SoylentNews

Fnord666 writes:

Active in dozens of advanced hacks since 2009, Billbug is still going strong:

Nation-state hackers based in China recently infected a certificate authority and several government and defense agencies with a potent malware cocktail for burrowing inside a network and stealing sensitive information, researchers said on Tuesday.

The successful compromise of the unnamed certificate authority is potentially serious, because these entities are trusted by browsers and operating systems to certify the identities responsible for a particular server or app. In the event the hackers obtained control of the organization's infrastructure, they could use it to digitally sign their malware to make it more easily slip past endpoint protections. They might also be able to cryptographically impersonate trusted websites or intercept encrypted data.

While the researchers who discovered the breach found no evidence the certificate infrastructure had been compromised, they said that this campaign was only the latest by a group they call Billbug, which has a documented history of noteworthy hacks dating back to at least 2009.

"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," Symantec researchers wrote. "Billbug also appears to be undeterred by the possibility of having this activity attributed to it, with it reusing tools that have been linked to the group in the past."

[...] Tuesday's post includes a host of technical details people can use to determine if they've been targeted by Billbug. Symantec is the security arm of Broadcom Software.

Remember that you can always edit/manage the list of trusted Certificate Authorities on your own machines.

Original Submission

mrpg writes:

Conservation efforts and fishery management have allowed tuna and billfish to recover:

After decades of population declines, the future is looking brighter for several tuna and billfish species, such as southern bluefin tuna, black marlins and swordfish, thanks to years of successful fisheries management and conservation actions. But some sharks that live in these fishes' open water habitats are still in trouble, new research suggests.

These sharks, including oceanic whitetips and porbeagles, are often caught by accident within tuna and billfish fisheries. And a lack of dedicated management of these species has meant their chances of extinction continue to rise, researchers report in the Nov. 11 Science.

[...] The team found that the extinction risk for tunas and billfishes increased throughout the last half of the 20th century, with the trend reversing for tunas starting in the 1990s and billfishes in the 2010s. These shifts are tied to known reductions in fishing deaths for these species that occurred at the same time.

[...] But shark species are floundering in these very same waters where tuna and billfish are fished, where the sharks are often caught as bycatch.

[...] "While we are increasingly sustainably managing the commercially important, valuable target species of tunas and billfishes," says Juan-Jordá, "shark populations continue to decline, therefore, the risk of extinction has continued to increase."

Some solutions going forward, says Juan-Jordá, include catch limits for some species and establishing sustainability goals within tuna and billfish fisheries beyond just the targeted species, addressing the issue of sharks that are incidentally caught. And it's important to see if measures taken to reduce shark bycatch deaths are actually effective, she says.

"There is a clear need for significant improvement in shark-focused management, and organizations responsible for their management need to act quickly before it is too late," Simpfendorfer says.

Original Submission

An Anonymous Coward writes:

https://www.wired.com/story/ftx-hack-theft-crypto-tracing/

Cryptocurrency has always offered a strange mix of temptations and challenges for anyone trying to steal it. As digital cash, held in multibillion-dollar sums on hackable, internet-connected networks, it presents a lucrative target. But once it's stolen, the blockchains that almost every cryptocurrency is built on make it possible to follow that money's every movement and, very often, to identify the thieves. So after a massive heist pulled nearly half a billion dollars worth of funds out of the already collapsing FTX cryptocurrency exchange yesterday, the world's crypto tracers are now closely tracking where that loot ends up—and looking for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.

On Friday, hours after the major cryptocurrency exchange FTX had filed for bankruptcy in the wake of its epic, 10-figure collapse, FTX's remaining funds were drained of more than $663 million worth of cryptocurrency, much of which appears to have been stolen. "FTX has been hacked," wrote an administrator in FTX's Telegram channel. "FTX apps are malware. Delete them." [...]

[...] "We're definitely watching the movements of these funds," says Chris Janczewski, the head of investigations at TRM Labs and a former special agent at the IRS's criminal investigations division. "This potential thief has hundreds of millions of dollars. But it's like they went into a bank, took as much cash as they could carry, and then the dye packs went off. They've got all this money, but now everyone knows it's connected to this bank robbery. What can you actually do with it?"

An Anonymous Coward writes:

https://techcrunch.com/2022/11/15/amazon-antitrust-german-fco-special-abuse-controls/

Germany's antitrust watchdog has moved to widen an existing investigation of Amazon's business in the market in light of special abuse powers it confirmed are applicable to the ecommerce giant's business in the country this summer.

The Federal Cartel Office (FCO) said yesterday it is extending two ongoing "abuse control proceedings" against Amazon to include the application of "the new instrument for more effective oversight over large digital companies" (aka, Section 19a of the GWB; aka it's rebooted competition law) — which is a reference to a 2021 reform of German competition law that targets digital giants found to have so-called "paramount significance for competition across markets" with a proactive antitrust regime that outlaws practices such as self-preferencing, denying interoperability and exclusively bundling their own services to the detriment of rival offerings, among other ex ante prohibitions listed in Section 19b of the law.

