Join our Folding@Home team:
Main F@H site
Our team page
Support us: Subscribe Here
and buy SoylentNews Swag
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
For determined hackers, sitting in a car outside a target's building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia's GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car's trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.
Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, remotely hacked into a laptop in that neighboring building, and used that computer's antenna to break into the Wi-Fi network of their intended victim—a radio-hacking trick that never even required leaving Russian soil.
At the Cyberwarcon security conference in Arlington, Virginia, today, cybersecurity researcher Steven Adair will reveal how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a "nearest neighbor attack"—while investigating a network breach targeting a customer in Washington, DC, in 2022. Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165. Part of Russia's GRU military intelligence agency, the group has been involved in notorious cases ranging from the breach of the Democratic National Committee in 2016 to the botched Wi-Fi hacking operation in which four of its members were arrested in the Netherlands in 2018.
In this newly revealed case from early 2022, Volexity ultimately discovered not only that the Russian hackers had jumped to the target network via Wi-Fi from a different compromised network across the street, but also that this prior breach had also potentially been carried out over Wi-Fi from yet another network in the same building—a kind of "daisy-chaining" of network breaches via Wi-Fi, as Adair describes it.
[...] Adair argues, though, that the case should serve as a broader warning about cybersecurity threats to Wi-Fi for high-value targets—and not just from the usual suspects loitering in the parking lot or the lobby. "Now we know that a motivated nation-state is doing this and has done it," says Adair, "It puts on the radar that Wi-Fi security has to be ramped up a good bit." He suggests organizations that might be the target of similar remote Wi-Fi attacks consider limiting the range of their Wi-Fi, changing the network's name to make it less obvious to potential intruders, or introducing other authentication security measures to limit access to employees.
[...] Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group—Microsoft refers to the group as Forest Blizzard—to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.
[...] The switch to hacking via Wi-Fi from a remotely compromised device rather than physically placing a spy nearby represents a logical next step following the GRU's operational security disaster in 2018, when its hackers were caught in a car in The Hague attempting to hack the Organization for the Prohibition of Chemical Weapons in response to the OPCW's investigation of the attempted assassination of GRU defector Sergei Skripal. In that incident, the APT28 team was arrested and their devices were seized, revealing their travel around the world from Brazil to Malaysia to carry out similar close-access attacks.
"If a target is important enough, they're willing to send people in person. But you don't have to do that if you can come up with an alternative like what we're seeing here," Hultquist says. "This is potentially a major improvement for those operations, and it's something we'll probably see more of—if we haven't already."
Technology Review is running this story:
https://www.technologyreview.com/2024/11/20/1107002/clear-airport-identity-management-biometrics-facial-recognition/ about Clear, a company that is trying to expand from airport expedited-security, to security and ID for many other transactions. (Alt link at https://archive.ph/2hbgC)
If you've ever been through a large US airport, you're probably at least vaguely aware of Clear. Maybe your interest (or irritation) has been piqued by the pods before the security checkpoints, the attendants in navy blue vests who usher clients to the front of the security line (perhaps just ahead of you), and the sometimes pushy sales pitches to sign up and skip ahead yourself.
[...]
Its position in airports has made Clear Secure, with its roughly $3.75 billion market capitalization, the most visible biometric identity company in the United States. Over the past two decades, Clear has put more than 100 lanes in 58 airports across the US, and in the past decade it has entered 17 sports arenas and stadiums, from San Jose to Denver to Atlanta. Now you can also use its identity verification platform to rent tools at Home Depot, put your profile in front of recruiters on LinkedIn, and, as of this month, verify your identity as a rider on Uber.
[...]
The company that has helped millions of vetted members skip airport security lines is now working to expand its "frictionless," "face-first" line-cutting service from the airport to just about everywhere, online and off, by promising to verify that you are who you say you are and you are where you are supposed to be. In doing so, CEO Caryn Seidman Becker told investors in an earnings call earlier this year, it has designs on being no less than the "identity layer of the internet," as well as the "universal identity platform" of the physical world.All you have to do is show up—and show your face.
It goes on to explain the origins of Clear, rising out of the bankruptcy of earlier biometrics company VIP. Then it finally gets to the major problems of using biometrics for security, and also having one company handle security for many aspects of life.
