The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Microsoft is finally making it easier to switch default browsers in Windows 11

Posted on by

Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change a default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users.

Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google’s head of Chrome criticized Microsoft’s approach.

Windows 11 now has a button to change default browsers.
Image: Tom Warren / The Verge

In the latest update to Windows 11, you can now head into the default apps section, search for your browser of choice, and then a button appears asking if you’d like to make it the default. All of the work of changing file handlers is done in a single click, making this a big improvement over what existed before.

[…]

Source: Microsoft is finally making it easier to switch default browsers in Windows 11 – The Verge

Browser Wars II

Bungie lawsuit aims to unmask YouTube copyright claim abusers

Posted on by

YouTube’s copyright claim system has been repeatedly abused for bogus takedown requests, and Bungie has had enough. TorrentFreak reports the game studio has sued 10 anonymous people for allegedly leveling false Digital Millennium Copyright Act (DMCA) claims against a host of Destiny 2 creators on YouTube, and even Bungie itself. The company said the culprits took advantage of a “hole” in YouTube’s DMCA security that let anyone claim to represent a rights holder, effectively letting “any person, anywhere” misuse the system to suit their own ends.

According to Bungie, the perpetrators created a Gmail account in mid-March that was intended to mimic the developer’s copyright partner CSC. They then issued DMCA takedown notices while falsely claiming to represent Bungie, and even tried to fool creators with another account that insisted the first was fraudulent. YouTube didn’t notice the fake credentials and slapped video producers with copyright strikes, even forcing users to remove videos if they wanted to avoid bans.

YouTube removed the strikes, suspended the Gmail accounts and otherwise let creators recover, but not before Bungie struggled with what it called a “circular loop” of support. The firm said it only broke the cycle by having its Global Finance Director email key Google personnel, and Google still “would not share” info to identify the fraudsters. Bungie hoped a DMCA subpoena and other measures would help identify the attackers and punish them, including damages that could reach $150,000 for each false takedown notice.

[…]

Source: Bungie lawsuit aims to unmask YouTube copyright claim abusers | Engadget

Researchers discover source of super-fast electron rain

Posted on by

The researchers observed unexpected, rapid “electron precipitation” from low-Earth orbit using the ELFIN mission, a pair of tiny satellites built and operated on the UCLA campus by undergraduate and graduate students guided by a small team of staff mentors.

By combining the ELFIN data with more distant observations from NASA’s THEMIS spacecraft, the scientists determined that the sudden downpour was caused by whistler waves, a type of electromagnetic wave that ripples through plasma in and affects electrons in the Earth’s magnetosphere, causing them to “spill over” into the atmosphere

[..]

Central to that chain of events is the near-Earth space environment, which is filled with charged particles orbiting in giant rings around the planet, called Van Allen radiation belts. Electrons in these belts travel in Slinky-like spirals that literally bounce between the Earth’s north and south poles. Under certain conditions, whistler waves are generated within the radiation belts, energizing and speeding up the electrons. This effectively stretches out the electrons’ travel path so much that they fall out of the belts and precipitate into the atmosphere, creating the electron rain.

Electron rain, which can cause the aurora borealis and impact orbiting satellites and atmospheric chemistry. Credit: NASA, Emmanuel Masongsong/UCLA

One can imagine the Van Allen belts as a large reservoir filled with water—or, in this case, electrons, said Vassilis Angelopolous, a UCLA professor of space physics and ELFIN’s principal investigator. As the reservoir fills, water periodically spirals down into a relief drain to keep the basin from overflowing. But when occur in the reservoir, the sloshing water spills over the edge, faster and in greater volume than the relief drainage. ELFIN, which is downstream of both flows, is able to properly measure the contributions from each.

[…]

The researchers further showed that this type of radiation-belt electron loss to the atmosphere can increase significantly during , disturbances caused by enhanced that can affect near-Earth space and Earth’s magnetic environment.

[…]

Source: Researchers discover source of super-fast electron rain

Fish can learn basic arithmetic

Posted on by

Addition and subtraction must be hard for fish, especially because they don’t have fingers to count on. But they can do it—albeit with small numbers—a new study reveals. By training the animals to use blue and yellow colors as codes for the commands “add one” and “subtract one,” respectively, researchers showed fish have the capacity for simple arithmetic.

To make the find, researchers at the University of Bonn adopted the design of a similar experiment conducted in bees. They focused on bony cichlids (Pseudotropheus zebra) and cartilaginous stingrays (Potamotrygon motoro), which the lab uses to study fish cognition.

In the training phase, the scientists showed a fish in a tank an image of up to five squares, circles, and triangles that were all either blue or yellow. The animals had 5 seconds to memorize the number and color of the shapes; then a gate opened, and the fish had to choose between two doors: one with an additional shape and the other with one fewer shape.

The rules were simple: If the shapes in the original image were blue, head for the door with one extra shape; if they were yellow, go for the door with one fewer. Choosing the correct door earned the fish a food reward: pellets for cichlids, and earthworms, shrimp, or mussels for stingrays.

Only six of the eight cichlids and four of the eight stingrays successfully completed their training. But those that made it through testing performed well above chance, the researchers report today in Scientific Reports.

[…]

To make sure the animals weren’t just memorizing patterns, the researchers mixed in new tests varying the size and number of the shapes. In one trial, fish presented with three blue shapes were asked to choose between doors with four or five shapes—a choice of “plus one” or “plus two” instead of the usual “plus one” or “minus one.” Rather than simply selecting the larger number, the animals consistently followed the “plus one” directive—indicating they truly understood the desired association.

