Dan Drollette shares an article by two staffers at the Center for Global Security Research at Lawrence Livermore National Laboratory from The Bulletin of Atomic Scientists.

"Indian officials acknowledged on October 30th that a cyberattack occurred at the country's Kudankulam nuclear power plant," they write, adding that "According to last Monday's Washington Post, Kudankulam is India's biggest nuclear power plant, 'equipped with two Russian-designed and supplied VVER pressurized water reactors with a capacity of 1,000 megawatts each.'"

So what did we learn? While reactor operations at Kudankulam were reportedly unaffected, this incident should serve as yet another wake-up call that the nuclear power industry needs to take cybersecurity more seriously. There are worrying indications that it currently does not: A 2015 report by the British think tank Chatham House found pervasive shortcomings in the nuclear power industry's approach to cybersecurity, from regulation to training to user behavior. In general, nuclear power plant operators have failed to broaden their cultures of safety and security to include an awareness of cyberthreats. (And by cultures of safety and security, those in the field -- such as the Fissile Materials Working Group -- refer to a broad, all-embracing approach towards nuclear security, that takes into account the human factor and encompasses programs on personnel reliability and training, illicit trafficking interception, customs and border security, export control, and IT security, to name just a few items. The Hague Communique of 2014 listed nuclear security culture as the first of its three pillars of nuclear security, the other two being physical protection and materials accounting.)

This laxness might be understandable if last week's incident were the first of its kind. Instead, there have been over 20 known cyber incidents at nuclear facilities since 1990. This number includes relatively minor items such as accidents from software bugs and inadequately tested updates along with deliberate intrusions, but it demonstrates that the nuclear sector is not somehow immune to cyber-related threats. Furthermore, as the digitalization of nuclear reactor instrumentation and control systems increases, so does the potential for malicious and accidental cyber incidents alike to cause harm.

This record should also disprove the old myth, unfortunately repeated in Kudankulam officials' remarks, that so-called air-gapping effectively secures operational networks at plants. Air-gapping refers to separating the plant's internet-connected business networks from the operational networks that control plant processes; doing so is intended to prevent malware from more easily infected business networks from affecting industrial control systems. The intrusion at Kudankulam so far seems limited to the plant's business networks, but air gaps have failed at the Davis-Besse nuclear power plant in Ohio in 2003 and even classified U.S. military systems in 2008. The same report from Chatham House found ample sector-wide evidence of employee behavior that would circumvent air gaps, like charging personal phones via reactor control room USB slots and installing remote access tools for contractors... [R]evealing the culprits and motives associated with the Kudankulam attack matters less for the nuclear power industry than fixing the systemic lapses that enabled it in the first place.
"The good news is that solutions abound..." the article concludes, noting guidance, cybersecurity courses, technical exchanges, and information through various security-minded public-private partnerships. "The challenge now is integrating this knowledge into the workforce and maintaining it over time...

"But last week's example of a well-established nuclear power program responding to a breach with denial, obfuscation, and shopworn talk of so-called 'air-gaps' demonstrates how dangerously little progress the industry has made to date."

An anonymous reader quotes a report from Gizmodo: Two individuals were arrested this week in connection with a fraud scheme that manipulated thousands of victims into paying for invented tech services that they didn't need. The Department of Justice announced that the two individuals Romana Leyva, 35, and Ariful Haque, 33, were arrested Wednesday for their alleged participation in the fraud scheme, which involved convincing victims -- many of whom were elderly -- in both the U.S. and Canada that they needed tech and virus protection services that were neither real nor required.

Between March 2015 and December 2018, both Ariful and Haque were allegedly involved with the fraud ring responsible for the crimes. According to an unsealed indictment, the scheme involved targeting victims with pop-up windows -- sometimes under the guise of being a legitimate tech company -- that claimed their computer had been infected with a virus and directed them to call a number for technical support. In some cases, the message threatened that if the individual closed the window or shut down their computer, it would either bork their device or result in a "complete data loss." Once users contacted the number, they were connected with a fake technician. To convince victims to hand over money, after receiving "permission" from the victim, the fraud ring allegedly remotely accessed the individual's computer, loaded an anti-virus tool that's available for free online, and informed the individual that their computer was infected with a virus (which, again, was a lie). The DOJ says the scheme was able to successfully scam "at least" 7,500 victims out of a combined $10 million.

