SoylentNews

Arthur T Knackerbracket has processed the following story:

Verizon Wireless gave a female victim's address and phone logs to an alleged stalker who pretended to be a police officer, according to an affidavit filed by an FBI special agent. The man, Robert Michael Glauner, was later arrested near the victim's home and found to be carrying a knife at the time, according to the affidavit submitted in court yesterday.

Glauner allegedly traveled from New Mexico to Raleigh, North Carolina, after finding out where she lived and, before arriving, sent a threatening message that said, "if I can't have you no one can." He also allegedly threatened to send nude photos of the victim to her family members.

[...] Glauner and the victim met in August or September 2023 on xhamster.com, a porn website with dating features, and "had an online romantic relationship," the affidavit said. The victim ended the relationship, but Glauner "continued to contact or try to contact" her, the document said.

Glauner tricked Verizon into providing sensitive information by sending an email and fake search warrant to vsat.cct@one.verizon.com, the email address for the Verizon Security Assistance Team (VSAT), which handles legal requests. Verizon didn't realize the request was fraudulent even though it came from a Proton Mail address rather than from a police department or other governmental agency, according to the affidavit filed yesterday by FBI Special Agent Michael Neylon.

An email to Verizon from "steven1966c@proton.me" on September 26, 2023, said, "Here is the pdf file for search warrant. We are in need if the [sic] this cell phone data as soon as possible to locate and apprehend this suspect. We also need the full name of this Verizon subscriber and the new phone number that has been assigned to her. Thank you."

The email's attached document contained a fake affidavit written by "Detective Steven Cooper" of the Cary, North Carolina Police Department. The Cary Police Department confirmed that no officer named Steven Cooper is employed by their agency, Neylon wrote.

[...] But after reviewing the email and document sent by "Cooper," Verizon provided an address and phone logs. "On October 5, 2023, Verizon Wireless provided Victim 1's phone records, including address and phone logs, to Glauner," according to Neylon's affidavit.

Original Submission

janrinok writes:

Physicists at RIKEN have developed an electronic device that hosts unusual states of matter, which could one day be useful for quantum computation

When a material exists as an ultrathin layer—a mere one or a few atoms thick—it has totally different properties from thicker samples of the same material. That's because confining electrons to a 2D plane gives rise to exotic states. Because of their flat dimensions and their broad compatibility with existing semiconductor technologies, such 2D materials are promising for harnessing new phenomenon in electronic devices.

These states include quantum spin Hall insulators, which conduct electricity along their edges but are electrically insulating in their interiors. Such systems when coupled with superconductivity have been proposed as a route toward engineering topological superconducting states that have potential application in future topological quantum computers.

Now, Michael Randle at the RIKEN Advanced Device Laboratory, along with co-workers from RIKEN and Fujitsu, have created a 2D Josephson junction with active components entirely from a material known to be a quantum spin Hall insulator. The work is published in the journal Advanced Materials.

A Josephson junction is generally made by sandwiching a material between two elemental superconductors. In contrast, Randle and team fabricated their device from a single crystal of monolayer 2D tungsten telluride, which had previously been shown to exhibit both a superconducting state and a quantum spin Hall insulator one.

"We fabricated the junction entirely from monolayer tungsten telluride," says Randle. "We did this by exploiting its ability to be tuned into and out of the superconducting state using electrostatic gating."

[...] "The next step involves the implementation of ultraflat pre-patterned gate structures by using, for example, chemical–mechanical polishing," explains Randle. "If this is achieved, we hope to form Josephson junctions with precisely tailored geometries and to use our cutting-edge microwave resonator experiment techniques to observe and investigate the exciting topological nature of the devices."

Journal Reference:
Michael D. Randle et al, Gate‐Defined Josephson Weak‐Links in Monolayer WTe₂, Advanced Materials (2023). DOI: 10.1002/adma.202301683

Original Submission

upstart writes:

Akamai says it reported the flaws to Microsoft. Redmond shrugged:

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.

We're told the attacks - which are usable against servers running the default configuration of Microsoft Dynamic Host Configuration Protocol (DHCP) servers - don't require any credentials.