Well worth a read if you are interested in the future of proving who you are.
P.S. Dept. line references this: https://skepticalinquirer.org/newsletter/soul-theft-through-photography/
Odd smell coming from Russian spacecraft docked at space station
A Russian Progress spacecraft delivering nearly three tons of supplies to the International Space Station also brought an unwanted smell when cosmonauts opened the hatch.
[....] "After opening the Progress spacecraft's hatch, the Roscosmos cosmonauts noticed an unexpected odor and observed small droplets, prompting the crew to close the Poisk hatch to the rest of the Russian segment," NASA said Sunday.
NASA did not describe the odor. Russian space news outlet Russianspaceweb.com reports that the cosmonaut crew described it as "toxic" and closed the hatch immediately.
The space agency said the space station's air scrubbers and contaminant sensors monitored the ISS atmosphere for about 24 hours before flight controllers reported normal air quality on Sunday.
Hopefully an air freshener was included for hanging in zero gee.
https://practical.engineering/blog/2024/11/14/which-power-plant-does-my-electricity-come-from
In June of 2000, the power shut off across much of the San Francisco Bay area. There simply wasn't enough electricity to meet demands, so more than a million customers were disconnected in California's largest load shed event since World War II. It was just one of the many rolling blackouts that hit the state in the early 2000s. Known as the Western Energy Crisis, the shortages resulted in blackouts, soaring electricity prices, and ultimately around 40 billion dollars in economic losses. But this time, the major cause of the issues had nothing to do with engineering. There were some outages and a lack of capacity from hydroelectric plants due to drought, but the primary cause of the disaster was economic. Power brokers (mainly Enron) were manipulating the newly de-regulated market for bulk electricity, forcing prices to skyrocket. Utilities were having to buy electricity at crazy prices, but there was a cap on how much they could charge their customers for the power. One utility, PG&E, lost so much money, it had to file for bankruptcy. And Southern California Edison almost met the same fate.
Most of us pay an electric bill every month. It's usually full of cryptic line items that have no meaning to us. The grid is not only mechanically and electrically complicated; it's financially complicated, too. We don't really participate in all that complexity - we just pay our bill at the end of every month. But it does affect us in big ways, so I think it's important at least to understand the basics, especially because, if you're like me, it's really interesting stuff. I'm an engineer, I'm not an economist or finance expert. But, at least in the US, if you really want to understand how the power grid works, you can't just focus on the volts and watts. You have to look at the dollars too. I'm Grady, and this is Practical Engineering.
NASA is reporting on research concerning the chirality of amino acids and how they may have impacted the development of life here on Earth, and perhaps, elsewhere.
The mystery of why life uses molecules with specific orientations has deepened with a NASA-funded discovery that RNA — a key molecule thought to have potentially held the instructions for life before DNA emerged — can favor making the building blocks of proteins in either the left-hand or the right-hand orientation. Resolving this mystery could provide clues to the origin of life. The findings appear in research recently published in Nature Communications.
Proteins are the workhorse molecules of life, used in everything from structures like hair to enzymes (catalysts that speed up or regulate chemical reactions). Just as the 26 letters of the alphabet are arranged in limitless combinations to make words, life uses 20 different amino acid building blocks in a huge variety of arrangements to make millions of different proteins. Some amino acid molecules can be built in two ways, such that mirror-image versions exist, like your hands, and life uses the left-handed variety of these amino acids. Although life based on right-handed amino acids would presumably work fine, the two mirror images are rarely mixed in biology, a characteristic of life called homochirality. It is a mystery to scientists why life chose the left-handed variety over the right-handed one.
DNA (deoxyribonucleic acid) is the molecule that holds the instructions for building and running a living organism. However, DNA is complex and specialized; it "subcontracts" the work of reading the instructions to RNA (ribonucleic acid) molecules and building proteins to ribosome molecules. DNA's specialization and complexity lead scientists to think that something simpler should have preceded it billions of years ago during the early evolution of life. A leading candidate for this is RNA, which can both store genetic information and build proteins. The hypothesis that RNA may have preceded DNA is called the "RNA world" hypothesis.
If the RNA world proposition is correct, then perhaps something about RNA caused it to favor building left-handed proteins over right-handed ones. However, the new work did not support this idea, deepening the mystery of why life went with left-handed proteins.
