×

Submission + - China spends 5+ years hacking firewall vendor, who breaks omerta (sophos.com)

Submitted by Spikescape
Spikescape writes: Over a five-year period, attackers based in Chengdu, China repeatedly targeted the firewalls sold by cybersecurity vendor Sophos. The company, while this was going on, figured out who the attackers were, hacked back and monitored the people who were doing this, and passed the information to law enforcement, who were able to notify victims and stop the intrusions in most cases.

Sophos X-Ops has identified, with high confidence, exploit research and development activity being conducted in the Sichuan region. Consistent with China’s vulnerability disclosure legislation, X-Ops assesses with high confidence that the developed exploits were then shared with multiple distinct state-sponsored frontline groups with differing objectives, capabilities, and post-exploitation tooling.

Submission + - Russia fines Google $20,000,000,000,000,000,000,000,000,000,000,000 (bbc.co.uk)

Submitted by Hope Thelps
Hope Thelps writes: The BBC is reporting that Russia has fined Google more money than the entire world's GDP:

A Russian court has fined Google two undecillion roubles — a two followed by 36 zeroes — for restricting Russian state media channels on YouTube.

In dollar terms that means the tech giant has been told to pay $20,000,000,000,000,000,000,000,000,000,000,000.

Despite being one of the world's wealthiest companies, that is considerably more than the $2 trillion Google is worth.

In fact, it is far greater than the world’s total GDP, which is estimated by the International Monetary Fund to be $110 trillion.

The fine has reached such a gargantuan level because — as state news agency Tass has highlighted, external — it is rapidly increasing all the time.

According to Tass, Kremlin spokesman Dmitry Peskov admitted he "cannot even pronounce this number" but urged "Google management to pay attention."

The company has not commented publicly or responded to a BBC request for a statement.

Russia media outlet RBC reports, external the fine on Google relates to the restriction of content of 17 Russian media channels on YouTube.

While this started in 2020, it escalated after Russia's full-scale invasion of Ukraine two years later.

That saw most Western companies pull out of Russia, with doing business there also tightly restricted by sanctions.

Russian media outlets were also banned in Europe — prompting retaliatory measures from Moscow.

Submission + - Burning Man is desperate for cash (sfstandard.com) 2

Submitted by AzWa Snowbird
AzWa Snowbird writes: Burning Man is urgently calling for millions more in donations amid faltering ticket sales and staff layoffs. The nonprofit’s CEO, Marian Goodell, primarily blamed flagging higher-priced ticket sales and increased operating costs since the pandemic. The festival has sold a tier of higher-priced tickets since at least 2016. In 2023, a limited number of more expensive advance tickets were available between Feb. 1 and Feb. 3, with 1,000 tickets costing $2,750 each and 3,000 costing $1,500, according to an archived version of Burning Man’s 2023 ticket page.Ticket sales for the annual bacchanal in Black Rock City flopped this year after a rain-plagued 2022, and scores of burners later resold their tickets, eating huge losses.

Submission + - AI bug bounty program yields 34 flaws in open-source tools (scworld.com)

Submitted by spatwei
spatwei writes: Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of Protect AI’s huntr bug bounty program.

The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit and one in a graphical user interface (GUI) for ChatGPT called Chuanhu Chat. The October vulnerability report also includes 18 high-severity flaws ranging from denial-of-service (DoS) to remote code execution (RCE).

“Through our own research and the huntr community, we’ve found the tools used in the supply chain to build the machine learning models that power AI applications to be vulnerable to unique security threats,” stated Protect AI Security Researchers Dan McInerney and Marcello Salvati. “These tools are Open Souce and downloaded thousands of times a month to build enterprise AI Systems.”

Submission + - Arecibo collapsed because of engineering failures that inspectors failed to spot (behindtheblack.com)

Submitted by Anonymous Coward
An anonymous reader writes: According to a new very detailed engineering analysis into the causes of the collapse of the Arecibo radio telescope in Puerto Rico in 2020, the failure was caused first by a surprising interaction between the radio electronics of Arecibo and the traditional methods used to anchor the cables, and second by a failure of inspections to spot the problem as it became obvious.

