SoylentNews

Arthur T Knackerbracket has processed the following story:

Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices.

The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai said Wednesday. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day.

Kyle Lefton, a security researcher with Akamai’s Security Intelligence and Response Team, said in an email that it has observed the threat actor behind the attacks perform DDoS attacks against “various organizations,” which he didn’t name or describe further. So far, the team hasn’t seen any indication the threat actors are monitoring video feeds or using the infected cameras for other purposes.

Akamai detected the activity using a “honeypot” of devices that mimic the cameras on the open Internet to observe any attacks that target them. The technique doesn’t allow the researchers to measure the botnet's size. The US Cybersecurity and Infrastructure Security Agency warned of the vulnerability earlier this month.

The technique, however, has allowed Akamai to capture the code used to compromise the devices. It targets a vulnerability that has been known since at least 2019 when exploit code became public. The zero-day resides in the “brightness argument in the ‘action=’ parameter” and allows for command injection, researchers wrote. The zero-day, discovered by Akamai researcher Aline Eliovich, wasn’t formally recognized until this month, with the publishing of CVE-2024-7029.

upstart writes:

Top Brazilian judge orders suspension of X platform in nation:

A Brazilian Supreme Court justice on Friday ordered the suspension of Elon Musk's social media giant X in Brazil after the tech billionaire refused to name a legal representative in the country, according to a copy of the decision seen by The Associated Press

The move further escalates the months long feud between the two men over free speech, far-right accounts and misinformation.

Justice Alexandre de Moraes had warned Musk on Wednesday night that X could be blocked in Brazil if he failed to comply with his order to name a representative, and established a 24-hour deadline. The company hasn't had a representative in the country since earlier this month.

In his decision, de Moraes gave internet service providers and app stores five days to block access to X, and said the platform will remain blocked until it complies with his orders. He also said people or companies who use virtual private networks, or VPNs, to access X will be subject to daily fines of 50,000 reais ($8,900).

"Elon Musk showed his total disrespect for Brazilian sovereignty and, in particular, for the judiciary, setting himself up as a true supranational entity and immune to the laws of each country," de Moraes wrote.

Brazil is an important market for X, which has struggled with the loss of advertisers since Musk purchased the former Twitter in 2022. Market research group Emarketer says some 40 million Brazilians, roughly one-fifth of the population, access X at least once per month.

X had posted on its official Global Government Affairs page late Thursday that it expected X to be shut down by de Moraes, "simply because we would not comply with his illegal orders to censor his political opponents."

"When we attempted to defend ourselves in court, Judge de Moraes threatened our Brazilian legal representative with imprisonment. Even after she resigned, he froze all of her bank accounts," the company wrote. "Our challenges against his manifestly illegal actions were either dismissed or ignored. Judge de Moraes' colleagues on the Supreme Court are either unwilling or unable to stand up to him."

X has clashed with de Moraes over its reluctance to comply with orders to block users.

Arthur T Knackerbracket has processed the following story:

Identifying deteriorating infrastructure can be as challenging as fixing it. However, researchers at Tohoku University have made this process easier with the development of an innovative new material.

The material responds to mechanical stimuli by recording stress history through a luminescent effect called an afterglow. This information is stored for a long time, and by applying the material to the surfaces of structures, researchers can observe changes in the afterglow to determine the amount of stress the material has experienced.

“What makes our material truly innovative is that it operates without a power supply, complex equipment, or on-site observation and is easily combined with IoT technology,” points out Tohoku University professor and corresponding author of the study, Chao-Nan Xu.

In Japan, aging infrastructure has become a significant problem, leading to an increased demand for new diagnostic technologies that prevent accidents and/or extend the life of structures.

Mechanoluminescent materials exhibit luminescence when mechanically stimulated, and technologies such as crack detection and stress visualization have been developed by applying this material to the surface of structures. But the luminescence can only be observed at the moment of mechanical stimulation, and information about past mechanical stimuli cannot be retrieved.