In the experiment, the researchers simulated what could have been early-Earth conditions of the RNA world. They incubated a solution containing ribozymes and amino acid precursors to see the relative percentages of the right-handed and left-handed amino acid, phenylalanine, that it would help produce.
[...]
"The findings suggest that life's eventual homochirality might not be a result of chemical determinism but could have emerged through later evolutionary pressures," said co-author Alberto Vázquez-Salazar, a UCLA postdoctoral scholar and member of Chen's research group.
[...]
"Understanding the chemical properties of life helps us know what to look for in our search for life across the solar system," said co-author Jason Dworkin, senior scientist for astrobiology at NASA's Goddard Space Flight Center in Greenbelt, Maryland, and director of Goddard's Astrobiology Analytical Laboratory.Dworkin is the project scientist on NASA's OSIRIS-REx mission, which extracted samples from the asteroid Bennu and delivered them to Earth last year for further study.
"We are analyzing OSIRIS-REx samples for the chirality (handedness) of individual amino acids, and in the future, samples from Mars will also be tested in laboratories for evidence of life including ribozymes and proteins," said Dworkin.
Journal Reference: Kenchel, J., Vázquez-Salazar, A., Wells, R. et al. Prebiotic chiral transfer from self-aminoacylating ribozymes may favor either handedness. Nat Commun 15, 7980 (2024). https://doi.org/10.1038/s41467-024-52362-x
The agricultural world is witnessing a remarkable transformation, driven by groundbreaking technology. Among the most fascinating innovations is a farming robot equipped with lasers that can destroy hundreds of thousands of weeds in mere hours. This high-tech solution is not just a marvel of engineering but a timely response to persistent challenges in farming, from labor shortages to the environmental impact of chemical herbicides:
By combining artificial intelligence with precision laser technology, companies like Carbon Robotics are reshaping the way farmers tackle one of agriculture's most labor-intensive tasks. These futuristic machines offer a glimpse into the potential of sustainable farming, where innovation meets efficiency, paving the way for a healthier and more productive future for agriculture.
[...] In the face of persistent agricultural challenges, technology has emerged as a transformative force, with farming robots leading the way. Carbon Robotics' Autonomous Weeder is a standout example of how innovation can revolutionize agriculture. This remarkable machine is designed to address the dual problems of labor shortages and environmental damage caused by conventional weed management practices. By combining artificial intelligence with advanced laser technology, the Autonomous Weeder delivers an unprecedented level of precision and efficiency.
The robot operates with minimal human intervention, scanning rows of crops using 12 high-resolution cameras that detect weeds in real time. Its onboard AI system processes this information, distinguishing weeds from crops with incredible accuracy. Once a weed is identified, carbon dioxide lasers target and destroy it instantly, leaving the surrounding soil undisturbed. This approach eliminates the need for chemical herbicides, reducing environmental harm while preserving soil health. It also alleviates the physical burden of manual weeding, offering farmers a more efficient alternative.
[...] The LaserWeeder is equipped with three times the lasers of the original model, enabling it to kill up to 200,000 weeds per hour. This incredible efficiency makes it one of the most effective weed management tools available. In just one hour, the LaserWeeder can cover two acres of farmland, a feat that would take human laborers days to achieve. [...] This targeted approach not only boosts productivity but also supports healthier, more sustainable farming practices.
U.S. prosecutors have filed charges against five individuals allegedly linked to Scattered Spider, a hacking group known for stealing confidential data and cryptocurrency from major companies:
The suspects, all in their twenties, are accused of running phishing schemes, sending fake warnings to employees' phones, tricking them into revealing login credentials, reported the New York Post.
The hackers targeted at least 12 companies across gaming, telecommunications, outsourcing, and cryptocurrency sectors, impacting hundreds of thousands of individuals. Authorities say the group's activities resulted in significant financial losses, including millions in stolen cryptocurrency.
The defendants, identified as Tyler Buchanan, Ahmed Elbadawy, Joel Evans, Evans Osiebo, and Noah Urban, face charges including conspiracy, identity theft, and fraud. Buchanan is additionally accused of wire fraud. Investigators traced the group's activities back to 2021 using domain registration records tied to Buchanan.