Akamai says it reported the issues to Redmond, which isn't planning to fix the issue. Microsoft did not respond to The Register's inquiries.

[...] DHCP is a commonly used network management protocol, and Microsoft's DHCP server is widely used in corporate networks. Organizations can create DNS record using a DHCP feature called DHCP DNS Dynamic Updates.

"Whenever a client is given an IP address by the DHCP server, the latter can contact the DNS server and update the client's DNS record," Akamai's Ori David explained.

When the DHCP server registers or modifies a DNS record on behalf of its clients, it uses DNS Dynamic Updates — and therein lies the problem. DHCP DNS Dynamic Updates does not require any authentication by the DHCP client, and Microsoft DHCP servers enable DHCP DNS Dynamic Updates by default.

"So an attacker can essentially use the DHCP server to authenticate to the DNS server on behalf of themself," David said. "This grants the attacker access to the ADIDNS zone without any credentials."

[...] In addition to creating non-existent DNS records, unauthenticated attackers can also use the DHCP server to overwrite existing data, including DNS records inside the ADI zone in instances where the DHCP server is installed on a domain controller, which David says is the case in 57 percent of the networks Akamai monitors.

"All these domains are vulnerable by default," he wrote. "Although this risk was acknowledged by Microsoft in their documentation, we believe that the awareness of this misconfiguration is not in accordance with its potential impact."

[...] "Use the same DNS credential across all your DHCP servers instead," is the advice.

Original Submission

Arthur T Knackerbracket has processed the following story:

The Hubble Space Telescope is expected to resume science operations on Friday, after a gyroscope glitch forced NASA to suspend astronomical observations for weeks.

"After analyzing the data, the team has determined science operations can resume under three-gyro control," the US space agency confirmed in its latest update. "Based on the performance observed during the tests, the team has decided to operate the gyros in a higher-precision mode during science observations. Hubble's instruments and the observatory itself remain stable and in good health."

Launched in 1990, the telescope has been serviced multiple times over its decades-long lifetime. In 2009 Hubble was equipped with six new gyros. Only three remain operational.

Gyros measure how fast the telescope turns, and help it stay fixed onto a cosmic target as it orbits in space. One of them began behaving oddly, however, leading to faulty readings – so Hubble automatically entered safe mode on November 19.

[...] "To date, three of those gyros remain operational, including the gyro currently experiencing fluctuations. Hubble uses three gyros to maximize efficiency, but could continue to make science observations with only one gyro if required," NASA explained.

The instrument should be able to keep studying stars and galaxies and analyze their light in visible and ultraviolet wavelengths until the end of this decade, and maybe into the early 2030s.

But the telescope is slowly drifting from its intended orbit – currently at about an altitude of 525 kilometers above Earth's atmosphere. It's expected to drop to 500 kilometers by 2025, and at this rate will be drawn down and reenter Earth's atmosphere and be destroyed by the mid 2030s – unless a rescue mission is carried out.

NASA hasn't quite decided on what it will do before then, but has suggested it might attach a propulsion module – either to help the Hubble execute a controlled reentry so it's destroyed over the Pacific Ocean, or boost the telescope higher into orbit so it can continue operating.

See also: Hubble back in service after gyro scare—NASA still studying reboost options

Original Submission

Arthur T Knackerbracket has processed the following story:

Prey has been discovered inside the stomach of a tyrannosaur skeleton for the first time, scientists said Friday, revealing that the mighty dinosaurs had an "appetite for drumsticks" when they were young.

The skeleton of the Gorgosaurus, a member of the tyrannosaurid family that also includes the T-Rex, sheds light on how these dinosaurs grew from fairly slender juveniles into gigantic, bone-crushing, apex-predator adults, they added.

The Gorgosaurus—which means "dreadful lizard"—was around six years old when it died more than 75 million years ago, according to a new study in the journal Science Advances.

The fossil was discovered in 2009 at the Dinosaur Provincial Park, east of the Canadian city of Calgary. But when they got the skeleton back to the lab, the scientists noticed something strange.

The study's lead author, Francois Therrien of the Royal Tyrrell Museum, told AFP they were amazed to "discover the remains of the last meal of this young tyrannosaur still preserved in place".

