SoylentNews

fab23 writes:

https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase "negligent security practices" is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.

Actually, two things went badly wrong here. The first is that Azure accepted an expired signing key, implying a vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system's Hardware Security Module—and not be in software. This implies a really serious breach of good security practice. The fact that Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad.

I believe this all traces back to SolarWinds. In addition to Russia inserting malware into a SolarWinds update, China used a different SolarWinds vulnerability to break into networks. We know that Russia accessed Microsoft source code in that attack. I have heard from informed government officials that China used their SolarWinds vulnerability to break into Microsoft and access source code, including Azure's.

I think we are grossly underestimating the long-term results of the SolarWinds attacks. That backdoored update was downloaded by over 14,000 networks worldwide. Organizations patched their networks, but not before Russia—and others—used the vulnerability to enter those networks. And once someone is in a network, it's really hard to be sure that you've kicked them out.

Sophisticated threat actors are realizing that stealing source code of infrastructure providers, and then combing that code for vulnerabilities, is an excellent way to break into organizations who use those infrastructure providers. Attackers like Russia and China—and presumably the US as well—are prioritizing going after those providers.

upstart writes:

NASA back in touch with Voyager 2 after 'interstellar shout':

NASA has succeeded in re-establishing full contact with Voyager 2 by using its highest-power transmitter to send an "interstellar shout" that righted the distant probe's antenna orientation, the space agency said Friday.

Launched in 1977 to explore the outer planets and serve as a beacon of humanity to the wider universe, it is currently more than 12.3 billion miles (19.9 billion kilometers) from our planet—well beyond the solar system.

A series of planned commands sent to the spaceship on July 21 mistakenly caused the antenna to point two degrees away from Earth, compromising its ability to send and receive signals and endangering its mission.

The situation was not expected to be resolved until at least October 15 when Voyager 2 was scheduled to carry out an automated realignment maneuver.

But on Tuesday, engineers enlisted the help of multiple Earth observatories that form the Deep Space Network (DSN) to detect a carrier or "heartbeat" wave from Voyager 2, though the signal was still too faint to read the data it carried.

In a new update on Friday, NASA's Jet Propulsion Laboratory (JPL), which built and operates the probe, said it had succeeded in a longshot effort to send instructions that righted the craft.

"The Deep Space Network used the highest-power transmitter to send the command (the 100-kw S-band uplink from the Canberra site) and timed it to be sent during the best conditions during the antenna tracking pass in order to maximize possible receipt of the command by the spacecraft," Voyager project manager Suzanne Dodd told AFP.

This so-called "interstellar shout" required 18.5 hours traveling at light speed to reach Voyager, and it took 37 hours for mission controllers to learn whether the command worked, JPL said in a statement.

The probe began returning science and telemetry data at 12:29 am Eastern Time on August 4, "indicating it is operating normally and that it remains on its expected trajectory," added JPL.

Previously: NASA Mistakenly Severs Communication to Voyager 2

Original Submission

mrpg writes:

Pirates hack superyachts' cybersecurity

Most modern marine vessels are heavily equipped with technology, from GPS and navigation systems to electronic chart displays and information systems (ECDIS). The arrival of this new technology has sailed superyachts into dangerous waters with a new type of pirate.

Owning a superyacht is a luxury for the world's financial elite due to the exorbitant cost of buying and maintaining one. High-tech superyachts with wealthy owners create the perfect combination for bounty-hungry hacking pirates.

[...] Cyber security expert Naveen Hemanna explains how the rise of digital banking and cryptocurrencies helps fuel this form of crime. He told Euronews, "The pirates need not be on the boat. It's all virtual warfare, which is happening because your wealth is also not physical. It's virtual, so you don't really need to have a physical presence to get that money out".

Cyber threats to yachts have increased since COVID, proving that it's not plain sailing for yacht owners in the modern world. However, the future of marine vessels is becoming more sustainable and eco-friendly for the waters they are sailing in.

Original Submission

upstart writes:

The Most Popular Meteor Shower Of The Year Peaks Next Week:

When NASA says a celestial event is noteworthy, you know it should be spectacular.

That's certainly the case with the Perseid meteor shower, which NASA calls "the best meteor shower of the year," and is correspondingly the "most popular meteor shower," according to the American Meteor Society (AMS).

Although the Perseid meteor shower is visible this year from July 14–September 1, it is expected to peak on August 12 and early on August 13. Stargazers can expect to see up to 100 meteors per hour traveling at 37 miles per second, NASA notes.

"With swift and bright meteors, Perseids frequently leave long 'wakes' of light and color behind them as they streak through Earth's atmosphere," NASA explains. "Perseids are also known for their fireballs, which are larger explosions of light and color that can persist longer than an average meteor streak."

