Water scarcity is a major problem for much of the world’s population, but with the right equipment drinking water can be wrung out of thin air. Researchers at the University of Texas at Austin have now demonstrated a low-cost gel film that can pull many liters of water per day out of even very dry air.
The gel is made up of two main ingredients that are cheap and common – cellulose, which comes from the cell walls of plants, and konjac gum, a widely used food additive. Those two components work together to make a gel film that can absorb water from the air and then release it on demand, without requiring much energy.
First, the porous structure of the gum attracts water to condense out of the air around it. The cellulose, meanwhile, is designed to respond to a gentle heat by turning hydrophobic, releasing the captured water.
Making the gel is also fairly simple, the team says. The basic ingredients are mixed together then poured into a mold, where it sets in two minutes. After that it’s freeze-dried, then peeled out of the mold and ready to get to work. It can be made into basically any shape needed, and scaled up fairly easily and at low-cost.
The gel film can be cut and molded into whatever shape is needed
University of Texas at Austin
In tests, the gel film was able to wring an astonishing amount of water out of the air. At a relative humidity of 30 percent, it could produce 13 L (3.4 gal) of water per day per kilogram of gel, and even when the humidity dropped to just 15 percent – which is low, even for desert air – it could still produce more than 6 L (1.6 gal) a day per kilogram.
Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.
The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they “assume at least 30 million people had some of their data leaked.” MGM Resorts, a hotel and casino chain, did not respond to The Register‘s request for comment.
The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter’s Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.
But while crooks initially sold those 142 million records on a dark-web marketplace for about $3,000 as a packaged deal, this time the data is freely available on Telegram, which vpnMentor rightly describes as “much more accessible for even the least tech-savvy people.”
Perhaps the recent takedown of stolen-data market RaidForums and the Hydra dark-web souk has something to do with this? Or that the info is no longer worth selling, or no one’s interested in buying it, perhaps.
According to the VPN services company, the data dumped on Telegram includes the following customer information from before 2017:
Twitter has agreed to pay a $150 million fine after federal law enforcement officials accused the social media company of illegally using peoples’ personal data over six years to help sell targeted advertisements.
In court documents made public on Wednesday, the Federal Trade Commission and the Department of Justice say Twitter violated a 2011 agreement with regulators in which the company vowed to not use information gathered for security purposes, like users’ phone numbers and email addresses, to help advertisers target people with ads.
Federal investigators say Twitter broke that promise.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina Khan.
Twitter requires users to provide a telephone number and email address to authenticate accounts. That information also helps people reset their passwords and unlock their accounts when the company blocks logging in due to suspicious activity.
But until at least September 2019, Twitter was also using that information to boost its advertising business by allowing advertisers access to users’ phone numbers and email addresses. That ran afoul of the agreement the company had with regulators.
GitHub has revealed it stored a “number of plaintext user credentials for the npm registry” in internal logs following the integration of the JavaScript package registry into GitHub’s logging systems.
The information came to light when the company today published the results of its investigation into April’s unrelated OAuth token theft attack, where it described how an attacker grabbed data including the details of approximately 100,000 npm users.
The code shack went on to assure users that the relevant log files had not been leaked in any data breach; that it had improved the log cleanup; and that it removed the logs in question “prior to the attack on npm.”
GitHub already sent out notifications for “known victims of third-party OAuth token theft” in April but today said it planned to “directly notify affected users of the plaintext passwords and GitHub Personal Access Tokens based on our available logs.”
Credentials in plaintext, eh? How very last century.
The number of users affected and how long the plaintext storage took place was not mentioned, but we’ve asked Github for more information. GitHub completed its acquisition of NPM Inc on 15 April 2020. Techies have already taken to the Hacker News messaging board to detail emails they received from npm.
[…]The BBC recently covered Mojo, a company developing smart contact lenses that not only correct vision but can show a display. You can see a video from CNET on the technology below.