The German law is similar to the pan-EU Digital Markets Act (DMA) which was recently adopted by the bloc — and will come into force next year — so the FCO is ahead of the curve here and its application of special abuse controls may offer a little taster of the extended scrutiny that's coming down the pipe across the continent for Big Tech.

Runaway1956 writes:

From combat clouds to drone swarm attacks, this year's Zhuhai air show demonstrated China's rapid advancements in uncrewed military technologies under President Xi Jinping.

China will "speed up the development of unmanned, intelligent combat capabilities," Xi had pledged in his written report to the Communist Party congress in October, where he began a rare third term at the party's helm.

True to this goal, the China International Aviation and Aerospace Exhibition in Zhuhai, which ended Sunday, featured an extensive display of cutting-edge weaponry. But it also highlighted some ways that China is falling short, suggesting that it still may take years to build a military that rivals America's in quality as well as quantity.

Defense contractors and civilian companies alike brought to the show a bevy of uncrewed vehicles, from aircraft to tanks, in a wide range of sizes. But unlike last year, they focused not only on the drones' individual capabilities, but also their connectivity to crewed assets and remote command centers.

A concept similar to the "combat cloud" under development in the U.S. was also presented. China appears to be working on better precision-guided weapons, information transfers and sensor capabilities, integrating artificial intelligence into weapons systems to enhance military operations.

China North Industries Group (Norinco) displayed a combat system aimed at minimizing human casualties through the use of interconnected drones, uncrewed tanks, loitering munitions and four-legged transporters. [...]

https://asia.nikkei.com/Business/Aerospace-Defense/Fighting-drones-take-center-stage-in-China-s-Zhuhai-air-show

Original Submission

fliptop writes:

The tiny animated duck is a replica of a toy created by the company's founders:

On average, Lego produces about 20 billion plastic bricks and building elements every year, and most come from injection molding machines that are so precise that just 18 of every million parts produced are rejected. It's the secret to Lego's enduring appeal and quality standards, but the approach also has its limits, which is why the company is starting to experiment with other manufacturing techniques.

The process is fast, taking just 10 seconds to create a new Lego element, which allows Lego to churn them out by the millions. But creating those highly-accurate molds is a very expensive and time-consuming process, and before commissioning a new minifig or type of piece, Lego needs to know it will sell enough sets to justify the costs of developing the mold for it. It's why new Lego building elements are few and far between and often a big deal, but it doesn't necessarily have to be that way.

[...] Availability of the 3D printed element will be limited, and visitors wanting to purchase the unique souvenir will need to sign up in advance for the chance to spend 89 DKK—or about US $12—on one. On top of that, those who purchase the duck will be asked to complete a survey that asks questions about their experience with it, and how it compares to Lego elements manufactured using more traditional techniques.

Admittedly, I was more of an Erector Set kinda kid back in the day, but that was way before Lego had all their specialized kits. Originally spotted on The Eponymous Pickle.

Original Submission

An Anonymous Coward writes:

https://www.infoworld.com/article/3678178/beyond-c-the-promise-of-rust-carbon-and-cppfront.html#tk.rss_all

In some ways, C and C++ run the world. You'd never know it from all the hype about other programming languages, such as Python and Go, but the vast majority of high-performance mass-market desktop applications and operating systems are written in C++, and the vast majority of embedded applications are written in C. We're not talking about smartphone apps or web applications: these have special languages, such as Java and Kotlin for Android and Objective-C and Swift for iOS. They only use C/C++ for inner loops that have a crying need for speed, and for libraries shared across operating systems.

C and C++ have dominated systems programming for so long, it's difficult to imagine them being displaced. Yet many experts are saying it is time for them to go, and for programmers to embrace better alternatives. Microsoft Azure CTO Mark Russinovich recently made waves when he suggested that C and C++ developers should move to Rust instead. "The industry should declare those languages as deprecated," Russinovich tweeted.

Many developers are exploring Rust as a production-ready alternative to C/C++, and there are other options on the horizon. In this article, we'll consider the merits and readiness of the three most cited C/C++ language alternatives: Rust, Carbon, and cppfront. First, let's take a look back through the history and some of the pain points of C/C++.

Fnord666 writes:

Researchers break security guarantees of TTE networking used in spacecraft

On Tuesday, researchers published findings that, for the first time, break TTE's [Time-Triggered Ethernet] isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA's Johnson Space Center.

"Our evaluation shows that successful attacks are possible in seconds and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages—both of which can result in the failure of critical systems like aircraft or automobiles," the researchers wrote. "We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threaten safety and mission success."