Comets, which originate far outside the orbit of the outermost planets, have elliptical orbits around the Sun. For perspective, since they can be miles in diameter, NASA notes that they are about the "size of a small town."

Comets are essentially a giant "dirty snowball" made of frozen gasses with embedded rock and dust particles, NASA continues.

As comets near the Sun during their orbit, they warm, freeing bits of rock and dust that are then left behind in what can be thought of as a trail of debris. Every year, when Earth passes through these trails of rock and dust on its own orbit around the Sun, the debris particles collide with Earth's atmosphere.

When this happens, the particles heat up to temperatures of around 3,000 degrees Fahrenheit, creating streaks across the sky, Space.com explains. Those streaks, or shooting stars, stop abruptly when the intense heat evaporates most meteors.

The fragments of space debris that collide with Earth's atmosphere to create the Perseid meteor shower each summer were left in the wake of a comet named 109P/Swift-Tuttle. The comet has a unique name because it was discovered in 1862 independently by both Lewis Swift and Horace Tuttle, NASA explains.

Swift-Tuttle is a large comet with a nucleus that is 16 miles wide. Amazingly, it takes 133 years for it to orbit the Sun.

Although meteor showers are caused by comet debris colliding with Earth's atmosphere, they are named for their radiant — where they appear to come from in the night sky.

The Perseid meteor shower gets its name because its meteors appear to come from the constellation Perseus, named for the famed Greek hero. Perseus not only slew Medusa the Gorgon who had snakes as hair, he also rescued his future wife Andromeda from a sea monster sent by Poseidon to destroy the coast and land of Ethiopia.

Original Submission

owl writes:

https://computer.rip/2023-08-07-STIRred-AND-SHAKEN.html

In a couple of days, I pack up my bags to head for DEFCON. In a rare moment of pre-planning, perhaps spurred by boredom, I looked through the schedule to see what's in store in the world of telephony. There is a workshop on SS7, of course [1], plenty of content on cellular, but as far as I see nothing on the biggest topic in telecom security: STIR/SHAKEN.

I can venture a guess as to why: STIR/SHAKEN is boring. So here we go!

The Nature of Circuit Switching

Understanding today's robocalling problem requires starting a long time ago. Taking you all the way back to the invention of the telephone would be a little gratuitous, but it is useful to start our discussion with the introduction of direct distance dialing in 1951. In that year, the first long-distance call was completed based only on the customer dialing a number. Over the following decades direct distance dialing became more common and fewer telephone users had to speak to an operator to have a long-distance call established. Today, it's universal.

Handling dial calls over long distance trunks is a bit complicated, though. For local calls, handling was relatively simple. The other customer was connected to the same exchange that you were, so the exchange just needed to be able to detect your dialing and select the correct local loop corresponding to the number you dialed. Step-by-step (SxS) switches have been handling this problem since the turn of the 20th century. For long distance calls, though, the recipient will not be on the same switch---they'll be on a foreign exchange.

Original Submission

Frosty Piss writes:

https://www.tomshardware.com/news/raspberry-pi-4bs-inside-spin-scooters

When things don't work out for scooter rental companies and they shut down or pull out of a city, they usually take spare stock with them. However, when Spin backed out of Seattle, many locals discovered unused scooters scattered throughout the city. Upon closer inspection of these abandoned devices, or should we say dissection, it was uncovered that they each have a Raspberry Pi 4B inside.

This discovery was recently shared on social media. Legally, if the scooters are abandoned then snagging one for the Pi inside is fair game but it's not clear if Spin has plans to recover their remaining assets.

The Seattle city government official website confirm that Spin originally arrived in 2021 as a fourth scooter rental option. However, the company did not renew its license for the most recent cycle. Because of this, you can find a few remaining Spin scooters around the city.

Original Submission

upstart writes:

An 800-Year-Old Math Trick Could Be The Key to Navigating The Moon:

We've been landing people on the Moonsince 1969, but as we start to explore the lunar surface, how will astronauts find their way around? We need a global navigation satellite system (GNSS) for the Moon, and an 800-year-old math trick could help.

The math trick in question is known as the Fibonacci sphere. Here, researchers from Eötvös Loránd University in Hungary used it to better estimate the Moon's rotation ellipsoid, its ever-so-slightly squished shape as it orbits Earth.

Despite what Solar System illustrations might suggest, Earth and the Moon aren't perfect spheres: the influence of gravity, rotation, and tidal fluctuations means they're more like squashed balls.

For simplicity's sake, our GNSS technology uses a rough estimate of Earth's squashed ball shape. If we're to develop a Geographic Information System (GIS) for the lunar surface, we need the same estimate for the Moon's selenoid (the equivalent of Earth's geoid, or true, irregular shape).

"Since the Moon is less flattened than the Earth, most lunar GIS applications use a spherical datum," write geophysicist Gábor Timár and student Kamilla Cziráki in their published paper.