Known for their aggressive tactics, Scattered Spider has been blamed for notable attacks, including a 2023 breach of casino giants Caesars Entertainment and MGM Resorts, where they locked up networks and demanded ransoms. However, whether these five were involved in the casino attacks remains unclear.
Also at Ars Technica, Krebs on Security and Bloomberg.
Previously: A Phone Call to Helpdesk was Likely all it Took to Hack MGM
US senator Elizabeth Warren of Massachusetts and congressman Jerry Nadler of New York have called on government bodies to investigate what they allege is the "predatory pricing" of .com web addresses, the internet's prime real estate.
In a letter delivered today to the Department of Justice and the National Telecommunications and Information Administration, a branch of the Department of Commerce that advises the president, the two Democrats accuse VeriSign, the company that administers the .com top-level domain, of abusing its market dominance to overcharge customers.
In 2018, under the Donald Trump administration, the NTIA modified the terms on how much VeriSign could charge for .com domains. The company has since hiked prices by 30 percent, the letter claims, though its service remains identical and could allegedly be provided far more cheaply by others.
"VeriSign is exploiting its monopoly power to charge millions of users excessive prices for registering a .com top-level domain," the letter claims. "VeriSign hasn't changed or improved its services; it has simply raised prices because it holds a government-ensured monopoly."
VeriSign did not immediately respond to a request for comment. But in an August blog post entitled "Setting the Record Straight," the company claimed that discourse around its management of .com had been "distorted by factual inaccuracies, a misunderstanding of core technical concepts, and misinterpretations regarding pricing, competition, and market dynamics in the domain name industry."
In the same blog post, the company argues that it is not operating a monopoly because there are 1,200 generic top-level domains operated by other entities, including .org, .shop, .ai, and .uk.
[...] The letter claims that separate agreements with the NTIA and Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit established by the Commerce Department to oversee the web's domain name system, have allowed VeriSign to establish monopoly power. The former sets how much the company can charge its customers for registering .com addresses, while the latter assigns VeriSign as the "sole operator" of the .com domain. The letter also alleges that VeriSign might be in violation of the Sherman Act.
Arthur T Knackerbracket has processed the following story:
David Bessis was drawn to mathematics for the same reason that many people are driven away: He didn’t understand how it worked. Unlike other creative processes, like making music, which can be heard, or painting pictures, which can be seen, math is for the most part an internal process, hidden from view. “It sounded a bit magical. I was intrigued,” he said.
His curiosity eventually led him to pursue a doctoral degree in math at Paris Diderot University in the late 1990s. He spent the next decade studying geometric group theory before leaving research mathematics and founding a machine learning startup in 2010.
Through it all, he never stopped questioning what it actually means to do math. Bessis wasn’t content to simply solve problems. He wanted to further interrogate — and help other people understand — how mathematicians think about and practice their craft.
In 2022, he published his answer — a book titled Mathematica: A Secret World of Intuition and Curiosity, which he hopes will “explain what’s going on inside the brain of someone who’s doing math,” he said. But more than that, he added, “this is a book about the inner experience of humans.” It was translated from the original French into English earlier this year.
In Mathematica, Bessis makes the provocative claim that whether you realize it or not, you’re constantly doing math — and that you’re capable of expanding your mathematical abilities far beyond what you think possible. Eminent mathematicians like Bill Thurston and Alexander Grothendieck didn’t owe their mathematical prowess to intrinsic genius, Bessis argues. Rather, they became such powerful mathematicians because they were willing to constantly question and refine their intuitions. They developed new ideas and then used logic and language to test and improve them.
According to Bessis, however, the way math is taught in school emphasizes the logic-based part of this process, when the more important element is intuition. Math should be thought of as a dialogue between the two: between reason and instinct, between language and abstraction. It’s also a physical practice of sorts, like yoga or martial arts — something that can be improved through training. It requires tapping into a childlike state and embracing one’s imagination, including the mistakes that come with it.
“The mathematician’s message is for everyone: Look at what you can do if you don’t give up on your intuition,” Bessis said.
Everyone, Bessis says, has some experience with this process, meaning that everyone has practice thinking like a mathematician. Moreover, everyone can, and should, try to improve their mathematical thinking — not necessarily to solve math problems, but as a general self-help technique.