The surprising engineering discovery is illustrated to the right, taken from figure 2-6 of the report. The main antenna of Arecibo was suspended above the bowl below by three main cables. The figure shows the basic design of the system used to anchor the cable ends to their sockets. The end of the cable bunches would be inserted into the socket, spread apart, and then zinc would be poured in to fill the gap and then act as a plug and glue to hold the cables in place. According to the report, this system has been used for decades in many applications very successfully.

What the report found however was at Arecibo over time the cable bunch and zinc plug slowly began to pull out of the socket, what the report labels as "zinc creep." This was noted by inspectors, but dismissed as a concern because they still believed the engineering margins were still high enough to prevent failure at this point. In fact, this is exactly where the structure failed in 2020, with the first cable separating as shown in August 2020. The second cable did so in a similar manner in November 2020.

The report concluded that the "only hypothesis the committee could develop that provides a plausible but unprovable answer to all these questions and the observed socket failure pattern is that the socket zinc creep was unexpectedly accelerated in the Arecibo Telescope’s uniquely powerful electromagnetic radiation environment. The Arecibo Telescope cables were suspended across the beam of 'the most powerful radio transmitter on Earth.'"

Submission + - New Study Reveals Oceans Absorb More CO2 Than Previously Thought (scitechdaily.com)

Submitted by schwit1
schwit1 writes: New research confirms that subtle temperature differences at the ocean surface, known as the “ocean skin,” increase carbon dioxide absorption. This discovery, based on precise measurements, suggests global oceans absorb 7% more CO2 than previously thought, aiding climate understanding and carbon assessments.

Until now, global estimates of air-sea CO2 fluxes typically ignore the importance of temperature differences in the near-surface layer.

Dr Gavin Tilstone, from Plymouth Marine Laboratory (PML), said: “This discovery highlights the intricacy of the ocean’s water column structure and how it can influence CO2 draw-down from the atmosphere. Understanding these subtle mechanisms is crucial as we continue to refine our climate models and predictions. It underscores the ocean’s vital role in regulating the planet’s carbon cycle and climate.”

Submission + - BBC Interviews Charley Kline and Bill Duvall, Creators of Arpanet (bbc.com)

Submitted by dbialac
dbialac writes: Charley Duvall states: I saw the work we were doing at SRI as a critical part of a larger vision, that of information workers connected to each other and sharing problems, observations, documents and solutions. What we did not see was the commercial adoption nor did we anticipate the phenomenon of social media and the associated disinformation plague. Although, it should be noted, that in [SRI computer scientist] Douglas Engelbart's 1962 treatise describing the overall vision, he notes that the capabilities we were creating would trigger profound change in our society, and it would be necessary to simultaneously use and adapt the tools we were creating to address the problems which would arise from their use in society.

Charley Kline and Bill Duvall were early inventors of networking, networks that would ultimately lead to what is today the Internet. Duvall had basic ideas what might come of the networks, but they had no idea of how much of a phenomenon it would turn into. Today marks the 55th anniversary of the first communications they made over what was then called Arpanet.

Submission + - Cybersecurity Issues at Stake in Next Week's US Election (csoonline.com)

Submitted by snydeq
snydeq writes: 'As the US heads into a historic election, with a deadlocked electorate facing a choice between two radically different presidential candidates, several cybersecurity matters could be determined by who wins the contest on Nov. 5,' writes CSO's Cynthia Brumfield. While James Lewis, director of the technology and public policy program at CSIS, tells CSO there is more commonality between the candidates on cybersecurity issues than many would think, experts still agree that crucial cyber issues could be impacted by next week’s election results, including the potential for Russia to gain an advantage as a digital adversary, cyber regulations to be weakened, CISA to lose power, and a US Cyber Force emerging.

Submission + - Leaked Training Shows Doctors in New York's Biggest Hospital System Using AI (404media.co)

Submitted by samleecole
samleecole writes: Northwell Health, New York State’s largest healthcare provider, recently launched a large language model tool that it is encouraging doctors and clinicians to use for translation, sensitive patient data, and has suggested it can be used for diagnostic purposes, 404 Media has learned. Northwell Health has more than 85,000 employees.