The lenses have microLED displays, smart sensors, and solid-state batteries similar to those found in pacemakers. The company claims to have a “feature-complete prototype” and are going to start testing, according to the BBC article. We imagine you can’t get much of a battery crammed into a contact lens, but presumably, that’s one of the things that makes it so difficult to develop this sort of tech.
The article mentions other smart contacts under development, too, including a University of Surrey lens that can monitor eye health using various sensors integrated into the lens. You have to wonder how this would be in real life. Presumably, the display turns off and you see nothing, but it is annoying enough having your phone beep constantly without getting messages across your field of vision all the time.
It seems like this is a technology that will come, of course. If not this time, then sometime in the future. While we usually think the hacker community should lead the way, we aren’t sure we want to hack on something that touches people’s eyeballs.[…]
The United Kingdom has had it with creepy facial recognition firm Clearview AI. Under a new enforcement rule from the U.K.’s Information Commissioner’s office, Clearview must cease the collection and use of publicly available U.K. data and delete all data of U.K. residents from their database. The order, which will also require the company to pay a £7,552,800 ($9,507,276) fine, effectively calls on Clearview to purge U.K. residents from its massive face database reportedly consisting of over 20 billion images scrapped from publicly available social media sites.
The ICO ruling which determined Clearview violated U.K. privacy laws, comes on the heels of a multi-year joint investigation with the Australian Information Commissioner. According to the ICO ruling, Clearview failed to use U.K. resident data in a way that was fair and transparent and failed to provide a lawful reason for collecting the data in the first place. Clearview also failed, the ICO notes, to put in place measures to stop U.K resident data from having their data collected indefinitely and supposedly didn’t meet higher data protection standards outlined in the EU’s General Data Protection Regulation.
The collapse of the tokens linked to the Terra ecosystem, stablecoin terraUSD (UST) and Luna (LUNA), has led to some major investors coming clean and detailing their losses. Two more backers of Terra are disclosing exactly how their balance sheets have been affected.
Delphi Digital, a research firm and boutique investor, said in a blog post that it always had concerns about the structure of UST and LUNA, but believed that the sizable reserves in the Luna Foundation Guard, a nonprofit that supports the Terra network, would prevent the unthinkable from happening.
[…]
The firm wrote that in the first quarter of 2021, Delphi Ventures Master Fund purchased a small amount of LUNA, worth 0.5% of its net asset value (NAV) at the time. That position grew as LUNA’s value increased and the fund increased its holdings, including a $10 million investment in the LFG’s funding round in February. That investment is now worthless.
While Delphi said that it didn’t sell any LUNA, it’s now sitting on “a large unrealized loss.”
This evening, Boeing’s new passenger spacecraft, the CST-100 Starliner, successfully docked itself to the International Space Station — demonstrating that the vehicle can potentially bring humans to the ISS in the future. It’s a crucial capability that Starliner has finally validated in space after years of delays and failures.
Starliner is in the midst of a key test flight for NASA called OFT-2, for Orbital Flight Test-2. The capsule, developed by Boeing for NASA’s Commercial Crew Program, was made to transport NASA’s astronauts to and from the space station. But before anyone climbs on board, NASA tasked Boeing with conducting an uncrewed flight demonstration of Starliner to show that the capsule can hit all of the major milestones it’ll need to hit when it is carrying passengers.
Boeing has struggled to showcase Starliner’s ability until now. This mission is called OFT-2 since it’s technically a do-over of a mission that Boeing attempted back in 2019, called OFT. During that flight, Starliner launched to space as planned, but a software glitch prevented the capsule from getting in the right orbit it needed to reach to rendezvous with the ISS. Boeing had to bring the vehicle home early, and the company never demonstrated Starliner’s ability to dock with the ISS.
[…]
At 6:54PM ET, Starliner successfully launched to space on top of an Atlas V rocket, built and operated by the United Launch Alliance. Once Starliner separated from the Atlas V, it had to fire its own thrusters to insert itself into the proper orbit for reaching the space station. However, after that maneuver took place, Boeing and NASA revealed that two of the 12 thrusters Starliner uses for the procedure failed and cut off too early. The capsule’s flight control system was able to kick in and rerouted to a working thruster, which helped get Starliner into a stable orbit.