[...] At its core, Bessis says, mathematics is a game of back-and-forth between intuition and logic, instinct and reason.
[...] It would be dishonest to deny that there are people who are incredibly good at math. There are 5-year-olds who are already genius mathematicians. You can see it: It looks like they’re communicating with aliens from outer space.
But I do not think this is innate, even though it often manifests in early childhood. Genius is not an essence. It’s a state. It’s a state that you build by doing a certain job.
Math is a journey. It’s about plasticity. I am not saying that math is easy. Math is hard. But life, whatever you do, is extremely hard.
[...] Whenever you spot a disconnect between what your gut is telling you and what is supposed to be rational, it’s an important opportunity to understand something new. And then you can start this game of back-and-forth. Can you articulate your gut instinct and place it within a rational discussion? If there’s still a disconnect, can you visualize why? As you play that game, your imagination will gradually reconfigure. And in the end, if you’re persistent, your instinct and your reason will align, and you will be smarter. This is mathematical thinking.
Children do this all the time. That’s why they learn so fast. They have to. Otherwise, I mean, nothing makes sense. I think this is also why babies are super happy — because they have epiphanies all day long. It’s wonderful.
“When you do math, you’re exposed to the human thought process in a way that is really pure,” Bessis said. “It’s not just about understanding things, but about understanding things in a very childish, deep, naïve, super clear, obvious way.”
For adults, this way of thinking can be very slow. But if you don’t give up, what you can do with your intuition is way beyond your wildest expectations. And this is universal. My book is a life lesson for all creative people, not just those who want to learn mathematical concepts. The mathematician’s message is for everyone: Look at what you can do if you don’t give up on your intuition.
Beyond the Milky Way
A picture have been taken, or however they do it -- it's quite blurry, of a red supergiant star 2000x larger then our own sun. Designated as WOH G64 it is about 160 000 light-years from earth. It is located inside the Large Megallanic cloud, a small galaxy just outside the milky way.
https://abcnews.go.com/Technology/close-picture-star-milky/story?id=116129095
"We have found that the star has been experiencing a significant change in the last 10 years, providing us with a rare opportunity to witness a star's life in real time," said Gerd Weigelt, an astronomy professor at the Max Planck Institute for Radio Astronomy and co-author of the study.
[...] "This star is one of the most extreme of its kind, and any drastic change may bring it closer to an explosive end," said Jacco van Loon, a co-author in the study and Keele Observatory director at Keele University, who has been observing WOH G64 since the 1990s.
https://www.eso.org/public/news/eso2417/
"For the first time, we have succeeded in taking a zoomed-in image of a dying star in a galaxy outside our own Milky Way," says Keiichi Ohnaka, an astrophysicist from Universidad Andrés Bello in Chile. Located a staggering 160 000 light-years from us, the star WOH G64 was imaged thanks to the impressive sharpness offered by the European Southern Observatory's Very Large Telescope Interferometer (ESO's VLTI). The new observations reveal a star puffing out gas and dust, in the last stages before it becomes a supernova.
"We discovered an egg-shaped cocoon closely surrounding the star," says Ohnaka, the lead author of a study reporting the observations published today in Astronomy & Astrophysics. "We are excited because this may be related to the drastic ejection of material from the dying star before a supernova explosion."
[...] The team thinks that these shed materials may also be responsible for the dimming and for the unexpected shape of the dust cocoon around the star. The new image shows that the cocoon is stretched-out, which surprised scientists, who expected a different shape based on previous observations and computer models. The team believes that the cocoon's egg-like shape could be explained by either the star's shedding or by the influence of a yet-undiscovered companion star.
As the star becomes fainter, taking other close-up pictures of it is becoming increasingly difficult, even for the VLTI. Nonetheless, planned updates to the telescope's instrumentation, such as the future GRAVITY+, promise to change this soon. "Similar follow-up observations with ESO instruments will be important for understanding what is going on in the star," concludes Ohnaka.
https://www.eso.org/public/archives/releases/sciencepapers/eso2417/eso2417a.pdf
Arthur T Knackerbracket has processed the following story:
Leaked documents reveal the secrets behind Graykey, the covert forensic tool used to unlock modern smartphones, exposing its struggles with Apple's latest iOS updates.