Both of the individuals arrested are charged with one count of wire fraud and one count of conspiracy to commit wire fraud. Each count carries a maximum penalty of 20 years imprisonment.

This weekend Disney revealed more details about Star Wars: Galactic Starcruiser, a cruise-like experience which promises "a two-night, all-immersive adventure," inviting visitors to "live your very own epic Star Wars story."

Gizmodo reports: Like a cruise ship, everyone boards at once and everyone leaves at once. How that works though is, you arrive to a special terminal in Orlando to check in. From there you get on a "launch pod" that blasts you into space. That's where you meet up with the Halcyon, the ship you'll be on the next two days, as you travel through space. Now, when I say "launch" and "travel through space" that's just the illusion, obviously. Disney didn't explain how they will achieve it but, probably lots of screens and different animations to try and make you feel like you are in a real space.

Once you get on the ship, how you experience the adventure is up to you. You can relax and watch the stars fly by as the Halcyon travels through space. Or you can take place in all manner of different activities to learn how to be a hero. You can use a lightsaber, you can help pilot the ship, or you can learn about the ship's defenses so that, just in case the First Order drops by, you'll be able to help. (They'll be dropping by.) The crew will be comprised of "aliens," every window has a view into space (including the one in your cabin), and characters new and old (they showed Chewie, Rey and Kylo) will be part of the experience. An experience that has one stop on it -- Batuu and the Black Spire Outpost, aka Star Wars Galaxy's Edge.
The Disney Parks blog promises the starcruiser "will fully immerse guests in a galaxy far, far away."

AmiMoJo shares a report from Gizmodo: Plenty of cat owners will happily tell you their felines are capable of responding to their own names, but the scientific jury remains ambivalent on the matter. A fascinating new experiment suggests this might actually be true for some cats, and it's a capacity very much tied to the social environment in which the cat lives. The new research, published today in Scientific Advances, doesn't mean cats understand the human conception of a name, but it does show that at least some cats can distinguish their names from other words. Prior research has shown that cats can recognize human gestures, facial expressions, and vocal cues. Slashdot reader sciencehabit adds: Give this a shot at home: Say four random words to your cat -- separated by about 15 seconds -- with the same length and intonation as its name. Then say its actual name. If it swivels its ears or perks up its head, chances are it knows what you call it. That's essentially what researchers did in a new study. The scientists saw similar responses when the cat's name came after the names of other felines he lived with, or when a stranger spoke the words. The findings are the first to experimentally show that cats have some understanding of what we are saying to them, the team concludes.

An anonymous reader quotes a report from Gizmodo: The Democratic nominee for governor of Colorado, U.S. Representative Jared Polis, wants to add blockchain to the list of items voters consider this year. Polis currently represents Colorado's 2nd district in the House, and he won the Democratic gubernatorial nomination last month. He's held his seat in the House for about a decade and has been a fairly solid progressive. On Wednesday, Polis added a set of limited proposals regarding blockchain to his gubernatorial platform that at least give us an idea of what it means for a politician to campaign on blockchain. Polis told us he would like to resolve some of the "ambiguity" in federal rules, encourage fintech company investment, remove some licensing requirements for token securities, and exempt cryptocurrencies from state money transition laws. He says these companies are "trying to fit what they're doing into an obsolete, outdated, and often obsolete federal law."

Polis also wants to explore how blockchain could be used for voting security. Polis isn't ready to necessarily endorse moving all voting to the blockchain system. He likes paper ballots and told us, "this would be more how the information is generated and stored from those paper ballots rather than doing so in a centralized database it would be done across a distributed ledger." The congressman also thinks that blockchain could be used to streamline the process for storing public records and making them available to the public. "We're talking more about everything from Colorado contracts, expenditures, titles, a lot of the data-intensive aspects of state government can be more secure and more accessible through distributed ledgers," he said.

bongey writes: T-Rex would have a hard time even catching an average human running, much less Usain Bolt or Jeeps, without shattering their legs into pieces. New research based on simulations that include the load on the bones show that T-Rex would have a hard time running faster than 12 miles per hour (5.4 meters per second) without bones breaking. The new research correlates to speeds calculated from adolescence sized T-Rex dinosaur footprints in 2016, which showed walking speeds to be only 2-5mph, and estimated running speeds 11-18 mph. Gizmodo notes that while T. rex was unable to pursue its prey at high speeds, high speed is a relative term. "For reference, typical humans can sprint anywhere between eight to 15 miles per hour (elite athletes can exceed 20 mph). So to outrun a T. rex, many animals -- or fictional humans -- would still have to run like hell."