What was most surprising, he added, was that the small leg bones sticking out of the tyrannosaur's ribcage belonged to two young, bird-like dinosaurs called Citipes.

owl writes:

https://pluralistic.net/2023/12/08/playstationed/#tyler-james-hill

20 years ago, I got in a (friendly) public spat with Chris Anderson, who was then the editor in chief of Wired. I'd publicly noted my disappointment with glowing Wired reviews of DRM-encumbered digital devices, prompting Anderson to call me unrealistic for expecting the magazine to condemn gadgets for their DRM:

I replied in public, telling him that he'd misunderstood. This wasn't an issue of ideological purity – it was about good reviewing practice. Wired was telling readers to buy a product because it had features x, y and z, but at any time in the future, without warning, without recourse, the vendor could switch off any of those features:

I proposed that all Wired endorsements for DRM-encumbered products should come with this disclaimer:

WARNING: THIS DEVICE'S FEATURES ARE SUBJECT TO REVOCATION WITHOUT NOTICE, ACCORDING TO TERMS SET OUT IN SECRET NEGOTIATIONS. YOUR INVESTMENT IS CONTINGENT ON THE GOODWILL OF THE WORLD'S MOST PARANOID, TECHNOPHOBIC ENTERTAINMENT EXECS. THIS DEVICE AND DEVICES LIKE IT ARE TYPICALLY USED TO CHARGE YOU FOR THINGS YOU USED TO GET FOR FREE — BE SURE TO FACTOR IN THE PRICE OF BUYING ALL YOUR MEDIA OVER AND OVER AGAIN. AT NO TIME IN HISTORY HAS ANY ENTERTAINMENT COMPANY GOTTEN A SWEET DEAL LIKE THIS FROM THE ELECTRONICS PEOPLE, BUT THIS TIME THEY'RE GETTING A TOTAL WALK. HERE, PUT THIS IN YOUR MOUTH, IT'LL MUFFLE YOUR WHIMPERS.

Wired didn't take me up on this suggestion.

Original Submission

Arthur T Knackerbracket has processed the following story:

Last year agricultural equipment giant John Deere found itself on the receiving end of an antitrust lawsuit for its efforts to monopolize tractor repair. The lawsuits noted that the company consistently purchased competing repair centers in order to consolidate the sector and force customers into using the company’s own repair facilities, driving up costs and logistical hurdles dramatically for farmers.

The lawsuits also noted how the company routinely makes repair difficult and costly through the act of software locks, obnoxious DRM, and “parts pairing” — which involves only allowing the installation of company-certified replacement parts — or mandatory collections of company-blessed components.

[...] John Deere has spent years promising farmers that they’d reverse course on their efforts to monopolize repair, only to ignore their own promises. The company has also been striking meaningless “memorandums of understanding” with key trade groups, pinky swearing to stop their bad behavior if the groups agree to not support state or federal right to repair legislation.

The market isn’t going to fix this problem by itself. It’s clearly going to require a combination of antitrust reform, regulatory action, new state/federal legislation, and meaningful class action penalties before John Deere executives finally get the message. And unfortunately for them, right to repair reform continues to see stunning levels of bipartisan public support.

Original Submission

Arthur T Knackerbracket has processed the following story:

Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.

Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.

[...] During the initialization phase, the rootkit conceals its own presence. It then proceeds to hook the `kill()` syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.

The researchers have so far been unable to determine precisely how Krasue gets installed. Possible infection vectors include through vulnerability exploitation, credential-stealing or -guessing attacks, or by unwittingly being installed as trojan stashed in an installation file or update masquerading as legitimate software.

Besides the rootkit functions, Krasue features an installation file that's shielded inside a UPX, a so-called packer that provides a cryptographic wrapper around the main executable that can stymie detection by anti-virus software. The Group-IB post provides indicators of compromise and digital characteristics for detecting infected systems.

Original Submission

Arthur T Knackerbracket has processed the following story:

The two small moons of Mars, Phobos (about 22km in diameter) and Deimos (about 13km in diameter), have been puzzling scientists for decades, with their origin remaining a matter of debate. Some have proposed that they may be made up of residual debris produced from a planet or large asteroid smashing into the surface of Mars (#TeamImpact).