Graykey is a forensic tool designed to unlock mobile devices and extract data, primarily used by law enforcement agencies and digital forensics experts. Developed by the secretive company Grayshift — now owned by Magnet Forensics — Graykey has earned a reputation for its ability to bypass smartphone security measures.
The tool helps law enforcement and forensic professionals in accessing locked mobile devices during criminal investigations. It breaks device encryption and security features to retrieve personal data like messages, photos, app data, and metadata.
Graykey supports Apple and Android devices, though its effectiveness varies depending on the specific hardware and software involved. Graykey's capabilities and limitations, however, are rarely disclosed.
However, a leak of some Grayshift's internal documents was recently reported on by 404 Media. According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1.
These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports.
Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.
Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Andrew Garrett, CEO of Garrett Discovery, confirmed that the leaked documents align with Graykey's known capabilities. Meanwhile, Magnet Forensics and Apple declined to comment on the leak.
The leaked documents shed light on the ongoing battle between tech companies like Apple and forensic firms. Apple's frequent security updates and features, including USB Restricted Mode and iPhone rebooting after inactivity, have made unauthorized access increasingly difficult.
In response, companies like Grayshift and Cellebrite continue to develop new exploits to bypass these safeguards. While tools like Graykey may lag behind new OS releases, historical trends suggest they often catch up eventually.
Forensic experts expect the cycle of vulnerabilities and patches to persist as Apple and Google continue fortifying their systems against unauthorized access.
Python Crypto Library Updated to Steal Private Keys:
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean of the malicious code to evade detection.
[...] Interesting! The attacker overwrites the __init__ method of the CryptoPay class. Actually, it's acting more like a wrapper around the originality functionality of the method. They're saving the original method via init = CryptoPay.__init__ and then calling it as per usual with init(*args, **kwargs) and then sending a Telegram message to, presumably, the attacker's Telegram bot call with args[1:] as the message.
[...] Just to recap, we're seeing a crypto library that dynamically alters the class's constructor upon module import to exfiltrate the victim's private keys when calling the class's constructor!
Another interesting aspect we discovered in our investigation is that its PyPI homepage points to a GitHub repo.
However, if you look at the same file in the GitHub repo, you'll notice that the obfuscated payload is missing! This means the attacker updated a local copy of the repo with the malicious payload and then published that package to PyPI, leaving the GitHub repo with the same version numbers malware-free — a clear attempt at evasion.
This library's popularity - with 17 GitHub stars and (according to pypistats.org before the package was removed) nearly 4K downloads in the last month–makes this incident particularly concerning. The attack highlights two critical security lessons: First, it demonstrates the importance of scanning the actual code sent to open source ecosystems, that is the code that actually runs when you pip install or node -i a package, rather than just reviewing source repositories alone. As evidenced here, attackers can deliberately maintain clean source repos while distributing malicious packages to the ecosystems. Second, it serves as a reminder that a package's previous safety record doesn't guarantee its continued security.
Arthur T Knackerbracket has processed the following story:
The effects of being in space can worsen an astronaut's working memory, processing speed and attention - which could be a problem for future missions
Astronauts aboard the International Space Station (ISS) had slower memory, attention and processing speed after six months, raising concerns about the impact of cognitive impairment on future space missions to Mars.
The extreme environment of space, with reduced gravity, harsh radiation and the lack of regular sunrises and sunsets, can have dramatic effects on astronaut health, from muscle loss to an increased risk of heart disease. However, the cognitive effects of long-term space travel are less well documented.
Now, Sheena Dev at NASA’s Johnson Space Center in Houston, Texas, and her colleagues have looked at the cognitive performance of 25 astronauts during their time on the ISS.
The team ran the astronauts through 10 tests, some of which were done on Earth, once before and twice after the mission, while others were done on the ISS, both early and later in the mission. These tests measured certain cognitive capacities, such as finding patterns on a grid to test abstract reasoning or choosing when to stop an inflating balloon before it pops to test risk-taking.
The researchers found that the astronauts took longer to complete tests measuring processing speed, working memory and attention on the ISS than on Earth, but they were just as accurate. While there was no overall cognitive impairment or lasting effect on the astronauts’ abilities, some of the measures, like processing speed, took longer to return to normal after they came back to Earth.