"However, with the renaissance of lunar missions, it seems worthwhile to define an ellipsoid of revolution that better fits the selenoid."

Journal Reference:
Cziráki, Kamilla, Timár, Gábor. Parameters of the best fitting lunar ellipsoid based on GRAIL's selenoid model [open], Acta Geodaetica et Geophysica (DOI: 10.1007/s40328-023-00415-w)

Original Submission

Arthur T Knackerbracket has processed the following story:

Elon Musk is at the center of yet another legal battle over money allegedly owed by X, the company formerly known as Twitter. A French international news agency, Agence France-Presse (AFP), announced yesterday that it has taken legal action in the Judicial Court of Paris to compel X to provide the data needed to assess compensation owed for X users sharing AFP news content on the platform.

Musk's only reported response so far comes in a post formerly known as a tweet.

"This is bizarre," Musk wrote. "They want us to pay *them* for traffic to their site where they make advertising revenue and we don't!?"

Musk is seemingly unaware of a European Union directive from 2019 granting news agencies' so-called "neighboring rights." These rights were designed to reduce the "value gap" between publishers and the online platforms that profit off of promoting publishers' content.

AFP filed the copyright case after becoming concerned about "the clear refusal" from X to "enter into discussions regarding the implementation of neighboring rights for the press," the AFP press release said. During discussions, AFP said that X was expected to share data that would help the news agency calculate how much money X owed for profiting off of AFP's news content.

Now AFP is seeking an "urgent injunction" ordering X to "provide all the necessary elements required for assessing the remuneration owed to AFP under the neighboring rights legislation."

X and AFP did not immediately respond to Ars' request to comment.

Original Submission

upstart writes:

The creator of Vim, Bram Moolenaar, has passed away.

Message from the family of Bram Moolenaar:

Dear all,

It is with a heavy heart that we have to inform you that Bram Moolenaar passed away on 3 August 2023.
Bram was suffering from a medical condition that progressed quickly over the last few weeks.

Bram dedicated a large part of his life to VIM and he was very proud of the VIM community that you are all part of.

We as family are now arranging the funeral service of Bram which will take place in The Netherlands and will be held in the Dutch lanuage. The extact date, time and place are still to be determined.
Should you wish to attend his funeral then please send a message to funer...@gmail.com. This email address can also be used to get in contact with the family regarding other matters, bearing in the mind the situation we are in right now as family.

With kind regards,
The family of Bram Moolenaar

In 1965, Popular Hot Rodding magazine bought a $250 '57 Chevy for a test bed, to try out various drag racing parts and tuning techniques. It was called Project X back then, here's a capsule history, https://www.motortrend.com/features/57-chevy-project-x-history/

The only thing constant with X was change. The yellow tri-five has had everything from a 292 inline-six to small-blocks, big-blocks, mechanical fuel Injection, multibarrel carbs, cross-ram manifolds, superchargers, and even electronic fuel injection. The Project X 1957 Chevy has had it all over the decades. It was a car constantly reinventing itself to keep up with the latest trends in hot rodding.

Along the way it also appeared in the movie Hollywood Knights and has become arguably the most famous '57 Chevy ever. Nearly 20 years ago it want back to GM for a "makeover" including a modified Corvette front suspension, and since then it picked up another nickname, the "Million-Dollar Chevy."

Jump to the present, they recently converted it to BEV, using a new GM "crate motor", https://www.motortrend.com/features/57-chevy-ev-conversion-project-x-drag-strip-test/ including some major teething troubles getting the control software to deliver good power for a whole pass down the drag strip.

At this point our best 60-foot time was a solid 1.54 seconds. We were really happy with that time but at around 100 feet the system was dropping the voltage and killing our ET. The engineers kept working on the issue and eventually the car was waking up again around the 570-foot mark, but that loss in the middle was still hurting our overall time. The best analogy is an EFI car with fuel-control issues, but instead of running out of fuel, we were losing electricity flow.

Original Submission

upstart writes:

Dubai dawns a new wave of renewable technology with its MBR Solar Park:

The United Arab Emirates might be known for its sizable oil and gas reserves, yet it also has one of the highest solar exposure rates globally.

It is home to the Mohammed Bin Rashid Al Maktoum Solar Park (MBR Solar Park), the world's largest single-site solar park according to the Dubai Electricity and Water Authority (DEWA).

The energy plant covers 44 square kilometres in Dubai's southern desert and is equipped with millions of photovoltaic panels that convert the sun's rays to about 1000 MW hourly that are capable of powering around 320,000 homes.

[...] Established in 2013, the MBR Solar Park is set to reach its fifth and final phase in the next couple of years and is projected to offset 6.5 million tons of carbon emissions annually.

This is the equivalent of taking around five million passenger vehicles off the road yearly, according to US Environmental Protection Agency calculators.