Researchers have explored various materials capable of recording past mechanical loading histories. These materials typically combine stress-luminescent materials with photosensitive materials, creating a system where the material emits light in response to mechanical stress, and this light can be preserved and later analyzed to reconstruct the stress history. However, these materials face several challenges: complex layering structures, dark reactions, and long-term recording performance. Additionally, while certain fluorophores reveal past loading history when subjected to heat, the application has been limited to materials capable of withstanding high temperatures.

Xu and her colleagues discovered a simple and environmentally friendly method to record stress using Pr-doped Li_0.12 Na_0.88 NbO₃ (LNNO). This LNNO had a mechanical recording functionality, meaning it could retrieve even past stress events.

upstart writes:

End of the Road: An AnandTech Farewell:

It is with great sadness that I find myself penning the hardest news post I've ever needed to write here at AnandTech. After over 27 years of covering the wide – and wild – word of computing hardware, today is AnandTech's final day of publication.

For better or worse, we've reached the end of a long journey – one that started with a review of an AMD processor, and has ended with the review of an AMD processor. It's fittingly poetic, but it is also a testament to the fact that we've spent the last 27 years doing what we love, covering the chips that are the lifeblood of the computing industry.

A lot of things have changed in the last quarter-century – in 1997 NVIDIA had yet to even coin the term "GPU" – and we've been fortunate to watch the world of hardware continue to evolve over the time period. We've gone from boxy desktop computers and laptops that today we'd charitably classify as portable desktops, to pocket computers where even the cheapest budget device puts the fastest PC of 1997 to shame.

The years have also brought some monumental changes to the world of publishing. AnandTech was hardly the first hardware enthusiast website, nor will we be the last. But we were fortunate to thrive in the past couple of decades, when so many of our peers did not, thanks to a combination of hard work, strategic investments in people and products, even more hard work, and the support of our many friends, colleagues, and readers.

Still, few things last forever, and the market for written tech journalism is not what it once was – nor will it ever be again. So, the time has come for AnandTech to wrap up its work, and let the next generation of tech journalists take their place within the zeitgeist.

[...] And while the AnandTech staff is riding off into the sunset, I am happy to report that the site itself won't be going anywhere for a while. Our publisher, Future PLC, will be keeping the AnandTech website and its many articles live indefinitely. So that all of the content we've created over the years remains accessible and citable. Even without new articles to add to the collection, I expect that many of the things we've written over the past couple of decades will remain relevant for years to come – and remain accessible just as long.

Arthur T Knackerbracket has processed the following story:

The salty, arsenic- and cyanide-laced waters of the Eastern Sierra Nevada’s Mono Lake is an extremely hostile environment. Aside from the abundant brine shrimp and black clouds of alkali flies, very few organisms live there.

Now, researchers from the University of California, Berkeley have discovered a new creature lurking in the lake’s briny shallows — one that could tell scientists about the origin of animals more than 650 million years ago.

The organism is a choanoflagellate, a microscopic, single-celled form of life that can divide and develop into multicellular colonies in a way that’s similar to how animal embryos form. It’s not a type of animal, however, but a member of a sister group to all animals. As animals’ closest living relative, the choanoflagellate is a crucial model for the leap from one-celled to multicellular life.

Surprisingly, it harbors its own microbiome, making it the first choanoflagellate known to establish a stable physical relationship with bacteria, instead of solely eating them. As such, it’s one of the simplest organisms known to have a microbiome.

“Very little is known about choanoflagellates, and there are interesting biological phenomena that we can only gain insight into if we understand their ecology,” said Nicole King, a UC Berkeley professor of molecular and cell biology and a Howard Hughes Medical Institute (HHMI) investigator who studies choanoflagellates as a model for what early life was like in ancient oceans.

Typically visible only through a microscope, choanoflagellates are often ignored by aquatic biologists, who instead focus on macroscopic animals, photosynthetic algae, or bacteria. But their biology and lifestyle can give insight into creatures that existed in the oceans before animals evolved and that eventually gave rise to animals. This species in particular could shed light on the origin of interactions between animals and bacteria that led to the human microbiome.