Ultimately, NASA and Boeing claimed that the issue should not impact the rest of Starliner’s mission. “There’s really no need to resolve them,” Steve Stich, NASA’s program manager for the Commercial Crew Program, said in a press conference after the flight. “But I know what the teams will do, and what we always do is we’ll go look at the data, try to understand what happened.” Today, Boeing revealed that a drop in chamber pressure had caused the early cutoff of the thruster, but that system behaved normally during follow-up burns of the thrusters. And with redundancies on the spacecraft, the issue “does not pose a risk to the rest of the flight test,” according to Boeing.
Boeing also noted today that the Starliner team is investigating some weird behavior of a “thermal cooling loop” but said that temperatures are stable on the spacecraft.
One of the handiest features on Android that sets it apart from the mobile competition is the ability to install apps from outside the Play Store. APK installation is why you can still play Fortnite — even as Epic’s legal battle with Google continues — and it’s how you can skip the wait for automatic updates to bring the latest features to your favorite apps. Unfortunately, one of Android’s most trusted file browsers has removed the ability to install APK files after receiving takedown warnings from Google.
Total Commander has been around since the 90s, eventually expanding into Android after the platform launched over a decade ago. The app has more than 10 million downloads on the Play Store, still supporting OS versions as far back as Android 2.2. With a new update, developer Christian Ghisler has removed the ability to install APK files on Android, blaming Google Play policies in the patch notes for the app. It’s a shocking twist for the service and, seemingly, a bad omen of things to come for other mobile file managers.
A forum post from Ghisler sheds some more light on what’s going on here, as Google sent him a notice warning of his app’s removal from the Play Store within a week if the app went unmodified. The company’s automated response pointed the developer to the “Device and Network Abuse” policy — specifically, these two sections:
An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g., dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine or an interpreter where either provides indirect access to Android APIs (such as JavaScript in a webview or browser).
Apps or third-party code (e.g., SDKs) with interpreted languages (JavaScript, Python, Lua, etc.) loaded at run time (e.g., not packaged with the app) must not allow potential violations of Google Play policies.
Based on these rules, the Play Store’s moderation system might believe Total Commander is attempting to update itself, thereby passing Google Play’s update service altogether. Ghisler says he did attempt to block Total Commander’s own APK from installing when you click on it, but automated systems checking his app for potential abuse didn’t catch the change. He resubmitted, only to receive this vague message in return:
As mentioned previously, your app (APK versions 1031, 1032, 1033, 1034, 1035 and 1036) causes users to download or install applications from unknown sources outside of Google Play.
According to Ghisler, he then made the decision to remove APK installations altogether, for fear of losing access to his account after a third warning — as has happened to other developers in a similar situation.
It’s possible that this block could have wide-reaching ramifications on file and web browsers in the Play Store, though the language used — not to mention Google’s poor reputation on false takedowns — seems to hint at something less insidious. Based on the information provided by Ghisler, it seems like Google either thinks Total Commander is updating itself from within, is accidentally linking to specific APK-hosting websites, or is using a custom app installation process before navigating the user to Android’s default installer. Either way, this sounds like a situation that needs some clarification from the company. Google should either spell out exactly what Total Commander is doing wrong that other file browsers have avoided, or should allow the app back on the Play Store in its previous state.
Two products revealed today, the SpatialLabs View and SpatialLabs View Pro, are standalone external monitors with 15.6-inch, 4K displays with glasses-free stereoscopic 3D technology. We’ve seen this tech from Acer before when it debuted in ConceptD notebooks where it was meant for designers, but never in this format.