[…]

Source: Fish can learn basic arithmetic | Science | AAAS

GitLab issues security fix for hardcoded password flaw in OmniAuth

Posted on by

The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one “critical” security vulnerability (CVE-2022-1162), as well as two rated “high,” nine rated “medium,” and four rated “low.”

“A hard-coded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts,” the company said in its advisory.

It appears from the changed files the password.rb module generated a fake strong password for testing by concatenating “123qweQWE!@#” with a number of “0”s equal to the difference of User.password_length.max, which is user-set, and DEFAULT_LENGTH, which hard-coded with the value 12.

So if an organization configured its own instance of GitLab to accept passwords of no more than 21 characters, it looks like that an account takeover attack on that GitLab installation could use the default password of “123qweQWE!@#000000000” to access accounts created via OmniAuth.

The bug, with a 9.1 CVSS score, was found internally by GitLab and the fix has been applied to the company’s hosted service already, in conjunction with a limited password reset.

[…]

Source: GitLab issues security fix for easy account takeover flaw • The Register

Fraudsters use ‘fake emergency data requests’ to steal info

Posted on by

Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud.

Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by these emergency requests, according to Bloomberg.

EDRs, as the name suggests, are used by law enforcement agencies to obtain information from phone companies and technology service providers about particular customers, without needing a warrant or subpoena. But they are only to be used in very serious, life-or-death situations.

As infosec journalist Brian Krebs first reported, some miscreants are using stolen police email accounts to send fake EDR requests to companies to obtain netizens’ info. There’s really no quick way for the service provider to know if the EDR request is legitimate, and once they receive an EDR they are under the gun to turn over the requested customer info.

“In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person,” Krebs wrote.

Large internet and other service providers have entire departments that review these requests and do what they can to get the police emergency data requested as quickly as possible, Mark Rasch, a former prosecutor with the US Department of Justice, told Krebs.

“But there’s no real mechanism defined by most internet service providers or tech companies to test the validity of a search warrant or subpoena” Rasch said. “And so as long as it looks right, they’ll comply.”

[…]

 

Source: Fraudsters use ‘fake emergency data requests’ to steal info • The Register

Ubiquiti Files Case Against Security Blogger Krebs Over ‘False Accusations’ (for doing his job)

Posted on by

In March of 2021 the Krebs on Security blog reported that Ubiquiti, “a major vendor of cloud-enabled Internet of Things devices,” had disclosed a breach exposing customer account credentials. But Krebs added that a company source “alleges” that Ubiquiti was downplaying the severity of the incident — which is not true, says Ubiquiti.

Krebs’ original post now includes an update — putting the word “breach” in quotation marks, and noting that actually a former Ubiquiti developer had been indicted for the incident…and also for trying to extort the company. It was that extortionist, Ubiquiti says, who’d “alleged” they were downplaying the incident (which the extortionist had actually caused themselves).

Ubiquiti is now suing Krebs, “alleging that he falsely accused the company of ‘covering up’ a cyberattack,” ITWire reports: In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information. “Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website, www.KrebsOnSecurity.com,” the complaint alleged.

It said there was no evidence to support Krebs’ claims and only one source, [the indicted former employee] Nickolas Sharp….

According to the indictment issued by the Department of Justice against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti’s stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation…. The complaint alleged Krebs had intentionally misrepresented the truth because he had a financial incentive to do so, adding, “His entire business model is premised on publishing stories that conform to this narrative….”

[…]

Krebs was accused of two counts of defamation, with Ubiquiti seeking a jury trial and asking for a judgment against him that awarded compensatory damages of more than US$75,000, punitive damages of US$350,000, all expenses and costs including lawyers’ fees and any further relief deemed appropriate by the court.

Source: Ubiquiti Files Case Against Security Blogger Krebs Over ‘False Accusations’ – Slashdot

Ubiquiti’s security is spectacularly bad, with incidents like anyone with ssh / telnet access to access points being able to get in and read the database and change the root passwords. Their updates are few and far between and very poorly communicated (if at all) to clients who don’t have a UNP machine. They did not notify me about the breach until some time after Krebs broke and then only in the vaguest of terms.

To blame a reporting party for your own failings is flailing around like a little kid and it’s a disgrace that the legal system allows for this kind of bullying around.

Viasat confirms satellite modems were wiped with AcidRain malware – 7th wiper deployed against Ukraine this year

Posted on by

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.

The malware, dubbed AcidRain by researchers at SentinelOne, is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks.

SentinelOne says this might hint at the attackers’ lack of familiarity with the targeted devices’ filesystem and firmware or their intent to develop a reusable tool.

AcidRain was first spotted on March 15 after its upload onto the VirusTotal malware analysis platform from an IP address in Italy as a 32-bit MIPS ELF binary using the “ukrop” filename.

Once deployed, it goes through the compromised router or modem’s entire filesystem. It also wipes flash memory, SD/MMC cards, and any virtual block devices it can find, using all possible device identifiers.

“The binary performs an in-depth wipe of the filesystem and various known storage device files. If the code is running as root, AcidRain performs an initial recursive overwrite and delete of non-standard files in the filesystem,” SentinelOne threat researchers Juan Andres Guerrero-Saade and Max van Amerongen explained.

To destroy data on compromised devices, the wiper overwrites file contents with up to 0x40000 bytes of data or uses MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control (IOCTL) system calls.

After AcidRain’s data wiping processes are completed, the malware reboots the device, rendering it unusable.

Used to wipe satellite communication modems in Ukraine

[…]

This directly contradicts a Viasat incident report on the KA-SAT incident saying it found “no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference.”

However, Viasat confirmed SentinelOne’s hypothesis, saying the data destroying malware was deployed on modems using “legitimate management” commands.