“Animals evolved in oceans that were filled with bacteria,” King said. “If you think about the tree of life, all organisms that are alive now are related to each other through evolutionary time. So if we study organisms that are alive today, then we can reconstruct what happened in the past.”

Freeman writes:

https://arstechnica.com/tech-policy/2024/08/backpage-founder-michael-lacey-gets-5-years-in-prison-for-money-laundering/

Backpage founder Michael Lacey was sentenced yesterday to five years in prison and fined $3 million after being convicted on one count of money laundering. Lacey, 76, was also sentenced to three years of supervised release, the Department of Justice said in a press release.

[...] Authorities alleged that Backpage generated over $500 million in revenue from running a forum that facilitated prostitution. While Lacey argued that he wasn't involved in day-to-day operations, US District Judge Diane Humetewa "told Lacey during Wednesday's sentencing he was aware of the allegations against Backpage and did nothing," according to the Associated Press.

"In the face of all this, you held fast," Humetewa reportedly said. "You didn't do a thing." The US government recommended 20-year prison sentences for each of the three defendants.

[...] Lacey will fight the sentencing. "Paul Cambria, Mr. Lacey's lawyer, called the sentencing on Wednesday a 'mistake' and said that they would appeal, adding that there was evidence that Mr. Lacey never concealed financial information. A lawyer for Mr. Brunst, Gary Lincenberg, said his client also planned to appeal," The New York Times wrote.

[...] In November 2023, a jury in US District Court for the District of Arizona convicted Lacey of international concealment money laundering but returned no verdict on 85 other charges related to money laundering and facilitation of prostitution. In April, Humetewa acquitted Lacey on 50 of the charges that the jury did not reach a verdict on. Even "after viewing the record in the light most favorable to the Government, the Court finds there is insufficient of evidence to support convictions" on those counts, she wrote.

[...] Backpage co-founder and CEO Carl Ferrer agreed to plead guilty in 2018 and cooperated with authorities on the investigation into Backpage. Ferrer could still go to prison, but his "plea agreement contemplates that he will not be sentenced until the conclusion of his cooperation," the US government has said.

[...] In September 2021, a previous judge handling the Backpage case declared a mistrial, finding that US prosecutors unfairly tainted the jury by focusing too heavily on claims of child sex trafficking in a case that did not involve any charges of child sex trafficking. At the time, Judge Susan Brnovich said she gave the government leeway to mention child sex trafficking, but the "government abused that leeway."

Previously on SoylentNews:
DoJ Lets Cops Know SESTA/FOSTA Is For Shutting Down Websites, Not Busting Sex Traffickers - 20180617
Backpage CEO Takes Plea Deal, Will Testify Against Other Executives; President Signs FOSTA-SESTA - 20180413

Original Submission

owl writes:

https://www.haskellforall.com/2024/08/firewall-rules-not-as-secure-as-you.html

This post introduces some tricks for jailbreaking hosts behind "secure" enterprise firewalls in order to enable arbitrary inbound and outbound requests over any protocol. You'll probably find the tricks outlined in the post useful if you need to deploy software in a hostile networking environment.

The motivation for these tricks is that you might be a vendor that sells software that runs in a customer's datacenter (a.k.a. on-premises software), so your software has to run inside of a restricted network environment. You (the vendor) can ask the customer to open their firewall for your software to communicate with the outside world (e.g. your own datacenter or third party services), but customers will usually be reluctant to open their firewall more than necessary.

For example, you might want to ssh into your host so that you can service, maintain, or upgrade the host, but if you ask the customer to open their firewall to let you ssh in they'll usually push back on or outright reject the request. Moreover, this isn't one of those situations where you can just ask for forgiveness instead of permission because you can't begin to do anything without explicitly requesting some sort of firewall change on their part.

So I'm about to teach you a bunch of tricks for efficiently tunneling whatever you want over seemingly innocuous openings in a customer's firewall.....

We are not condoning such actions, but you cannot secure your own systems unless you know how the opposition will attack them.