Acer SpartialLabs View
Image: Acer
Distinguishing these two monitors is their audience; the standard model is meant for entertainment (watching movies, gaming, etc) whereas the Pro edition is for commercial users. For the former, SpatialLabs TrueGame is a portal for playing games in 3D. The app gives each of the 50 or so 3D-compatible games a pre-configured profile so gamers can feel more immersed. The list of games that Acer shared by email includes some big titles like Forza Horizon 5, God of War, and The Witcher 3: Wild Hunt.
To use it, gamers need to launch the app then go to the game they want to play and press “play.” That’s it! The app does the rest, automatically launching the game file while activating its associated TrueGame 3D profile so it can boot in Stereoscopic 3D mode. It’s not just games, though. With SpatialLabs Go, you can turn just about anything into a 3D image, including photos and videos taken on your device. And designers can use plug-ins to render creations into stereoscopic 3D so the digital versions appear closer to the physical product
The average American has their personal information shared in an online ad bidding war 747 times a day. For the average EU citizen, that number is 376 times a day. In one year, 178 trillion instances of the same bidding war happen online in the US and EU.
That’s according to data shared by the Irish Council on Civil Liberties in a report detailing the extent of real-time bidding (RTB), the technology that drives almost all online advertising and which it said relies on sharing of personal information without user consent.
The RTB industry was worth more than $117 billion last year, the ICCL report said. As with all things in its study, those numbers only apply to the US and Europe, which means the actual value of the market is likely much higher.
Real-time bidding involves the sharing of information about internet users, and it happens whenever a user lands on a website that serves ads. Information shared with advertisers can include nearly anything that would help them better target ads, and those advertisers bid on the ad space based on the information the ad network provides.
That data can be practically anything based on the Interactive Advertising Bureau’s (IAB) audience taxonomy. The basics, of course, like age, sex, location, income and the like are included, but it doesn’t stop there. All sorts of websites fingerprint their visitors – even charities treating mental health conditions – and those fingerprints can later be used to target ads on unrelated websites.
Google owns the largest ad network that was included in the ICCL’s report, and it alone offers RTB data to 4,698 companies in just the US. Other large advertising networks include Xandr, owned by Microsoft since late 2021, Verizon, PubMatic and more.
Not included in ICCL’s report are Amazon or Facebook’s RTB networks, as the industry figures it used for its report don’t include their ad networks. Along with only surveying part of the world that likely means that the scope of the RTB industry is, again, much larger.
Also, it’s probably illegal
The ICCL describes RTB as “the biggest data breach ever recorded,” but even that may be giving advertisers too much credit: Calling freely-broadcast RTB data a breach implies action was taken to bypass defenses, of which there aren’t any.
So, is RTB violating any laws at all? Yes, claims Gartner Privacy Research VP Nader Henein. He told The Register that the adtech industry justifies its use of RTB under the “legitimate interest” provision of the EU’s General Data Protection Regulation (GDR).
“Multiple regulators have rejected that assessment, so the answer would be ‘yes,’ it is a violation [of the GDPR],” Henein opined.
As far back as 2019, Google and other adtech giants were accused by the UK of knowingly breaking the law by using RTB, a case it continues to investigate. Earlier this year, the Belgian data protect authority ruled that RTB practices violated the GDPR and required organizations working with the IAB to delete all the data collected through the use of TC strings, a type of coded character used in the RTB process.
Melvin Capital, once one of Wall Street’s most successful hedge funds which then lost billions in the meme stock saga, will shut down after it was hit again by this year’s market slump.
Gabe Plotkin, widely regarded as one of the industry’s best traders after posting years of double digit returns, told investors that the last 17 months have been “an incredibly trying time.”
Plotkin had been trying to turn around the firm after being caught out in early 2021 betting against retail favorite GameStop (GME) and after being wrong footed again by tumbling markets this year.
“The appropriate next step is to wind down the Funds by fully liquidating the Funds’ assets and accounts and returning cash to all investors,” Plotkin wrote in a letter reviewed by Reuters on Wednesday.
Melvin Capital had $7.8 billion in assets at the end of April. The fund lost 23% in the first four months of 2022, a person familiar with the fund’s finances said.