[…]

The fact that Viasat shipped almost 30,000 modems since the February 2022 attack to bring customers back online and continues to even more to expedite service restoration also hints that SentinelOne’s supply-chain attack theory holds water.

[…]

Seventh data wiper deployed against Ukraine this year

AcidRain is the seventh data wiper malware deployed in attacks against Ukraine, with six others having been used to target the country since the start of the year.

The Computer Emergency Response Team of Ukraine recently reported that a data wiper it tracks as DoubleZero has been deployed in attacks targeting Ukrainian enterprises.

One day before the Russian invasion of Ukraine started, ESET spotted a data-wiping malware now known as HermeticWiper, that was used against organizations in Ukraine together with ransomware decoys.

The day Russia invaded Ukraine, they also discovered a data wiper dubbed IsaacWiper and a new worm named HermeticWizard used to drop HermeticWiper payloads.

ESET also spotted a fourth data-destroying malware strain they dubbed CaddyWiper, a wiper that deletes user data and partition information from attached drivers and also wipes data across Windows domains it’s deployed on.

A fifth wiper malware, tracked as WhisperKill, was spotted by Ukraine’s State Service for Communications and Information Protection (CIP), who said it reused 80% of the Encrpt3d Ransomware’s code (also known as WhiteBlackCrypt Ransomware).

In mid-January, Microsoft found a sixth wiper now tracked as WhisperGate, used in data-wiping attacks against Ukraine, disguised as ransomware.

[…]

Source: Viasat confirms satellite modems were wiped with AcidRain malware

Copyright Is Indispensable For Artists, They Say; But For All Artists, Or Just Certain Kinds?

Posted on by

One of the central “justifications” for copyright is that it is indispensable if creativity is to be viable. Without it, we are assured, artists would starve. This ignores the fact that artists created and thrived for thousands of years before the 1710 Statute of Anne. But leaving that historical detail aside, as well as the larger question of the claimed indispensability of copyright, a separate issue is whether copyright is a good fit for all creativity, or whether it has inherent biases that few like to talk about.

One person who does talk about them is Kevin J. Greene, John J. Schumacher Chair Professor of Law at Southwestern Law School in Los Angeles. In his 2008 paper “‘Copynorms,’ Black Cultural Production, and the Debate Over African-American Reparations” he writes:

To paraphrase Pink Floyd, there’s a dark sarcasm in the stance of the entertainment industry regarding “copynorms” [respect for copyright]. Indeed, the “copynorms” rhetoric the entertainment industry espouses shows particular irony in light of its long history of piracy of the works of African-American artists, such as blues artists and composers.

In another analysis, Greene points out that several aspects of copyright are a poor fit for the way many artists create. For example:

The [US] Copyright Act requires that “a work of authorship must be “fixed in any tangible medium of expression, now known or later developed, from which [it] can be perceived, reproduced, or otherwise communicated, either directly or indirectly with the aid of a machine or device.” Although “race-neutral”, the fixation requirement has not served the ways Black artists create: “a key component of black cultural production is improvisation.” As a result, fixation deeply disadvantages African-American modes of cultural production, which are derived from an oral tradition and communal standards.

The same is true for much creativity outside the Western nations that invented the idea of copyright, and then proceeded to impose its norms on other nations, not least through trade agreements. Greene’s observation suggests that copyright is far from universally applicable, and may just be a reflection of certain cultural and historical biases. When people talk airily about how copyright is needed to support artists, it is important to ask them to specify which artists, and to examine then whether copyright really is such a good fit for their particular kind of creativity.

Source: Copyright Is Indispensable For Artists, They Say; But For All Artists, Or Just Certain Kinds? | Techdirt

Pokémon-Like NFT Game Axie Infinity Scammed Out Of $600 Million

Posted on by

Pokémon-style NFT battler Axie Infinity was one of the biggest “success” stories in the world of crypto gaming. Now it’s responsible for one of the biggest thefts in the history of the technology. The gaming-focused blockchain Ronin Network announced earlier today that an Axie Infinity exploit allowed a hacker to “drain” roughly $600 million worth of crypto currency from the network.

“There has been a security breach on the Ronin Network,” the company announced on its Substack. “Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.”

The person responsible allegedly used hacked private keys to order the fraudulent withdrawals. How, you ask? According to Ronin, “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

Basically, the Ronin “side-chain” for games like Axie Infinity uses “9 validator nodes” to prevent fraudulent transactions. However, in November, due to overwhelming demand by new Axie players, Ronin gave special privileges to Sky Mavis, the company behind the game, so it could sign transactions on its behalf.

[…]

“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf,” Ronin writes. “This was discontinued in December 2021, but the allowlist access was not revoked. Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC.“

Ronin has apparently locked down accounts while it continues its investigation into the hack, meaning no one can get their funds out even as the price of RON, the network’s native token, has reportedly plummeted more than 25%.

[…]

Source: Pokémon-Like NFT Game Axie Infinity Scammed Out Of $600 Million

GameStop, AMC Stocks Halted On NYSE after reaching above $500,- per share

Posted on by

GameStop  (GME) – Get GameStop Corp. Class A Report shares extended declines Tuesday, after being halted by officials on the New York Stock Exchange, in a move that could snap the meme stock’s longest winning streak in more than a decade.

Both GameStop and AMC Entertainment  (AMC) – Get AMC Entertainment Holdings, Inc. Class A Report names that defined last year’s meme-stock phenomenon, were halted in early Tuesday trading amid heighted volatility and larger-than-usual pre-market volumes.