An opposing hypothesis (#TeamCapture), however, suggests the moons are asteroids that were captured by Mars's gravitational pull and were trapped in orbit.

To solve the mystery, we'll need material from the moons' surfaces for analytical analyses on Earth. Luckily, the Japan Aerospace Exploration Agency (Jaxa) will launch a mission, named "Martian Moon eXploration" (MMX), to Phobos and Deimos in September 2024. The mission will be carried by a newly designed rocket, the H-3, which is still under development.

The spacecraft is expected to reach Martian orbit in 2025, after which it will orbit Phobos and finally collect material from its surface before returning to Earth by 2029.

[...] If an impact origin did indeed occur, we would expect to find similar material on Phobos to that which is found on Mars. While we do not have any material returned directly from Mars (yet), we are lucky enough to have rock that has been ejected off its surface which eventually found its way to Earth.

These meteorites may therefore be similar to the material returned from Phobos, providing a fantastic comparison.

upstart writes:

Carbon emissions that cause climate change are on track to hit a record high this year, while efforts to remove them from the atmosphere are still minuscule:

Carbon dioxide emissions from fossil fuels are on track to reach a record high by the end of 2023. And a new report shows just how insignificant technologies that pull greenhouse gases out of the atmosphere are by comparison.

[...] "There has been great progress in reducing emissions in some countries—however, it just isn't good enough. We're drastically off course," Mike O'Sullivan, a lecturer at the University of Exeter and one of the authors of the report, said via email.

Europe's emissions dropped around 7% from last year, while the US saw a 3% reduction. But overall, coal, oil, and natural-gas emissions are all still on the rise, and nations including India and China are still seeing emissions growth. Together, those two nations currently account for nearly 40% of global fossil-fuel emissions, though Western nations including the US are still the greatest historical emitters.

[...] However, one technology sometimes touted as a cure-all for the emissions problems has severe limitations, according to the new report: carbon dioxide removal. Carbon removal technologies suck greenhouse gases out of the atmosphere to prevent them from further warming the planet. The UN panel on climate change has called carbon removal an essential component of plans to reach international climate targets of keeping warming at less than 1.5 °C (2.7 °F) above preindustrial levels.

The problem is, there's very little carbon dioxide removal taking place today. Direct air capture and other technological approaches collected and stored only around 10,000 metric tons of carbon dioxide in 2023.

canopic jug writes:

Back in August the Tor Project and the EFF launched an advocacy campaign for getting more Tor relays running at universities. Now it is December and they have published an update on how the Tor University Challenge has gone so far.

In August of 2023 EFF announced the Tor University Challenge, a campaign to get more universities around the world to operate Tor relays. The primary goal of this campaign is to strengthen the Tor network by creating more high bandwidth and reliable Tor nodes. We hope this will also make the Tor network more resilient to censorship since any country or smaller network cutting off access to Tor means it would be also cutting itself off from a large swath of universities, academic knowledge, and collaborations.

So far they have established contact with more pre-existing relays at universities, increased the number of relays in general running at universities, and cultivated better contact with the national-level university Internet connectivity organizations (NRENs). Some of the institutions have established public relays, and others even added new exit relays.

Previously:
(2023) The Internet Enabled Mass Surveillance. A.I. Will Enable Mass Spying
(2023) Mullvad VPN And The Tor Project Collaborate On A Web Browser
(2022) Tor Project Releases Latest Version of its Eponymous Browser
(2022) Tor Project Upgrades Network Speed Performance with New System
(2022) Tor Project Battles Russian Censorship Through the Courts
... and more.

Original Submission

Freeman writes:

https://arstechnica.com/space/2023/12/nasas-asteroid-mission-struck-its-target-but-then-dodged-a-bullet/

On September 24, the OSIRIS-REx spacecraft released the canister containing the asteroid samples to plunge into the Earth's atmosphere, while the mothership steered onto a course to take it safely back into deep space for a follow-up mission to explore a different asteroid at the end of the 2020s.