An anonymous reader writes: There were some surprises in today's edition of the EFF's "EFFector" newsletter. Noting that it's their sqrt(-1)th issue, they report that the EU will protect the privacy of its data by building a 30-foot wall around the United States. "Only U.S. tech companies that comply with EU privacy restrictions and prohibit U.S. government access to their data will be given fiber optic grappling hooks to transport Europeans' data across the Atlantic, over the wall, and back to their U.S.-based servers."

The newsletter also reports that the bipartisan leaders of the U.S. House and Senate Intelligence Committees "apologized during a press conference this morning for failing to provide rigorous supervision of the intelligence community." And the newsletter also reports that Deadpool won an Oscar after PricewaterhouseCoopers mistakenly handed the presenters an envelope with a list of the most-frequently torrent-ed movie of 2016. But perhaps its most unexpected headline is "Comcast to Assimilate with the Borg."
The Borg said the deal would increase its market share, nationwide reach, and overall reputation for evil -- while Comcast claimed that the deal would boost competition.

An anonymous reader shares a Gizmodo report: Peeking inside a book bin at a Seattle Goodwill, Redditor vadermeer caught an interesting, unexpected glimpse into the early days of Apple: a cache of internal memos, progress reports, and legal pad scribbles from 1979 and 1980, just three years into the tech monolith's company history. The documents at one point belonged to Jack MacDonald -- then the manager of systems software for the Apple II and III (in these documents referred to by its code name SARA). The papers pertain to implementation of Software Security from Apple's Friends and Enemies (SSAFE), an early anti-piracy measure. Not much about MacDonald exists online, and the presence of his files in a thrift store suggests he may have passed away, though many of the people included in these documents have gone on to long and lucrative careers. The project manager on SSAFE for example, Randy Wigginton, was Apple's sixth employee and has since worked for eBay, Paypal, and (somewhat tumultuously) Google. Apple co-founder Steve Wozniak also features heavily in the implementation of these security measures.

SpaceX isn't the only private company interested in reusable rockets. Blue Origin, an American privately-funded aerospace manufacturer established by Amazon.com founder Jeff Bezos, surprised everyone, including itself, by successfully landing its New Shepard rocket in today's in-flight launch escape test. Gizmodo reports: Moments ago, Blue Origin conducted an in flight test of its launch escape system, separating a crew capsule from its New Shepard booster at an altitude of 16,000 feet. This test was critical to ensure that the rocket will be safe for human passengers, whom Blue Origin hopes to start flying into sub-orbital space as early as next year. Not only did the crew capsule make a clean separation, deploy its parachutes, and land softly in a small cloud of dust back on Earth, but the booster -- which everybody expected to go splat -- continued on its merry way into suborbital space, after which it succeeded in landing smoothly back on Earth for a fifth time. Although Blue Origin has tested its launch escape system on the launchpad before, this is the first time such a system has been tested, by anyone, in flight since the 1960s. It was almost too perfect. You can watch the test here.

Presto Vivace writes: [Gawker reports:] "Peter Thiel, the tech billionaire-turned-Trump delegate who successfully bankrupted Gawker Media, has long been obsessed with anti-aging technologies. He believes people have been conned by 'the ideology of the inevitability of the death of every individual,' and has funded startups dedicated to extending the human lifespan. According to Jeff Bercovici of Inc. magazine, Thiel is so afraid of dying that he has begun exploring a novel, and fairly unsettling, technique: Harvesting, and injecting himself with, the blood of younger people." Vampire capitalism is real. In an unpublished interview with Bercovici last year, Thiel said: "I'm looking into parabiosis stuff [...] where they [infected] the young blood into older mice and they found that had a massive rejuvenating effect. [...] I think there are a lot of these things that have been strangely under-explored." When asked if he meant parabiosis was "really interesting" as a business opportunity or a personal-health treatment, Thiel suggested the latter: "That would be one where it's more just, do we think the science works? Some of these it's not clear there's actually a great company to start around it. [...]"