An internal presentation and employee chats obtained by 404 Media shows how healthcare professionals are using LLMs and chatbots to edit writing, make hiring decisions, do administrative tasks, and handle patient data.

In the presentation given in August, Rebecca Kaul, senior vice president and chief of digital innovation and transformation at Northwell, along with a senior engineer, discussed the launch of the tool, called AI Hub, and gave a demonstration of how clinicians and researchers—or anyone with a Northwell email address—can use it. AI Hub can be used for "clinical or clinical adjacent" tasks, as well as answering questions about hospital policies and billing, writing job descriptions and editing writing, and summarizing electronic medical record excerpts and inputting patients’ personally identifying and protected health information. The demonstration also showed potential capabilities that included “detect pancreas cancer,” and “parse HL7,” a health data standard used to share electronic health records.

The leaked presentation shows that hospitals are increasingly using AI and LLMs to streamlining administrative tasks, and shows that some are experimenting with or at least considering how LLMs would be used in clinical settings or in interactions with patients.

Submission + - How a slice of cheese almost derailed Europe's most important rocket test (interestingengineering.com)

Submitted by schwit1
schwit1 writes: A team of students made history this month by performing Europe’s first rocket hop test.

Those who have followed SpaceX’s trajectory will know hop tests are a vital stepping stone for a reusable rocket program, as they allow engineers to test their rocket’s landing capabilities.

Impressively, no private company or space agency in Europe had ever performed a rocket hop test before. Essentially, a group of students performed one of the most important rocket tests in the history of European rocketry.

However, the remarkable nature of this story doesn’t end there. Amazingly, the whole thing was almost derailed by a piece of cheese. A slice of Gruyère the team strapped to their rocket’s landing legs almost caused the rocket to spin out of control.

Thankfully, disaster was averted, and the historic hopper didn’t end up as rocket de-Brie.

Submission + - Starship Super Heavy booster came within 1 second of aborting first "catch" land (spacenews.com)

Submitted by schwit1
schwit1 writes: Musk posted a three-minute video Oct. 25 on X, the social media network he also owns, showing action from a video game that he is playing. The audio, though, is not from the video game but of several people discussing the Starship Flight 5 test flight Oct. 13. That flight features the first return and successful catch of the Super Heavy booster using marchanical arms attached to the launch tower it lifted off from at Boca Chica, Texas.

In the audio, one person, not identified, described an issue with the Super Heavy landing burn where a âoemisconfiguredâ parameter meant that spin pressure, presuming in the Raptor engines in the booster, did not increase as expected.

âoeWe were one second away from that tripping and telling the rocket to abort and try to crash into the ground next to the tower,â that person said. That scenario would âoeerroneously tell a healthy rocket to not try that catch.â

âoeWe had a whole bunch of new aborts and commit criteria that we tried to doublecheck really well, but, I mean, I think our concern was well-placed, and one of these came very close to biting us,â the person continued

Submission + - Who Killed WaPo's Kamala Harris Endorsement? 2

Submitted by theodp
theodp writes: CNN reports: "One day after The Washington Post announced it would not endorse a presidential candidate in this year’s election or in the future, its billionaire owner remains silent as the newspaper’s staff are in turmoil. Jeff Bezos has so far declined to comment on the situation, even as his own paper’s journalists reported that it was Bezos who ultimately spiked the planned endorsement. A source with knowledge told CNN on Friday that an endorsement of Vice President Kamala Harris had been drafted before it was squashed."

"For many current and former staffers of the venerable newspaper, the timing of the announcement was highly suspect and has led them to believe Bezos’s business interests influenced the decision. [...] On Friday, Trump met with executives from Blue Origin, the space exploration company owned by Bezos, hours after the Post announced its decision Friday. The company has a $3.4 billion contract with the federal government to build a new spacecraft to scuttle astronauts to and from the moon’s surface."