[...] "When you educate the youth from a young age, basically they are aware of the challenges that are being faced by solar from now, and how they can basically look at addressing these challenges" the centre's director Dr. Aaesha Abdulla Alnuaimi told Euronews.

She cites the region's harsh environment as obstacles to technological growth. High temperatures and strong winds are just some of the factors that affect the performance and long-term reliability of renewable technology systems being used.

"Addressing the dust, for example, there is the robotic cleaning but there is a high cost in implementing robotic cleaning," says Alnuaimi. The same applies to using anti-soiling nanotechnology to ward away the effects of commonly occurring sand and dust storms.

"This is why we need more research and more innovation," she told Euronews, in order to find solutions.

taylorvich writes:

https://phys.org/news/2023-08-china-human-lineage.html

A team of paleontologists at the Chinese Academy of Sciences, working with colleagues from Xi'an Jiaotong University, the University of York, the University of Chinese Academy of Sciences and the National Research Center on Human Evolution, has found evidence of a previously unknown human lineage. In their study, reported in Journal of Human Evolution, the group analyzed the fossilized jawbone, partial skull and some leg bones of a hominin dated to 300,000 years ago.

The fossils were excavated at a site in Hualongdong, in what is now a part of East China. They were subsequently subjected to both a morphological and a geometric assessment, with the initial focus on the jawbone, which exhibited unique features—a triangular lower edge and a unique bend.

Original Submission

Meeting Announcement: The next meeting of the SoylentNews governance committee will be this coming Friday, August 11th, 2023 at 20:30 UTC (1:30pm PDT, 4:30pm EDT) in #governance on SoylentNews IRC. Logs of the meeting will be available afterwards for review, and minutes will be published when available.

The agenda for the upcoming meeting will come out within the next few days, 24 hours or more before the meeting. The agenda is expected to cover, at a minimum, actions arising from the previous meeting, such as exploring the formation of a new entity, and janrinok's report on management structure.

Minutes and agenda, and other governance committee information can be found on the SoylentNews Wiki at: https://wiki.staging.soylentnews.org/wiki/Governance

Call for experts: The committee is calling for experts with relevant knowledge of entity formation to attend the meeting. Their advice may be helpful to the committee and the greater community going forward and would be greatly appreciated.

As always, the community is welcome to observe and participate and is hereby invited to come and do both. SoylentNews is People!

upstart writes:

AI-powered brain implants restore touch and movement to paralysed man:

In a world first, a quadriplegic man in the United States has regained touch and movement after surgeons successfully implanted microchips into his brain.

AI is then used to read, interpret and translate his thoughts into action.

Keith Thomas, 45, broke his neck in an accident and became paralysed from his chest down.

[...] A team of medical professionals first spent months mapping Thomas' brain using MRIs to help pinpoint the areas responsible for both arm movement and the sensation of touch in his hand.

He then underwent a 15-hour open-brain surgery.

[...] Dr Ashesh Mehta, the surgeon who performed Thomas' brain surgery said the wiring in Thomas' brain was "broken".

[...] "What we did was a bypass, so we bypassed the block. So, we're basically using a computer to read Keith's thoughts and then translate that into a machine that then stimulates his hand so that he can move it," explained Mehta.

The procedure - dubbed as a "double neural bypass" - goes the other direction as well. He can now "feel" something through tiny electrodes instead of neurons responsible for feeling his fingertips.

The tiny sensors at his fingertips and palm send touch and pressure information back to the sensory area of his brain implant to restore sensation through a computer instead of through the normal pathway through the spinal cord.

"It's almost like fooling the nervous system to make it work," said Mehta.

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

Ilya Lichtenstein and Heather Morgan, the couple who were arrested last year for the massive 2016 Bitfinex hack involving billions of dollars of cryptocurrency, have pleaded guilty in court. Lichtenstein has admitted that he used multiple advanced hacking tools and techniques to gain entry into the cryptocurrency exchange's network. He then authorized 2,000 transactions to move 119,754 bitcoins to wallets he controlled. To cover his tracks, he said he deleted access credentials, logs and other digital breadcrumbs that could give him away. Morgan, his wife, helped him move and launder the stolen funds. 

If you'll recall, the Justice Department seized 95,000 of the stolen bitcoins at the time of their arrest. Back then, that digital coin hoard was worth a whopping $3.6 billion and was the largest financial seizure in the agency's history. Authorities were able to trace more of the stolen funds after that to recover an additional $475 million worth of cryptocurrency.

According to the DOJ, Lichtenstein and Morgan used false identities to set up online accounts on darknet markets and cryptocurrency exchanges. They then withdrew the funds and distributed the bitcoins from there by converting them into other forms of cryptocurrency and keeping them in crypto mixing services. By doing so, they obfuscated the coins' sources and made them harder to trace.

Original Submission