This year’s losses come on the heels of steep losses in 2021 when Melvin Capital ended the year down 39%. The firm bet that shares of GameStop would tumble but was battered when retail investors took the other side and sent the stock surging.
The firm had $12.5 billion in assets at the start of 2021.
Apple has announced an update to its subscription policy that’s supposed to make auto-renews seamless but could also lead to surprise charges. Under the old policy, the tech giant will ask users to opt in before they’re charged for a subscription that has recently raised its price. Going forward, however, it will allow developers to automatically charge higher prices, so long as they meet a set of conditions. Apple will notify users of the price increase in advance via email and push notification, but it’s up to them to unsubscribe before they’re charged.
In its announcement, the company said that developers can use the feature if they don’t increase their price more than once a year. Further, the increase must not exceed $5 and 50 percent of the current subscription pricing, or $50 and 50 percent of the current annual subscription price. Presumably, that means users will automatically get charged $15 for a subscription that was formerly $10. However, they’ll have to opt in for a $30 sub that used to cost just $20, because while that’s 50 percent higher than the old price, the increase is also way higher than $5.
The European Commission has proposed controversial new regulation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan users’ private messages for child sexual abuse material (CSAM) and “grooming” behavior. The proposal is similar to plans mooted by Apple last year but, say critics, much more invasive.
After a draft of the regulation leaked earlier this week, privacy experts condemned it in the strongest terms. “This document is the most terrifying thing I’ve ever seen,” tweeted cryptography professor Matthew Green. “It describes the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR. Not an exaggeration.”
Jan Penfrat of digital advocacy group European Digital Rights (EDRi) echoed the concern, saying, “This looks like a shameful general #surveillance law entirely unfitting for any free democracy.” (A comparison of the PDFs shows differences between the leaked draft and final proposal are cosmetic only.)
The regulation would establish a number of new obligations for “online service providers” — a broad category that includes app stores, hosting companies, and any provider of “interpersonal communications service.”
The most extreme obligations would apply to communications services like WhatsApp, Signal, and Facebook Messenger. If a company in this group receives a “detection order” from the EU they would be required to scan select users’ messages to look for known child sexual abuse material as well as previously unseen CSAM and any messages that may constitute “grooming” or the “solicitation of children.” These last two categories of content would require the use of machine vision tools and AI systems to analyze the context of pictures and text messages.
[…]
“The proposal creates the possibility for [the orders] to be targeted but doesn’t require it,” Ella Jakubowska, a policy advisor at EDRi, told The Verge. “It completely leaves the door open for much more generalized surveillance.”
The US justice department secretly issued a subpoena to gain access to details of the phone account of a Guardian reporter as part of an aggressive leak investigation into media stories about an official inquiry into the Trump administration’s child separation policy at the southern border.
Leak investigators issued the subpoena to obtain the phone number of Stephanie Kirchgaessner, the Guardian’s investigations correspondent in Washington. The move was carried out without notifying the newspaper or its reporter, as part of an attempt to ferret out the source of media articles about a review into family separation conducted by the Department of Justice’s inspector general, Michael Horowitz.
It is highly unusual for US government officials to obtain a journalist’s phone details in this way, especially when no national security or classified information is involved. The move was all the more surprising in that it came from the DoJ’s inspector general’s office – the watchdog responsible for ethical oversight and whistleblower protections.
Katharine Viner, the Guardian’s editor-in-chief, decried the action as “an egregious example of infringement on press freedom and public interest journalism by the US Department of Justice”.
Researchers from the University of Cambridge have managed to run a computer for six months, using blue-green algae as a power source.
A type of cyanobacteria called Synechocystis sp. PCC 6803 – commonly known as “blue-green algae,” which produces oxygen through photosynthesis when exposed to sunlight, was sealed in a small container, about the size of an AA battery, made of aluminum and clear plastic.
Get more updates on this story and more with The Blueprint, our daily newsletter: Sign up here for free.