GameStop was last seen trading 6.1% lower on the session at $178.00 each, a move that would still leave the stock up 41% over the past month, while AMC fell as much as 12% before trading 2.1% into the red at $28.80 each.

Last week, Securities and Exchange Commission filings late Tuesday showed that Cohen’s RC Ventures LLC, which has also built stakes in Bed Bath & Beyond BBBY, now owns around 9.1 million GameStop shares representing an 11.9% overall stake in the Grapevine, Texas-based group.

Short interest in the shares remains elevated, however, with data from S3 Partners showing just under $1.2 billion in bets against the group, a figure that represents around 12.66 million shares, or 20.1% of the stock’s outstanding float.

GameStop reported a wider-than-expected loss of $1.86 per share for its fiscal fourth quarter last week, and managed to record negative free cash flow of $131.6 million even as revenues rose 6.2% to $2.25 billion.

Source: GameStop Stock Halted On NYSE, Extends Slide As Trading Resumes – TheStreet

Oddly enough this article talks it down but a quick look at the chart shows astronomic growth on both stocks. Superstonk is going nuts on Reddit.

Post image
Post image
Post image

New method for making tissue transparent could speed the study of many diseases

Posted on by

Scientists at Scripps Research have unveiled a new tissue-clearing method for rendering large biological samples transparent. The method makes it easier than ever for scientists to visualize and study healthy and disease-related biological processes occurring across multiple organ systems.

Described in a paper in Nature Methods on March 28, 2022, and dubbed HYBRiD, the new method combines elements of the two main prior approaches to tissue-clearing technology, and should be more practical and scalable than either for large-sample applications.

[…]

Tissue-clearing involves the use of solvents to remove molecules that make tissue opaque (such as fat), rendering the tissue optically transparent—while keeping most proteins and structures in place. Scientists commonly use genetically encoded or antibody-linked fluorescent beacons to mark active genes or other molecules of interest in a lab animal, and tissue-clearing in principle allows these beacons to be imaged all at once across the entire animal.

[…]

 

00:15
-00:27
Learn how a new Scripps Research technique makes it easier to analyze body-wide biological processes and diseases such as COVID-19 infection. Credit: Scripps Research

The new method devised by Ye and his team uses a sequential combination of organic solvents and water-based detergents, and makes use of water-based hydrogels to protect those molecules within the tissue that need to be preserved. It often does not require the pumping of solvents through the sample.

“In many cases, you can just put the whole thing in a jar and keep it in a shaker on your benchtop until it’s done,” says co-first author Victoria Nudell, a research assistant in the Ye lab. “This makes it practical and scalable enough for routine use.”

The researchers demonstrated the ease and utility of their new method in a variety of applications. These included a collaboration with the laboratory of John Teijaro, Ph.D., associate professor of immunology and microbiology, to image SARS-CoV-2-infected cells in the whole chests of mice for the first time—a procedure whose simplicity, with the new method, enabled it to be done in a high-level biosafety facility where access to equipment is strictly limited.

[…]

Source: New method for making tissue transparent could speed the study of many diseases

Global science project links Android phones with satellites to improve weather forecasts

Posted on by

Collecting satellite data for research is a group effort thanks to this app developed for Android users. Camaliot is a campaign funded by the European Space Agency, and its first project focuses on making smartphone owners around the world part of a project that can help improve weather forecasts by using your phone’s GPS receiver.

The Camaliot app works on devices running Android version 7.0 or later that support satellite navigation.

[…]

Researchers think that they can use satellite signals to get more information about the atmosphere. For example, the amount of water vapor in the atmosphere can affect how a satellite signal travels through the air to something like a phone.

The app gathers information to track signal strength, the distance between the satellite and the phone being used, and the satellite’s carrier phase, according to Camaliot’s FAQs. With enough data collected from around the world, researchers can theoretically combine that with existing weather readings to measure long-term water vapor trends. They hope to use that data to inform weather forecasting models with machine learning. They can also track changes in Earth’s ionosphere — the part of the atmosphere near space. Creating better ionospheric forecasts could be relevant in tracking space weather and could eventually make Global Navigation Satellite Systems (GNSS) more accurate by accounting for events like geomagnetic storms.

[…]

Here’s how you can begin using the Camaliot app on your Android phone after downloading it from Google Play:

  1. Select “start logging” and place your phone in an area with a clear sky view to begin logging the data
  2. Once you have measured to your liking, select “stop logging”
  3. Then, upload your session to the server and repeat the process over time to collect more data. You can also delete your locally-stored log files at this step.

In addition to being able to view your own measurements against others accumulated over time, you can also see a leaderboard showing logging sessions done by other participants. Eventually, the information collected for the study will be available in a separate portal.

For registered users, their password, username, email address, and number of measurements will be stored in Camaliot’s database, but they won’t be used in post-study publications and products, according to Camaliot’s privacy policy. Specifically, Camaliot says that the need for extensive personal data is for scientific purposes and environmental monitoring and that its need for processing data is “necessary for the performance of a task carried out in the public interest, namely for the conduction of this scientific study.”

[…]

Source: Global science project links Android phones with satellites to improve weather forecasts – The Verge

Unprecedented videos show RNA switching ‘on’ and ‘off’

Posted on by

Similar to a light switch, RNA switches (called riboswitches) determine which genes turn “on” and “off.” Although this may seem like a simple process, the inner workings of these switches have confounded biologists for decades.

Now researchers led by Northwestern University and the University at Albany discovered one part of RNA smoothly invades and displaces another part of the same RNA, enabling the structure to rapidly and dramatically change shape. Called “strand displacement,” this mechanism appears to switch genetic expression from “on” to “off.”