Original Submission

Booga1 writes:

TikTok must face lawsuit over 10-year-old girl's death, US court rules.

A U.S. appeals court has revived a lawsuit against TikTok by the mother of a 10-year-old girl who died after taking part in a viral "blackout challenge" in which users of the social media platform were dared to choke themselves until they passed out.

While a federal law typically shields internet companies from lawsuits over content posted by users, the Philadelphia-based 3rd U.S. Circuit Court of Appeals on Tuesday ruled the law does not bar Nylah Anderson's mother from pursuing claims that TikTok's algorithm recommended the challenge to her daughter.

U.S. Circuit Judge Patty Shwartz, writing for the three-judge panel, said that Section 230 of the Communications Decency Act of 1996 only immunizes information provided by third parties and not recommendations TikTok itself made via an algorithm underlying its platform.

She acknowledged the holding was a departure from past court rulings by her court and others holding that Section 230 immunizes an online platform from liability for failing to prevent users from transmitting harmful messages to others.

But she said that reasoning no longer held after a U.S. Supreme Court ruling in July on whether state laws designed to restrict the power of social media platforms to curb content they deem objectionable violate their free speech rights.
In those cases, the Supreme Court held a platform's algorithm reflects "editorial judgments" about "compiling the third-party speech it wants in the way it wants." Shwartz said under that logic, content curation using algorithms is speech by the company itself, which is not protected by Section 230.

"TikTok makes choices about the content recommended and promoted to specific users, and by doing so, is engaged in its own first-party speech," she wrote.

TikTok did not respond to requests for comment.

Original Submission

owl writes:

https://blog.hopefullyuseful.com/blog/advantage-air-ezone-tablet-diy-repair/

Forcing customers to replace an entire system just because the cheapest component failed might be really profitable, I have no idea... But I do know that it annoyed me enough to make me want to fix it myself. While I understand that what I do next is beyond a large number of Advantage Air customers, in my investigation I found that there seems to be only software choices preventing modern tablets from working with older control systems. Adding a simple "system" chooser to their software applications would give solutions to everyone, while the custom POE connector would ensure they still need their hardware.

My family had a new home built in 2019. As part of the build package a large ducted reverse cycle (heatpump) air conditioning system was installed. As it was part of the entire build I am not sure on the specific price of this system but based on other quotes I have seen for a similar sized house I would guess $10k-$12k. The system has two main parts, the actual Daikin airconditioner and an Advantage Air control box in attic that opens the vents to the various zones. This control system is operated by a cheap POE powered Android tablet on the wall of the living room.

[...] E-Zone running perfectly on an ancient Samsung Galaxy Tab 4. I was elated. After I gave up on repairing the original, getting this tablet working took only a few hours and was a hell of a lot of fun. This tablet is 10+ years old and yet still is much snappier than the junk that came with the system, but if I want to upgrade to something more powerful, say to control my homeassistant etc... all I need to do is plug it into the usb. But for turning the AC on and off it is more than enough and I am currently waiting on a nice flush connector to arrive then will mount it on the wall.

He had to spend an interesting few hours fixing it but it makes a good read...

Original Submission

Arthur T Knackerbracket has processed the following story:

A team of scientists from the Department of Energy’s SLAC National Accelerator Laboratory has uncovered new information about the photoelectric effect, a phenomenon first described by Einstein over a century ago. Their method provides a new tool to study electron-electron interactions, which are fundamental to many technologies, including semiconductors and solar cells. The results were published on August 21 in the journal Nature.

When an atom or molecule absorbs a photon of light, it can emit an electron in a process known as the photoelectric effect. Einstein’s description of the photoelectric effect, also known as photoionization, laid the theoretical foundation for quantum mechanics. However, the instantaneous nature of this effect has been a topic of intense study and debate. Recent advancements in attosecond science have provided the tools necessary to resolve the ultrafast time delays involved in photoionization.

“Einstein won the Nobel Prize for describing the photoelectric effect, but a hundred years later, we’ve only just begun to truly understand the underlying dynamics,” said lead author and SLAC scientist Taran Driver. “Our work marks a significant step forward by measuring these delays in the X-ray domain, a feat that has not been achieved before.”