Christopher Howe from the University of Cambridge and colleagues claim that similar photosynthetic power generators could be the source of power for a range of small devices in the future, without the need for the rare and unsustainable materials used in batteries.
The computer was placed on a windowsill at one of the researchers’ houses during the lockdown period due to COVID-19 in 2021, and stayed there for six months, from February to August.
The battery made of blue-green algae has provided a continuous current across its anode and cathode that ran a microprocessor.
The computer ran in cycles of 45 minutes. It was used to calculate sums of consecutive integers to simulate a computational workload, which required 0.3 microwatts of power, and 15 minutes of standby, which required 0.24 microwatts.
The microcontroller measured the device’s current output and stored this data in the cloud for researchers to analyze.
Howe suggests that there are two potential theories for the power source. Either the bacteria itself produces electrons, which creates a current, or it creates conditions in which an aluminum anode in the container is corroded in a chemical reaction that produces electrons.
The experiment ran without any significant degrading of the anode and because of that, the researchers believe that the bacteria is producing the bulk of the current.
EU countries and lawmakers agreed on Friday to tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players.
The European Commission two years ago proposed rules on the cybersecurity of network and information systems called NIS 2 Directive, in effect expanding the scope of the current rule known as NIS Directive.
The new rules cover all medium and large companies in essential sectors – energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration and space.
All medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms will also fall under the rules.
The companies are required to assess their cybersecurity risk, notify authorities and take technical and organisational measures to counter the risks, with fines up to 2% of global turnover for non-compliance.
EU countries and EU cybersecurity agency ENISA could also assess the risks of critical supply chains under the rules.
Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.
Some of these firms are said to have also inadvertently grabbed passwords from these forms.
In a research paper scheduled to appear at the Usenix ’22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.
The boffins created their own software to measure email and password data gathering from web forms – structured web input boxes through which site visitors can enter data and submit it to a local or remote application.
Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form’s submit button.
And many companies involved in data gathering and advertising appear to believe that they’re entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed.
[…]
“Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts,” the researchers say.
Replay scripts are designed to record keystrokes, mouse movements, scrolling behavior, other forms of interaction, and webpage contents in order to send that data to marketing firms for analysis. In an adversarial context, they’d be called keyloggers or malware; but in the context of advertising, somehow it’s just session-replay scripts.
an international team of astronomers, including a team that I led from the University of Central Lancashire, has unveiled the first image of the object lurking at the centre of the Milky Way – and it is a supermassive black hole.
This means there is now overwhelming evidence for the black hole, dubbed Sagittarius A*. While it might seem a little scary to be so close to such a beast, it is in fact some 26,000 light-years away, which is reassuringly far. In fact, because the black hole is so far away from Earth, it appears to us to have about the same size in the sky as a donut would have on the Moon. Sagittarius A* also seems rather inactive – it is not devouring a lot of matter from its surroundings.
Our team was part of the global Event Horizon Telescope (EHT) Collaboration, which has used observations from a worldwide network of eight radio telescopes on our planet – collectively forming a single, Earth-sized virtual telescope – to take the stunning image. The breakthrough follows the collaboration’s 2019 release of the first ever image of a black hole, called M87*, at the centre of the more distant Messier 87 galaxy.
Looking into darkness
The team observed Sagittarius A* on multiple nights, collecting data for many hours in a row, similar to using a long exposure time on a camera. Although we cannot see the black hole itself, because it is completely dark, glowing gas around it reveals a tell-tale signature: a dark central region (called a “shadow”) surrounded by a bright ring-like structure. The new view captures light bent by the powerful gravity of the black hole, which is four million times more massive than our Sun.
On the same day Russia celebrated its role in defeating Nazi Germany, many of the country’s online platforms were defaced in protest of the war in Ukraine. The Washington Post reported on Monday that Russians with smart TVs saw channel listings replaced with a message implicating them in the ongoing conflict. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” the message read, according to the outlet. “TV and authorities are lying. No to war.”