Using a simulation they launched last year, the researchers made this discovery by watching a slow-motion simulation of a riboswitch up close and in action. Affectionately called R2D2 (short for “reconstructing RNA dynamics from data”), the new simulation models RNA in three dimensions as it binds to a compound, communicates along its length and folds to turn a gene “on” or “off.”

[…]

“We have found this strand displacement mechanism occurring in other types of RNA molecules, indicating this might be a potential generality of RNA folding,” said Northwestern’s Julius B. Lucks, who co-led the study. “We are starting to find similarities among different types of RNA molecules, which could eventually lead to RNA design rules for folding and function.”

[…]

Although RNA folding takes place in the more than 10 quadrillion times per second—every time a gene is expressed in a cell—researchers know very little about the process. To help visualize and understand the mysterious yet crucial process, Lucks and Chen unveiled R2D2 last year, in a paper published in the journal Molecular Cell.

Credit: Northwestern University

Employing a developed in Lucks’ lab, R2D2 captures data related to RNA folding as the RNA is being made. Then, it uses computational tools to mine and organize the data, revealing points where the RNA folds and what happens after it folds. Angela Yu, a former student of Lucks, inputted this data into computer models to generate accurate videos of the folding process.

“What’s so groundbreaking about the R2D2 approach…is that it combines experimental data on RNA folding at the nucleotide level with predictive algorithms at the atomic level to simulate RNA folding in ultra-slow motion,” said Dr. Francis Collins, director of the National Institutes of Health, in his February 2021 blog. “While other computer simulations have been available for decades, they have lacked much-needed of this complex folding process to confirm their mathematical modeling.”

[…]

Source: Unprecedented videos show RNA switching ‘on’ and ‘off’

Chemists cook up way to remove microplastics using okra

Posted on by

Extracts of okra and other slimy plants commonly used in cooking can help remove dangerous microplastics from wastewater, scientists said Tuesday.

The new research was presented at the spring meeting of the American Chemical Society, and offers an alternative to the currently used in that can themselves pose risks to health.

“In order to go ahead and remove microplastic or any other type of materials, we should be using which are non-toxic,” lead investigator Rajani Srinivasan, of Tarleton State University, said in an explainer video.

[…]

Srinivasan’s past research had examined how the goo from okra and other plants could remove textile-based pollutants from water and even microorganisms, and she wanted to see if that would equally apply to microplastics.

[…]

Typical wastewater treatment removes microplastics in two steps.

First, those that float are skimmed off the top of the water. These however account for only a small fraction, and the rest are removed using flocculants, or sticky chemicals that attract microplastics into larger clumps.

The clumps sink to the bottom and can then be separated from the water.

The problem is that these synthetic flocculants, such as polyacrylamide, can break down into .

[…]

They tested chains of carbohydrates, known as polysaccharides, from the individual plants, as well as in combination, on various -contaminated water, examining before and after microscopic images to determine how many particles had been removed.

They found that polysaccharides from okra paired with those from fenugreek could best remove microplastics from , while polysaccharides from paired with tamarind worked best in freshwater samples.

Overall, the plant-based polysaccharides worked just as well or better than polyacrylamide. Crucially, the plant-based chemicals are both non-toxic and can be used in existing treatment plants.

[…]

Source: Chemists cook up way to remove microplastics using okra

Finally, A Mapping Tool For Addressable LED Strings

Posted on by

Addressable LED strings have made it easier than ever to build fun glowable projects with all kinds of exciting animations. However, if you’re not going with a simple grid layout, it can be a little difficult to map your strings out in code. Fear not, for [Jason Coon] has provided a tool to help out with just that!

[Jason]’s web app, accessible here. is used for mapping out irregular layouts when working with addressable LED strings like the WS2812B and others that work with libraries like FastLED and Pixelblaze. If you’re making some kind of LED globe, crazy LED tree, or other non-gridular shape, this tool can help.

The first step is to create a layout of your LEDs in a Google Sheets table, which can then be pasted into the web app. Then, the app handles generating the necessary code to address the LEDs in an order corresponding to the physical layout.

[Jason] does a great job of explaining how the tool works, and demonstrates it working with a bowtie-like serpentine layout with rainbow animations. The tool can even provide visual previews of the layout so you can verify what you’ve typed in makes sense.

It’s a great tool that we recently saw put to use on [Geeky Faye’s] excellent necklace project. Video after the break.

 

 

 

P

Source: Finally, A Mapping Tool For Addressable LED Strings | Hackaday

NeRF Research Turns a few dozen 2D Photos Into 3D Scenes really quickly

Posted on by

[…] Known as inverse rendering, the process uses AI to approximate how light behaves in the real world, enabling researchers to reconstruct a 3D scene from a handful of 2D images taken at different angles. The NVIDIA Research team has developed an approach that accomplishes this task almost instantly — making it one of the first models of its kind to combine ultra-fast neural network training and rapid rendering.

NVIDIA applied this approach to a popular new technology called neural radiance fields, or NeRF.

[…]

“If traditional 3D representations like polygonal meshes are akin to vector images, NeRFs are like bitmap images: they densely capture the way light radiates from an object or within a scene,”

[…]

Showcased in a session at NVIDIA GTC this week, Instant NeRF could be used to create avatars or scenes for virtual worlds, to capture video conference participants and their environments in 3D, or to reconstruct scenes for 3D digital maps.

[…]

Collecting data to feed a NeRF is a bit like being a red carpet photographer trying to capture a celebrity’s outfit from every angle — the neural network requires a few dozen images taken from multiple positions around the scene, as well as the camera position of each of those shots.

