his relationship with the US intelligence services a secret.

Original Submission

martyb writes:

SpaceX Starship now has Three Monster Raptor Engines Installed:

Elon Musk's Mars rocket is really coming together. Construction of the interplanetary spaceship is taking place at SpaceX's Boca Chica facility in Texas and, after giving us a glimpse of the prototype's fins on Monday, the SpaceX CEO has pulled back the curtain on the Starship Mk.1 fitted with three Raptor engines.

The Raptor engines are monstrous liquid-liquid rocket engines which use methane and oxygen to power SpaceX's upcoming launch vehicles. They will be used in SpaceX's next-generation rocket, which contains two stages: The Super Heavy first stage, which lifts it into orbit, and the Starship second stage, which takes it through the void of space.

[...] The SpaceX CEO has discussed the Raptor engine requirements in the past, explaining how the proposed interplanetary Starship requires an engine that can put out at least 170 tons of force. Previous testing showed a single engine reaching 172 tons of force, but it's now pushing 200. The Starship will be attached to the top of the Super Heavy rocket, which will likely have up to 31 Raptor engines strapped to its bottom. Crazy to think about.

Relatedly, SpaceX has filed with the FCC (Federal Communications Commission) an application for Special Temporary Authority (STA):

*SPOILER* (click to show) *SPOILER* (click to hide)

This STA is necessary to authorize Starship suborbital test vehicle communications for SpaceX Mission 1569 from the Boca Chica launch pad, and the experimental recovery following the suborbital launch. Recovery is limited to 2 functions: (1) prelaunch checkout test of the TC uplink from the ground station at Boca Chica (less than five minutes in duration) and (2) experimental uplink testing from the ground station at Boca Chica during descent. Trajectory data will be provided directly to NTIA, USAF, and NASA. All downrange Earth stations are receive-only. Launch licensing authority is FAA Office of Commercial Space Transportation.

Of note is that the Suborbital Test Vehicle Maximum Altitude is specified as 22.5km. (That's just under 14 miles or ~74,000 feet. Long-haul commercial airliners typically cruise at about 36,000 feet; private jets at ~41,000.)

By the way, this prototype is being constructed in the open air without benefit of any kind of hangerhangar or outbuilding to protect it during assembly.

Original Submission

Arthur T Knackerbracket has found the following story:

Male mice that spent more than a month in space were able to successfully reproduce back on Earth, a study has found, the first evidence of how space travel affects reproduction in mammals.

There have been some signs that spending time in radiation damage seen in freeze-dried mouse sperm that spent nine months in outer space, and decreased sperm counts in rats that spent 13 days in orbit.

The research examined 12 male mice who spent 35 days aboard the International Space Station in specially designed cages.

Some of the mice experienced the weightlessness of microgravity, while others were in cages designed to offer artificial gravity.

Upon their return to Earth, the researchers used sperm from the mice to fertilise eggs from female mice who had not experienced space travel, and found the astronaut rodents produced healthy offspring.

The team, led by Masahito Ikawa, a professor at Osaka University, also examined the reproductive organs of the space-travelling mice, and checked their offspring for any signs that their parentage had negative effects.

"We conclude that short-term stays in outer space do not cause overt defects in the physiological function of male reproductive organs, sperm function, and offspring viability," says the study published Tuesday in the journal Scientific Reports.

Original Submission