Bezos bought the Washington Post for $250 million in 2013.

Submission + - Marines testing real-life aimbot (twz.com)

Submitted by timeOday
timeOday writes: The U.S. Marines are testing a system for standard service rifles that automatically fine-tunes the point of aim with the help of a powered buttstock as a new option to help shoot down drones. The service is in the midst of a broad push to acquire new capabilities to help every Marine better protect themselves from ever-growing uncrewed aerial threats...

ZeroMark’s system is not the first automated small arms targeting system the Marines have looked into in recent years with a particular eye toward helping engage drones. The service has also at least been evaluating SMASH 2000-series computerized optical sights from Israeli firm Smart Shooter. SMASH-series sights have the ability to detect and lock onto targets of interest, even ones on the move, and calculate an optimal aim point for the shooter. Depending on how the system is configured on a particular gun, it can even prevent the trigger from being pulled until the weapon is properly aimed at the target...

The targeting system in ZeroMark’s FCS is similar, in some very broad strokes, to that of the SMASH family. It uses an array of sensors, including electro-optical cameras and LIDAR, coupled with machine vision and advanced software algorithms, to acquire targets, according to the company. Where ZeroMark’s offering differs most substantially is in its motorized articulating buttstock, which uses the data from the sensors to help physically move the gun’s point of aim. This, in turn, helps the shooter engage the target with greater precision and speed...

“[The mechanized buttstock] doesn’t move the soldier’s arm, it creates a virtual pivot between shoulder pad and handheld positions that creates angular change of the bore axis (ultimately where the gun’s pointed),” ZeroMark CEO Joel Anderson said in an interview earlier this year, according to TechCrunch. “The control systems for it are modeled to compensate for all the human factors (proprioception, noise, movement, torque, etc.) as well as the drone’s movement. So if you point in the general direction of the drone such that you’d be in the vicinity of a drone, the system does the rest.”

Zeromark says it is also easy to install and uninstall as required on a wide variety of different rifle types. A promotional video seen earlier in this story shows prototypes or mock-ups of the system installed on rifles in the AK-47/AKM, AR-15/M16, and Tavor families...

Overall, ZeroMark says its FCS “makes hitting a small drone at 200 yards as easy as hitting a 60-foot-diameter circle” at the same range, per TechCrunch. At least for now, the company has said work on its targeting system is focused on the counter-drone role, but has acknowledged that its system could be adapted for use against a wider array of target types in the future.

Submission + - It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them (404media.co)

Submitted by samleecole
samleecole writes: It is now legal to hack or otherwise bypass technical protection measures on McFlurry machines and other commercial food preparation machines in order to repair them thanks to a new rule issued by the Federal government. After a challenge it has also remained legal to circumvent manufacturer locks that prevent the repair of medical equipment. This is good news in several long-running yet somehow related sagas that has resulted in both a huge number of McDonald’s ice cream machines and a large number of medical devices being broken at any given moment and which often cannot be fixed without the help of their manufacturer due to arbitrary software locks that prevent McDonald’s stores and also hospitals from fixing the devices they own.

The new exemptions to Section 1201 of the Digital Millennium Copyright Act allows for the circumvention of DRM and software locks, which are often called “TPMs” or technical protection measures, on equipment made for “commercial food preparation when circumvention is a necessary step to allow the diagnosis, maintenance, or repair of such a device.” The exemption that allows for the circumvention of software locks on “a lawfully acquired medical device or system, and related data files, when circumvention is a necessary step to allow the diagnosis, maintenance, or repair of such a device or system,” was also renewed, as were exemptions for farm equipment and a host of other devices.

Submission + - NASA is developing a Mars helicopter that could land itself from orbit (newscientist.com)

Submitted by MattSparkes
MattSparkes writes: NASA is working on plans to send another, much larger helicopter to Mars than Ingenuity. The "Chopper" craft would land itself after “screaming into” the planet’s atmosphere at speed, before covering several kilometres a day while carrying scientific equipment. It would probably be the most graceful arrival on the red planet of any lander yet.

Slashdot Top Deals