[…]

Instant NeRF, however, cuts rendering time by several orders of magnitude. It relies on a technique developed by NVIDIA called multi-resolution hash grid encoding, which is optimized to run efficiently on NVIDIA GPUs. Using a new input encoding method, researchers can achieve high-quality results using a tiny neural network that runs rapidly.

The model was developed using the NVIDIA CUDA Toolkit and the Tiny CUDA Neural Networks library. Since it’s a lightweight neural network, it can be trained and run on a single NVIDIA GPU — running fastest on cards with NVIDIA Tensor Cores.

The technology could be used to train robots and self-driving cars to understand the size and shape of real-world objects by capturing 2D images or video footage of them. It could also be used in architecture and entertainment to rapidly generate digital representations of real environments that creators can modify and build on.

[…]

Source: NeRF Research Turns 2D Photos Into 3D Scenes | NVIDIA Blog

Justice Department indicts four Russian government workers in energy sector hacks

Posted on by

The US Justice Department today announced indictments against four Russian government employees, who it alleges attempted a hacking campaign of the global energy sector that spanned six years and devices in roughly 135 countries. The two indictments were filed under seal last summer, and are finally being disclosed to the public.

The DOJ’s decision to release the documents may be a way to raise public awareness of the increased threat these kinds of hacks pose to US critical infrastructure in the wake of Russia’s invasion of Ukraine. State-sponsored hackers have targeted energy, nuclear, water and critical manufacturing companies for years, aiming to steal information on their control systems. Cybersecurity officials noticed a spike in Russian hacking activity in the US in recent weeks.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco in a statement. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.

The indictments allege that two separate campaigns occurred between 2012 and 2018. The first one, filed in June 2021, involves Evgeny Viktorovich Gladkikh, a computer programmer at the Russian Ministry of Defense. It alleges that Gladkik and a team of co-conspirators were members of the Triton malware hacking group, which launched a failed campaign to bomb a Saudi petrochemical plant in 2017. As TechCrunch noted, the Saudi plant would have been completely decimated if not for a bug in the code. In 2018, the same group attempted to hack US power plants but failed.

The second indictment charges three hackers who work for Russia’s intelligence agency, the Federal Security Service (FSB), as being the members of the hacking group Dragonfly, which coordinated multiple attacks on nuclear power plants, energy companies, and other critical infrastructure. It alleges that the three men, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov engaged in multiple computer intrusions between 2012 and 2017. The DOJ estimates that the three hackers were able to install malware on more than 17,000 unique devices in the US and abroad.

A second phase known as Dragonfly 2.0, which occurred between 2014 and 2017, targeted more than 3,300 users across 500 different energy companies in the US and abroad. According to the DOJ, the conspirators were looking to access the software and hardware in power plants that would allow the Russian government to trigger a shutdown.

The US government is still looking for the three FSB hackers. The State Department today announced a $10 million award for any information on their whereabouts. However, as the Washington Post notes, the US and Russia do not have an extradition treaty, so the likeliness of any of the alleged hackers being brought to trial by these indictments is slim.

Source: Justice Department indicts four Russian government workers in energy sector hacks | Engadget

Scientists find microplastics in blood for first time

Posted on by

Scientists have discovered microplastics in human blood for the first time, warning that the ubiquitous particles could also be making their way into organs.

The tiny pieces of mostly invisible plastic have already been found almost everywhere else on Earth, from the deepest oceans to the highest mountains as well as in the air, soil and .

A Dutch study published in the Environment International journal on Thursday examined from 22 anonymous, healthy volunteers and found microplastics in nearly 80 percent of them.

Half of the blood samples showed traces of PET plastic, widely used to make drink bottles, while more than a third had polystyrene, used for disposable food containers and many other products.

[…]

“Where is it going in your body? Can it be eliminated? Excreted? Or is it retained in certain organs, accumulating maybe, or is it even able to pass the ?”

The study said the microplastics could have entered the body by many routes: via air, water or food, but also in products such as particular toothpastes, lip glosses and tattoo ink.

[…]

 

Source: Scientists find microplastics in blood for first time

HP staffer blew $5m on personal expenses with company card

Posted on by

A now-former HP finance planning manager pleaded guilty on Wednesday to charges of wire fraud, money laundering, and filing false tax returns that follow from the misappropriation of company funds.

According to the US Justice Department, Shelbee Szeto, 30, of Fremont, California, worked at HP Inc from August 2017 through June 2021, first as an executive assistant and then as a finance planning manager.

During that time, she was responsible for paying HP vendors

[…]

Szeto was issued multiple PCards and, according to prosecutors, she devised a scheme to make purported vendor payments to financial accounts that she controlled and then used HP’s funds to purchase goods for herself.

“Between approximately April 24, 2018 and April 23, 2021, Szeto knowingly charged approximately $4.8 million dollars in payments from her HP PCards to PayPal, Square, and Stripe merchant accounts under her control and for her personal benefit,” the indictment stated.

To make this spending appear legitimate, Szeto submitted false invoices to HP.

[…]

Szeto managed to make several transactions in the $30,000 to $40,000 range; Square declined to process a payment for $330,000. Asked for supporting paperwork by the payment processor, she is said to have provided false documentation and to have falsely told Square investigators the funds were for marketing work related to a real-estate transaction.

Her bank, First Republic, also questioned the source of her funds, according to the indictment, and the IRS noticed that her 2019 and 2020 tax forms were inaccurate. All told, Szeto is said to have cost HP $5.2m.