Having clear data on the cognitive effects of space travel will be crucial for future human spaceflight, says Elisa Raffaella Ferrè at Birkbeck, University of London, but it will be important to collect more data, both on Earth and in space, before we know the full picture.
“A mission to Mars is not only longer in terms of time, but also in terms of autonomy,” says Ferrè. “People there will have a completely different interaction with ground control because of distance and delays in communication, so they will need to be fully autonomous in taking decisions, so human performance is going to be key. You definitely don’t want to have astronauts on Mars with slow reaction time, in terms of attention-related tasks or memory or processing speed.”
The company was negatively affected by slow EV adoption, suffering net losses of $1.2 billion last year:
Swedish electric vehicle (EV) battery manufacturer Northvolt filed for bankruptcy after the company's dreadful liquidity position left the business with only one week's worth of cash to fund its operations.
The Chapter 11 petition was filed at the U.S. Bankruptcy Court for the Southern District of Texas on Thursday. The company listed assets and liabilities in a range of $1 billion to $10 billion, with creditors estimated to be between 1,000 and 5,000. Established in 2016 in Stockholm, Northvolt is an energy-storage company that manufactures lithium-ion batteries.
A leading manufacturer in the European Union, Northvolt competes with China's BYD and CAT to supply batteries to carmakers in the region. As such, the bankruptcy of Northvolt presents a challenge to Europe's ambitions to counter Chinese EV dominance.
[...] Asian manufacturers continued to ramp up production while bringing down battery prices, which put "further stress on newer battery manufacturers like Northvolt." Facing such challenges, the company suffered a net loss of $1.2 billion in 2023.
Previously: South Korean EV Battery Makers Reporting Big Losses as EV Demand Slows
https://techxplore.com/news/2024-11-medium-eavesdropping-technology-overturns-assumptions.html
Researchers from Princeton and MIT have found a way to intercept underwater messages from the air, overturning long held assumptions about the security of underwater transmissions.
The team created a device that uses radar to eavesdrop on underwater acoustic signals, or sonar, by decoding the tiny vibrations those signals create on the water's surface. In principle, the technique could also roughly identify the location of an underwater transmitter, the researchers said.
In a paper presented at ACM MobiCom on November 20, the researchers detailed the new eavesdropping technology and offered ways to guard against the attacks it enables. They demonstrated the capability on Lake Carnegie, a small artificial lake in Princeton. Applying the technology in the open ocean would be significantly more challenging, but the researchers said they believed it would be possible with significant engineering improvements.
The researchers said their intention is not only to alert people to the vulnerability of underwater transmissions, but also to detail methods that can be used to prevent interceptions.
[...] In 2018, the MIT group realized that the impact of the sound waves on the water's surface leaves a sort of fingerprint of tiny vibrations that correspond to the underwater signal. The team used a radar mounted on a drone to read the surface vibrations and deployed algorithms to detect the pattern, decode the signal and extract the message.
"Underwater-to-air communications is one of the most difficult long-standing problems in our field," said Fadel Adib, associate professor of media arts and sciences at MIT and co-author on the new paper.
"It was exciting—and surprising—to see our method succeed in decoding underwater messages from the tiny vibrations they caused on the surface."
But for the technique to work, the MIT team's system required knowledge of certain physical parameters, such as the transmission's frequency and modulation type, in advance.
Building on this development, the team at Princeton used a similar method to detect the surface vibrations, but developed new algorithms that capitalize on the differences between radar and sonar to uncover those physical parameters. That allowed the researchers to decode the message without cooperation from the underwater transmitter.
Using an inexpensive commercial drone and radar, the researchers tested their method in a swimming pool. The researchers deployed a speaker under the water and, as swimmers provided interference, flew a drone over the surface. The drone repeatedly sent brief radar chirps toward the water.
When the radar signals bounced off the water's surface, they revealed the pattern of vibrations from the sound waves for the system to detect and decode.
The researchers also used a boom-mounted radar for tests in a real-world environment at Carnegie Lake in Princeton. They found that the system could figure out the unknown parameters and decode messages from the speaker, even with interference from wind and waves. In fact, it could determine the modulation type, one of the most important parameters, with 97.58% accuracy.