In addition to smart TVs, the apparent hack targetted some of the country’s largest internet companies, including Yandex. Hackers also went after Rutube, Russia’s alternative to YouTube. “Our video hosting has undergone a powerful cyberattack. At the moment, it is not possible to access the platform,” the service said in a statement it posted on its Telegram channel. Rutube later stated it had isolated the attack and that its content library wasn’t accessed in the incident.
Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.
The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.
[…]
The dropper copies the legitimate OS error handling file WerFault.exe to ‘C:\Windows\Tasks’ and then drops an encrypted binary resource to the ‘wer.dll’ (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code.
[…]
Legezo says that the dropper’s purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 – ‘AB’ in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager.
“The dropped wer.dll is a loader and wouldn’t do any harm without the shellcode hidden in Windows event logs” – Denis Legezo, lead security researcher at Kaspersky
The new technique analyzed by Kaspersky is likely on its way to becoming more popular as source code for injecting payloads into Windows event logs has been available in the public space for a brief period.
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
Most conventional batteries store energy as chemical reactions waiting to happen. When the battery is connected to an external circuit, electrons travel from one side of the battery to the other through that circuit, generating electricity. To compensate for the change, charged particles called ions move through the fluid, paste or solid material that separates the two sides of the battery. But even when the battery is not in use, the ions gradually diffuse across this material, which is called the electrolyte. As that happens over weeks or months, the battery loses energy. Some rechargeable batteries can lose almost a third of their stored charge in a single month.
“In our battery, we really tried to stop this condition of self-discharge,” says PNNL researcher Guosheng Li, who led the project. The electrolyte is made of a salt solution that is solid at ambient temperatures but becomes liquid when heated to 180 degrees Celsius—about the temperature at which cookies are baked. When the electrolyte is solid, the ions are locked in place, preventing self-discharge. Only when the electrolyte liquifies can the ions flow through the battery, allowing it to charge or discharge.
[…]
Right now the experimental technology is aimed at utility-scale and industrial uses. Sprenkle envisions something like tractor-trailer truck containers with massive batteries inside, parked next to wind farms or solar arrays. The batteries would be charged on-site, allowed to cool and driven to facilities called substations, where the energy could be distributed through power lines as needed.
People against vaccine and mask mandates have argued that they impose on a person’s bodily autonomy.
That rallying cry of “my body, my choice” was rooted in the abortion-rights battles of Roe v. Wade.
Yet those people against vaccine and mask mandates are now encouraging the potential demise of abortion rights.
The leak of the Supreme Court draft opinion that would end Roe v. Wade has been met with approval by many conservatives who championed the very same notion of bodily autonomy and personal choice throughout the pandemic.
Yet, while railing against vaccine mandates last June, he said that they ultimately mean that “personal autonomy means nothing. It is no longer your body, it is no longer your choice.”
The government of India still claims to be a democracy, but its decade-long assault on the internet and the rights of its citizens suggests it would rather be an autocracy.
The country is already host to one of the largest biometric databases in the world, housing information collected from nearly every one of its 1.2 billion citizens. And it’s going to be expanded, adding even more biometric markers from people arrested and detained.
The government has passed laws shifting liability for third-party content to service providers, as well as requiring them to provide 24/7 assistance to the Indian government for the purpose of removing “illegal” content. Then there are mandates on compelled access — something that would require broken/backdoored encryption. (The Indian government — like others demanding encryption backdoors — refuses to acknowledge this is what it’s seeking.)
The new directions issued by CERT-In also require virtual asset, exchange, and custodian wallet providers to maintain records on KYC and financial transactions for a period of five years. Companies providing cloud, virtual private network (VPN) will also have to register validated names, emails, and IP addresses of subscribers.
Taking the “P” out of “VPN:” that’s the way forward for the Indian government, which has apparently decided to emulate China’s strict control of internet use. And it’s yet another way the Indian government is stripping citizens of their privacy and anonymity. The government of India wants to know everything about its constituents while remaining vague and opaque about its own actions and goals.