PCspooF can be built onto as little as a 2.5 cm×2.5 cm area of a single-layer printed circuit board and requires minimal power and network bandwidth, which allows a malicious device to blend in with all the other best-effort devices connected to the network. The researchers privately reported their findings to NASA and other big stakeholders in TTE. In an email, a NASA representative wrote, "NASA teams are aware of the findings from research on TTE and have taken proactive measures to ensure potential risks to spacecraft are appropriately mitigated."

The article goes into detail on what TTE is and how it's used in spacecraft.

Original Submission

An Anonymous Coward writes:

https://www.wired.com/story/the-man-behind-mastodon-eugen-rochko-built-it-for-this-moment/

Eugen Rochko looks exhausted. The 29-year-old German programmer is the founder of Mastodon, a distributed alternative to Twitter that has exploded in popularity in recent weeks as Elon Musk's ownership of the platform has rained chaos on its users.

Rochko began developing Mastodon shortly after leaving university in 2016. He was a fan of Twitter but wanted to create a platform not controlled by any single company or person, reasoning that online communication is too important to be at the whim of commercial interests or CEOs. He believed that the lack of profit motive and canny design could discourage harassment and abuse, and provide users more control.

[...] Mastodon grew slowly after the first code was released in 2017, appealing mostly to free software enthusiasts. Then Elon Musk took control of Twitter for $44 billion. His promises to weaken moderation, deep staff cuts, and chaotic changes to the platform turned many dedicated Twitter users off the platform. In the past few weeks, Rochko says, some 800,000 new Mastodon accounts have been created, overwhelming popular servers and flooding existing users' timelines with introductions, questions, and complaints from newbies. Last year, donations to the nonprofit that runs Mastodon and where Rochko is CEO totaled 55,000 euros; it spent only 23,000 euros.

Since Musk took over Twitter, Rochko has been working long hours to keep his own server, Mastodon.Social, running, while also preparing a major upgrade to Mastodon, but he took time to videochat with WIRED from his home in Germany. The conversation has been edited for length and clarity. [...]

Original Submission

An Anonymous Coward writes:

https://techcrunch.com/2022/11/14/india-lifts-download-ban-on-vlc/

India has lifted the download ban on VLC, more than nine months after it mysteriously blocked the official website of the popular media playback software in the South Asian market. VideoLAN, the popular software's developer, filed a legal notice last month seeking an explanation from the nation's IT and Telecom ministries for the block order.

The Ministry of Electronics and IT has removed its ban on the website of VLC media player, New Delhi-based advocacy group Internet Freedom Foundation, which provided legal support to VideoLAN, said on Monday. VideoLAN confirmed the order.

"This ban was put into place without any prior notice and without giving VideoLAN the opportunity of a hearing, which went against the 2009 Blocking Rules and the law laid down by the Supreme Court in Shreya Singhal v. Union of India. This was strange because VLC Media Player is an open-source software which is used by nearly 80 million Indians," IFF said in a statement.

Indian telecom operators began blocking VideoLAN's official website, where it lists links to downloading VLC, in February of this year, VideoLAN president and lead developer Jean-Baptiste Kempf told TechCrunch in an earlier interview. India is one of the largest markets for VLC.

[...] Last month, VideoLAN and Internet Freedom Foundation used legal means to get answers and redressal surrounding the ban. India's IT ministry never made public the order of the ban, yet all telecom operators in the country complied with it. In its legal notice last month, VideoLAN sought a copy of the blocking order.

Original Submission

Poland Missile: False Alarm

takyon writes:

Ukraine war: Russia denies responsibility for Poland blast

US President Joe Biden has said it is "unlikely" that a missile that killed two people in Poland on Tuesday was fired from Russia.

Russia has denied it was to blame for the missile that landed in Przewodow, on the Ukrainian border.

Poland said it was Russian-made, but US officials said initial findings indicated it was fired by Ukrainian air defences.

More than 90 Russian missiles were fired at Ukraine on Tuesday, Kyiv said.

Although the military said 77 were shot down, some of the missiles hit Lviv, not far from Ukraine's western border with Poland.

During the Russian attacks, two Polish workers were killed in a blast at a farm building in Przewodow, 6km (4 miles) from the border.

 
Earlier reported story:

Br(e)aking: Russian missiles strike Poland, kill two

c0lo writes:

https://apnews.com/article/russia-ukraine-war-zelenskyy-kherson-9202c032cf3a5c22761ee71b52ff9d52

KYIV, Ukraine (AP) — Russia pounded Ukraine's energy facilities Tuesday with its biggest barrage of missiles yet, striking targets across the country and causing widespread blackouts, and a U.S. official said missiles crossed into NATO member Poland, where two people were killed.

A defiant Ukrainian President Volodymr Zelenskyy shook his fist and declared: "We will survive everything."