The Justice Department said Szeto spent the funds on: a 2020 Tesla sedan; a 2021 Porsche SUV; various bags and purses from Chanel, Dior, Gucci, and Hermes; and an assortment jewelry including necklaces, rings, pendants, and wristwatches from Audemars Piguet, Bulgari, Cartier, and Rolex.

[…]

Source: HP staffer blew $5m on personal expenses with company card • The Register

British cops arrest seven < 21 yr kids in Lapsus$ crime gang probe after they break into and dox the tech giants

Posted on by

British cops investigating a cyber-crime group have made a string of arrests.

Though City of London Police gave few details on Thursday, officers are said to be probing the notorious extortionware gang Lapsus$, and have detained and released seven people aged 16 to 21.

In a statement, the force said: “Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

Among them is a 16-year-old boy from Oxford who has been accused of being one of the crew’s leaders, the BBC reported. He cannot be identified for legal reasons.

[…]

Bloomberg first reported the boy’s alleged involvement with the extortion gang on Wednesday, and claims by security researchers that he was the crew’s mastermind. Lapsus$ is the devil-may-care team of miscreants that have broken into major firms including Microsoft, Samsung, Vodafone, and Okta.

It is said the boy netted about $14m in Bitcoin from his online life, and was lately doxxed – which means he had his personal info leaked online – after an apparent falling out with his business partners.

[…]

The cyber-crime ring rose to fame in recent months for its brash tactics and its propensity to brag about its exploits on Telegram. Its standard operating procedure is to infiltrate a big target’s network, steal sensitive internal data, make demands to prevent the public release of this material – and usually release some of it anyway.

[…]

In February, however, the criminals sneaked into Nvidia‘s networks and stole one terabyte of data including employee credentials and proprietary information, and dumped some of it online.

Days later Lapsus$ said it had raided Samsung and stole 190GB of internal files including some Galaxy device source code.

The criminal group followed that up by claiming it was responsible for a cybersecurity incident at gaming giant Ubisoft.

‘Motivated by theft and destruction’

Microsoft, in its days-late confirmation that Lapsus$, which the Windows giant calls DEV-0537, did indeed steal some of its source code, and said the crime group seems to be “motivated by theft and destruction.”

[…]

 

Source: British cops arrest seven in Lapsus$ crime gang probe • The Register

Owners Of ‘Gran Turismo 7’ Locked Out Of Single Player Game When Online DRM Servers Go Down – when you don’t own the game you bought

Posted on by

When someone asks me what DRM is, my answer is very simple: it’s anti-piracy software that generally doesn’t stop pirates at all, and, instead, mostly only annoys legitimate buyers. Well, then why do software and video game companies use it at all? Couldn’t tell you. Businesses really want to annoy their own customers? Apparently, yes. Timothy, when you say this doesn’t really stop pirates, you’re exaggerating, right? No, not at all.

The worst of the examples of legit customers getting screwed by video game DRM involve when a game or product is bricked simply because a publisher or its DRM partner simply shuts down the servers that make the DRM work, on purpose or otherwise.

Gran Turismo 7 was recently released on the PlayStation and is already facing major headwinds due to the public’s absolute hate for all the microtransactions included in the game. On top of that, the entire game, including the single player content, was rendered unplayable because the DRM servers that require an online check to play the game crumbled during a maintenance window.

The scheduled server maintenance, timed around the release of the version 1.07 patch for the game, was initially planned to last just two hours starting at 6 am GMT (2 am Eastern) on Thursday morning. Six hours later, though, the official Gran Turismo Twitter account announced that “due to an issue found in Update 1.07, we will be extending the Server Maintenance period. We will notify everyone as soon as possible when this is likely to be completed. We apologize for this inconvenience and ask for your patience while we work to resolve the issue.”

“Inconvenience” in this case means not being able to play the game the customer purchased. Like, basically at all. Why the single player content in a console game of all things should require an online check-in is completely beyond me.

[…]

Source: Owners Of ‘Gran Turismo 7’ Locked Out Of Single Player Game When Online DRM Servers Go Down | Techdirt

EU, US strike preliminary deal to unlock transatlantic data flows – yup, the EU will let the US spy on it’s citizens freely again

Posted on by

Negotiators have been working on an agreement — which allows Europeans’ personal data to flow to the United States — since the EU’s top court struck down the Privacy Shield agreement in July 2020 because of fears that the data was not safe from access by American agencies once transferred across the Atlantic.

The EU chief’s comments Friday show both sides have reached a political breakthrough, coinciding with U.S. President Joe Biden’s visit to Brussels this week.

“I am pleased that we found an agreement in principle on a new framework for transatlantic data flows. This will enable predictable and trustworthy data flows between the EU and U.S., safeguarding privacy and civil liberties,” she said.

Biden said the framework would allow the EU “to once again authorize transatlantic data flows that help facilitate $7.1 trillion in economic relationships.”

Friday’s announcement will come as a relief to the hundreds of companies that had faced mounting legal uncertainty over how to shuttle everything from payroll information to social media post data to the U.S.

Officials on both sides of the Atlantic had been struggling to bridge an impasse over what it means to give Europeans’ effective legal redress against surveillance by U.S. authorities. Not all of those issues have been resolved, though von der Leyen’s comments Friday suggest technical solutions are within reach.

Despite the ripples of relief Friday’s announcement will send through the business community, any deal is likely to be challenged in the courts by privacy campaigners.

Source: EU, US strike preliminary deal to unlock transatlantic data flows – POLITICO

Virtual Kidnappers Are Scamming Parents Out of Millions of Dollars

Posted on by

[…]

cases have become so widespread that the bureau has a name for them: virtual kidnappings. “It’s a telephone extortion scheme,” says Arbuthnot, who heads up virtual-kidnapping investigations for the FBI out of Los Angeles. Because many of the crimes go unreported, the bureau doesn’t have a precise number on how widespread the scam is. But over the past few years, thousands of families like the Mendelsteins have experienced the same bizarre nightmare: a phone call, a screaming child, a demand for ransom money, and a kidnapping that — after painful minutes, hours, or even days — is revealed to be fake.