Lauretta, OSIRIS-REx's principal investigator from the University of Arizona, was a passenger in a US military helicopter circling the capsule's landing zone in the Utah desert.
[...]
For those watching NASA's live video coverage of the OSIRIS-REx mission's return to Earth, there were hints that something was amiss. Video imagery from a NASA tracking airplane showed the capsule tumbling toward the ground at high speed, well after the point when the drogue parachute should have been visible.
[...]
The last time NASA tried to bring extraterrestrial samples back to Earth, the parachute never opened.
[...]
"We're tumbling. We are in a subsonic regime, and we are not stabilized," Lauretta said. "There's no drogue chute deployed here. Problem! So I was like trying to mentally prepare myself, because we're on live TV, to get off this helicopter and deal with a crashed capsule in the desert."

Then, Lauretta heard confirmation from the Air Force that the OSIRIS-REx return capsule had unfurled its main parachute.

"I was like, 'What? How is that possible?'" he said.

canopic jug writes:

Low-tech Magazine has built a bicycle generator for a public exhibition on energy at the Pavillon d'Arsenal in Paris, France. Their two other bike generators can be seen and experimented with in Rotterdam, Netherlands and Barcelona, Spain.

In October, we built a third energy bicycle during a workshop at the House of the Future in Rotterdam. This bicycle generator is now used as an energy source in the community center. The House of the Future is open to the public, for details see their website and instagram.

In a future article, we will cover the construction process and technical details of these two new muscular power plants. These machines are based on spinning bikes and are more powerful than the first bike generator we built.

With electricity prices continually hitting new record highs, maybe the market is the EU?

[The Toaster Challenge can help put this energy-generation idea into perspective. --hubie]

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2023/12/intel-accuses-amd-of-selling-old-cpus-with-new-model-numbers-which-intel-also-does/

AMD changed the way it numbers its Ryzen laptop processors last year, switching to a new system that simultaneously provides more concrete information than the old one while also partially obfuscating the exact age of the various CPU and GPU architectures being mixed-and-matched.
[...]
Intel came out swinging against this naming scheme in a confrontational slide deck this week—now deleted, but preserved for posterity by VideoCardz—where it accuses AMD of selling "snake oil" by using older processor architectures in ostensibly "new" chips.

The "Core Truths" deck takes particular issue with the Ryzen 7020 series, released in late 2022 and into 2023 but using Zen 2-based CPU cores that date back to mid-2019. Intel argues, not inaccurately, that a 13th-generation Core i5-1335U chip can perform much better than a Ryzen 5 7520U, despite both being marketed as recent releases.

My first reaction was to basically agree with Intel's overall point; this was easy to do since the company used something I wrote to back up its argument.
[...]
My second reaction, arrived at almost simultaneously, was to wonder why Intel was taking so much issue with a practice that Intel itself regularly uses to "refresh" its processor lineups.
[...]
"Rebranding old technology to make it seem newer" is a trick that practically all big chipmakers have resorted to at one time, and Intel has a particularly rich history with it. The mid-to-late-2010s manufacturing problems that lost Intel its chipmaking technology lead also resulted in a whopping five generations of chips that all used some variation of the same Skylake-based CPU and GPU architecture.
[...]
To gripe about AMD's practices just weeks after releasing the barely updated 14th-generation Core desktop processors—maybe Intel should move out of its glass house before it starts throwing rocks.

Original Submission

An Anonymous Coward writes:

systemd's newest contribution to FOSS is the BSoD - but this time, new and improved, with QR codes!

Not a joke, truth. QR codes!

https://arstechnica.com/gadgets/2023/12/linux-distros-are-about-to-get-a-killer-windows-feature-the-blue-screen-of-death/

The systemd-bsod component is currently listed as "experimental" and "subject to change." But the functionality is simple: any logged error message that reaches the LOG_EMERG level will be displayed full-screen to allow people to take a photo or write it down. Phoronix reports that, as with BSODs in modern Windows, the Linux version will also generate a QR code to make it easier to look up information on your phone.

New FOSS chant? "Stay free, use BSD, never see B-S-o-D!"

Original Submission