Polish government spokesman Piotr Mueller did not immediately confirm the information from a senior U.S. intelligence official, who spoke on condition of anonymity because of the sensitive nature of the situation. But Mueller said top leaders were holding an emergency meeting due to a "crisis situation."

Polish media reported that two people died Tuesday afternoon after a projectile struck an area where grain was drying in Przewodów, a Polish village near the border with Ukraine.

Neighboring Moldova was also affected. It reported massive power outages after the strikes knocked out a key power line that supplies the small nation, an official said.

I bet the reaction will be "Mmrrr-hhhhh... not enough/too soon for Article 5".

Original Submission #1  Original Submission #2 

An Anonymous Coward writes:

It's a bad month for layoffs in tech

The big tech layoffs are continuing apace, and it seems nobody is safe. Following this month's massive staff cuts at Twitter and Meta, the New York Times reports that Amazon is now planning to let go of approximately 10,000 employees. Happy holidays, I guess.

Amazon's upcoming job cuts will reportedly impact its corporate employees, specifically its retail division, human resources, and the team working on the company's devices (which includes voice assistant Alexa).

Considering that Amazon employs over 1.5 million people across the globe, 10,000 workers laid off may not seem like a significant percentage from the company's perspective. It amounts to about 0.7 percent of Amazon's employees, which is a considerably smaller relative reduction than Twitter's Elon Musk-induced layoffs that cut its workforce by around 50 percent.

A reduction in force, or perhaps they're making room for picking up some of the high performing Twitter talent who were let go? [hubie]

Original Submission

AnonTechie writes:

Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions
The international organization proposed three options that could serve as a digital equivalent of the red cross symbol

The International Committee of the Red Cross proposed creating a digital equivalent to its distinctive red symbol to warn off hackers who attempt to break into medical institutions' networks. Such a digital emblem would deter some but not all hackers, Red Cross advisers say, at a time when hospitals are frequently hit with cyberattacks.

The emblem wouldn't provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to the International Committee of the Red Cross, said at a panel discussion hosted by the organization on Thursday.

"No one should mistake it as a silver bullet, it's simply a symbol of protection," he said.

Interesting discussion at: A Digital Red Cross

Do you think such a thing would work ?

Original Submission

takyon writes:

Hungry for AI? New supercomputer contains 16 dinner-plate-size chips

On Monday, Cerebras Systems unveiled its 13.5 million core Andromeda AI supercomputer for deep learning, reports Reuters. According Cerebras, Andromeda delivers over one 1 exaflop (1 quintillion operations per second) of AI computational power at 16-bit half precision.

The Andromeda is itself a cluster of 16 Cerebras C-2 computers linked together. Each CS-2 contains one Wafer Scale Engine chip (often called "WSE-2"), which is currently the largest silicon chip ever made, at about 8.5-inches square and packed with 2.6 trillion transistors organized into 850,000 cores.

Cerebras built Andromeda at a data center in Santa Clara, California, for $35 million. It's tuned for applications like large language models and has already been in use for academic and commercial work. "Andromeda delivers near-perfect scaling via simple data parallelism across GPT-class large language models, including GPT-3, GPT-J and GPT-NeoX," writes Cerebras in a press release.

Previously: Cerebras "Wafer Scale Engine" Has 1.2 Trillion Transistors, 400,000 Cores
Cerebras Systems' Wafer Scale Engine Deployed at Argonne National Labs
Cerebras More than Doubles Core and Transistor Count with 2nd-Generation Wafer Scale Engine
The Trillion-Transistor Chip That Just Left a Supercomputer in the Dust

Original Submission

acid andy writes:

Researchers for the Human Brain Project have published a theory about how we become conscious of a sensory stimulus, which has been likened to a surfer timing when to catch a wave.

When a sensory stimulus reaches our brain, it doesn't drop in calm waters - brains are always agitated with spontaneous activity. Like a surfer, the stimulus has to catch the right wave of activity at the right time to emerge into consciousness. Right in between two waves is the perfect time to do so, argue Giovanni Rabuffo and Pierpaolo Sorrentino of the Human Brain Project.

We know from extensive experiments that the brain can perceive sensory stimuli even when we are not aware of them: while some information reaches the 'consciousness threshold', other simply does not, even given comparable incoming stimuli.

[...] How come the same stimulus reaches consciousness in certain moments, and fails to do so in others? As this stimulus is the same, it must depend on something changing in the brain.
[...] In recent years, neuroimaging has shown that 'becoming aware of a stimulus' comes with a burst of activations that spread across the brain. However, similar such bursts spontaneously stretch across the brain at all times, even in the absence of stimuli. These bursts are often referred to as 'neuronal avalanches'', borrowing the concept of avalanches from statistical mechanics. And we experience these spontaneous avalanches during rest, while we are typically conscious. Is there a way to unify conscious perception, spontaneous brain activity, and neuronal avalanches?