Arthur T Knackerbracket has processed the following story:

The California State Assembly has passed the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act (SB 1047), Reuters reports. The bill is one of the first significant regulations of artificial intelligence in the US.

The bill, which has been a flashpoint for debate in Silicon Valley and beyond, would obligate AI companies operating in California to implement a number of precautions before they train a sophisticated foundation model. Those include making it possible to quickly and fully shut the model down, ensuring the model is protected against “unsafe post-training modifications,” and maintaining a testing procedure to evaluate whether a model or its derivatives is especially at risk of “causing or enabling a critical harm.”

Senator Scott Wiener, the bill’s main author, said SB 1047 is a highly reasonable bill that asks large AI labs to do what they’ve already committed to doing: test their large models for catastrophic safety risk. “We’ve worked hard all year, with open source advocates, Anthropic, and others, to refine and improve the bill. SB 1047 is well calibrated to what we know about forseeable AI risks, and it deserves to be enacted.”

Critics of SB 1047 — including OpenAI and Anthropic, politicians Zoe Lofgren and Nancy Pelosi, and California’s Chamber of Commerce — have argued that it’s overly focused on catastrophic harms and could unduly harm small, open-source AI developers. The bill was amended in response, replacing potential criminal penalties with civil ones, narrowing enforcement powers granted to California’s attorney general, and adjusting requirements to join a “Board of Frontier Models” created by the bill.

After the State Senate votes on the amended bill — a vote that’s expected to pass — the AI safety bill will head to Governor Gavin Newsom, who will have until the end of September to decide its fate, according to The New York Times.

Original Submission

Arthur T Knackerbracket has processed the following story:

With impressive speed and candor, Rocket Factory Augsburg (RFA) has provided an update on the anomaly that caused last week's rocket firing at SaxaVord in Shetland, Scotland, to end explosively.

The first stage of RFA's rocket explodes on the SaxaVord launchpad

Brieschenk described the anomaly as "a very unusual one." The leading theory is that there was a fire in an oxygen pump, which is difficult to contain and certainly more than the systems on the stage and launch pad could handle. The damage rapidly spread to the other engines, and despite the stage triggering an emergency stop, the explosion happened shortly after.

The horizontal jet of flame from the base of the stage was indicative of the severity of the damage. Brieschenk explained that the compromised engines had damaged the manifold to such an extent that kerosene began leaking from the vent lines. "That was really the point of no return," he said.

The kerosene fueled the fire. The flames grew more intense and eventually became an oxygen-fed blaze so severe that "large portions of engines were simply combusted." Brieschenk said the CO₂ and water fire suppression systems were not adequately sized to deal with the unfolding damage.

Despite the inevitable delay following the explosion, Brieschenk was keen to highlight that the stage collapsed in a manner which caused it to topple away from the launch pad's umbilical tower. As a result, the pad remained relatively unscathed, aside from elements like the launch stool that were designed to support the stage.

Although Brieschenk said RFA was confident in the design of the offending turbopump, he also noted that more than 100 improvements were being made to the next first stage, which is currently under construction. Many of these improvements aim to prevent a repeat of the SaxaVord incident, where a single turbopump failure led to the loss of the entire stage.

The need to wait for the completion of this first stage, originally intended for the second flight of the RFA One, means that the inaugural launch has been postponed to 2025. The other components, like the second stage, for example, are already at SaxaVord.

The company said it was being as transparent as possible regarding the mishap and was sharing its own raw footage of the incident. It wrote: "Maybe other companies or prospective engineers can learn from it."

You can watch the vid here. Brieschenk concluded: "Enjoy the footage. It is very spectacular, and it has cost us quite some money to generate."

Original Submission

owl writes:

https://ian.sh/tsa

Like many, Sam Curry and I spend a lot of time waiting in airport security lines. If you do this enough, you might sometimes see a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent's laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all.