[…]

Valerie Sobel, a Beverly Hills resident who runs a charitable foundation, also received a call from a man who told her he had kidnapped her daughter. “We have your daughter’s finger,” he said. “Do you want the rest of her in a body bag?” As proof, the kidnapper said, he was putting her daughter on the phone. “Mom! Mom!” she heard her daughter cry. “Please help — I’m in big trouble!” Like Mendelstein, Sobel was told not to take any other calls. After getting the ransom money from her bank, she was directed to a MoneyGram facility, where she wired the cash to the kidnappers — only to discover that her daughter had never been abducted.

The cases weren’t just terrifying the victims; they were also rattling police officers, who found themselves scrambling to stop kidnappings that weren’t real. “They’re jumping fences, they’re breaking down doors to rescue people,” Arbuthnot tells me. The calls were so convincing that they even duped some in law enforcement.

[…]

I’m listening to a recording of a virtual kidnapping that Arbuthnot is playing for me, to demonstrate just how harrowing the calls can be. “It begins with the crying,” he says. “That’s what most people hear first: Help me, help me, help me, Mommy, Mommy, Daddy.”

Virtual kidnapping calls, like any other telemarketing pitch, are essentially a numbers game. “It’s literally cold-calling,” Arbuthnot tells me. “We’ll see 100 phone calls that are total failures, and then we’ll see a completely successful call. And all you need is one, right?”

The criminals start with a selected area code and then methodically work their way through the possible nine-digit combinations of local phone numbers. Not surprisingly, the first area where the police noticed a rash of calls was 310 — Beverly Hills. But it’s not enough to just get a potential mark to pick up. Virtual kidnapping is a form of hypnosis: The kidnappers need you to fall under their spell. In hacker parlance, they’re “social engineers,” dispassionately rewiring your reactions by psychologically manipulating you. That’s why they start with an emotional gut punch that’s almost impossible to ignore: a recording of a child crying for help.

The recordings are generic productions, designed to ensnare as many victims as possible. “They’re not that sophisticated,” Arbuthnot tells me. It’s a relatively simple process: The criminals get a young woman they know to pretend they’ve been kidnapped, and record their hysterical pleas. From there, the scheme follows one of two paths. Either you don’t have a kid, or suspect something is amiss, and hang up. Or, like many parents, you immediately panic at the sound of a terrified child.

Before you can form a rational thought, you blurt out your kid’s name, if only to make sense of what you’re hearing. Lisa? you say. Is that you? What’s wrong?

At that point, you’ve sealed your fate. Never mind that the screams you’re hearing aren’t those of your own kid. In a split second, you’ve not only bought into the con, but you’ve also given the kidnappers the one thing they need to make it stick. “We’ve kidnapped Lisa,” they tell you — and with that, your fear takes over. Adrenaline floods your bloodstream, your heart rate soars, your breath quickens, and your blood sugar spikes. No matter how skeptical or street-savvy you consider yourself, they’ve got you.

[…]

The other elements of virtual kidnappings are taken straight from the playbook for classic cons. Don’t give the mark time to think. Don’t let them talk to anyone else. Get them to withdraw an amount of cash they can get their hands on right away, and wire it somewhere untraceable. Convince them a single deviation from your instructions will cost them dearly.

[…]

the most innovative aspect of the scheme was the kidnapping calls: They were made from inside the prison in Mexico City, where Ramirez was serving time. “Who has time seven days a week, 12 hours a day, to make phone calls to the US, over and over and over, with a terrible success rate?” Arbuthnot says. “Prisoners. That was a really big moment for us. When we realized what was happening, it all made sense.”

[…]

there’s an obvious problem: Ramirez and Zuniga are already incarcerated, as the feds suspect is the case with almost every other virtual kidnapper who is still cold-calling potential victims. Which raises the question: How do you stop a crime that’s being committed by criminals you’ve already caught?

“What are we going to do?” Arbuthnot says. “We’re going to put these people in jail? They’re already in jail.”

[…]

 

Source: Virtual Kidnappers Are Scamming Parents Out of Millions of Dollars

Apple Maps, Music, iMessage, App Store, and iCloud Are Down

Posted on by

Apple’s services came back online in the late afternoon. Apple’s system status page shows that all of the services that had previously been listed as “down” are now back in the green. It’s still unclear what happened exactly, and Apple never returned Gizmodo’s email for comment on the situation.

Apple is experiencing massive technical difficulties, and widespread reports of outages for its various services are flooding the internet.

The company’s own status page shows that several of its most popular products aren’t working. Multiple reports—including from Down Detector, which tracks website and app outages—have shown that users of iCloud, Apple Music, the App Store, iTunes, Apple TV, iMessage, Mail, Contacts, Find My, Apple Maps, FaceTime, Apple Fitness+, and even our beloved domestic helper Siri all appear to be having major problems. Additionally, Bloomberg reports that Apple’s internal systems, both for its corporate offices and its Apple Store retail locations, are down as well. The company reportedly sent internal messages notifying employees, who had difficulty working from home, that domain name system (DNS) problems led to the outage. The full extent of these outages and the regions they are affecting is unclear.

[…]

Source: Apple Maps, Music, iMessage, App Store, and iCloud Are Down

Edit: Websiteplanet has another tool to detect if a website is down or not