A similar system also exists for cockpit access, called the Cockpit Access Security System (CASS). Most aircraft have at least one jumpseat inside the cockpit sitting behind the flying pilots. When pilots need to commute or travel, it is not always possible for them to occupy a revenue seat, so a jumpseat can be used instead. CASS allows the gate agent of a flight to verify that the jumpseater is an authorized pilot. The gate agent can then inform the crew of the flight that the jumpseater was authenticated by CASS.

The employment status check is the most critical component of these processes. If the individual doesn't currently work for an airline, they have not had a background check and should not be permitted to bypass security screening or access the cockpit. This process is also responsible for returning the photo of the crewmember to ensure the right person is being authorized for access. So how does this work, when every airline presumably uses a different system to store their employee information? That is what we were wondering, and where it gets interesting...

Original Submission

Arthur T Knackerbracket has processed the following story:

Over the past few decades, scientists have generated a pile of evidence suggesting that a diet rich in saturated fats is enough to cause heart diseases. Besides other problems like diabetes and atherosclerosis, saturated fats have also been linked to life-threatening arrhythmias.

Interestingly, based on animal and human studies, certain omega-3 polyunsaturated fatty acids seem to have beneficial effects on cardiovascular health. In particular, eicosapentaenoic acid (EPA), which is found in fish oil, not only has vasodilator and antiplatelet effects, but can even help prevent atrial fibrillation and other arrythmias. Despite EPA being readily available as a dietary supplement, the effect of EPA on cardiomyocytes and their underlying mechanisms of action are not fully understood.

In a recent study published online in the International Journal of Molecular Sciences, a research team from Japan set out to bridge this knowledge gap. Led by Associate Professor Masaki Morishima from Kindai University, they investigated the role of EPA in inducing long-term electrical changes in cultured mouse cardiomyocytes using a variety of bioanalytical techniques. Their research article was co-authored by Dr. Katsushige Ono from Oita University and Dr. Kazuki Horikawa from Tokushima University.

The main focus of this work was on how an oleic acid/palmitic acid mixture (OAPA), two well-studied saturated fats, impact calcium homeostasis in cardiomyocytes by affecting Ca²⁺ ion channels, and whether EPA can rescue these changes and restore normal functioning.

[...] Put together, this study has shed some much needed light on the underlying mechanisms by which EPA could bolster heart health. “Although there are techniques and drugs to control arrythmias, methods to prevent them have not been established,” remarks Dr. Morishima. Adding further, she states, “The results of our study suggest that EPA has a protective effect on cardiomyocytes by normalizing abnormalities caused by the intake of excessive amounts of saturated fatty acids, which occurs in high-fat diets.”

The team envisions that these findings will pave the way for smarter dietary choices and new health guidelines. “While research on nutrients and disease prevention can take a long time, studies like ours lay the groundwork for practical nutritional strategies that could seamlessly fit into everyday diet,” concludes Dr. Morishima, hoping for a healthier future.

Reference: “Eicosapentaenoic Acid Rescues Cav1.2-L-Type Ca2+ Channel Decline Caused by Saturated Fatty Acids via Both Free Fatty Acid Receptor 4-Dependent and -Independent Pathways in Cardiomyocytes” by Masaki Morishima et al., 9 July 2024, International Journal of Molecular Sciences. DOI: 10.3390/ijms25147570

Original Submission

owl writes:

https://martypc.blogspot.com/2024/08/pc-floppy-copy-protection-formaster.html

This is Part 1 of a series of articles investigating various PC floppy protections, as I get them working in MartyPC. It assumes you have a familiarity with the structure of a PC floppy disk and the basic operation of a PC floppy drive.

...

Formaster called their copy protection technology "Copy-Lock," a name which, unfortunately, several other producers of copy-protection technology used for entirely unrelated methods.

The Formaster flavor of Copy-Lock was not used exclusively on PC - the Series One supported many other different computers such as the Apple II and Commodore 64. Copy protection schemes on those platforms could be much more advanced. This article will specifically look at Copy-Lock as it appeared on the IBM PC platform.

Original Submission