An anonymous reader writes: In celebration of Sonic the Hedgehog's 25th anniversary, Sega has announced two new Sonic games at Comic-Con in San Diego. The first game is called Sonic Mania and it's a 2D platformer that features visuals and gameplay reminiscent of the classic Genesis games. "It revamps zones and acts from Sonic the Hedgehog, Sonic the Hedgehog 2, Sonic CD, Sonic the Hedgehog 3, and Sonic and Knuckles, in addition to introducing new ones into the fold," writes Mat Paget from GameSpot. The second game has no title [besides "Project Sonic 2017"], but it does have a holiday 2017 release date for PS4, Xbox One, and Nintendo NX consoles. It reportedly features both classic and modern versions of Sonic, similar to 2011's Sonic Generations. Sega made two additional announcements. "Mobile game Sonic Dash has passed 200 million downloads and will receive a special in-game event that adds the Green Hill Zone and Classic Sonic as a playable character," reports GameSpot. "The event only lasts a week, but players can unlock both the classic level and character for use after the event." The second additional announcement is that the animated Sonic Boom series will be renewed for a second season. "Sonic Mania was born out of our fans' love of the classic Sonic 2D platform games,â said Sonic Team head Takashi Iizuka. "This type of collaboration is a first for Sega and we hope everyone will be both surprised and delighted by this title. Sonic Mania has been a passion project for the entire team and we look forward to sharing more details about it later this year. Having the game actually playable at the event itself tonight was testament to the dedication of the team behind it.â

John McAfee, best known for creating McAfee security suite, apparently tried to trick journalists into believing that he is capable of breaking WhatsApp's end-to-end encryption and reading the private conversations. Gizmodo reports that McAfee tried to do so by sending journalists with compromised smartphones -- riddled with malicious tools such as keylogger. From the report: "[John McAfee was offering to a different couple of news organizations to mail them some phones, have people show up, and then demonstrate with those two phones that [McAfee] in a remote location would be able to read the message as it was sent across the phones," cybersecurity expert Dan Guido, who was contacted by a reporter trying to verify McAfee's claims said. "I advised the reporter to go out and buy their own phones, because even though they come in a box it's very easy to get some saran wrap and a hair dryer to rebox them."

Considered by many to be one of the most influential mathematicians alive today, Neil Sloane has made major contributions to the fields of sphere packing, combinatorics, and error-correcting codes. He is probably best known for being the creator and curator of the On-Line Encyclopedia of Integer Sequences (OEIS), known simply as “Sloane” by its many users. The repository is over 50 years old and contains over 260,000 sequences.

Neil recently turned 76 but his passion for mathematics remains as strong as ever. Talking about a recent project, he writes: “Back in September I was looking at an old sequence in the OEIS. The sequence starts 1, 12, 123, 1234, 12345, ..., 123456789, 12345678910, 1234567891011, ... The n-th term: just write all the decimal numbers from 1 to n in a row and think of this as a big number. The entry for the sequence had a comment that it is expected that there are infinitely many terms which are primes, but that no prime was known, even though Dana Jaconsen had checked the first 64,000 terms. So I asked various friends and correspondents about this, and people extended the search somewhat. In fact Ernst Mayer has set up a cloud-source project to look for primes in the sequence, and the sequence has now been checked to nearly n = 270,000 without finding a prime. But I am hopeful that a prime will appear before we get to n = 10^6. When a prime is found, as it surely will be, it probably won't be the largest prime known, but it will be close to the record (which is held by the latest Mersenne prime). We may make it into the top ten. It will certainly be the largest known prime which is easy to write down! (Explicitly, I mean. You may know that 2^32582657-1 is prime, but you won't be able to write down the decimal expansion without using a computer).”

Neil has agreed to take some time away from his favorite sequences and answer any questions you may have. As usual, ask as many as you'd like, but please, one question per post.

Lenovo Yoga Tablet 2 with Windows: It flips, folds and hangs, but there's one thing missing

An anonymous reader writes A new interview published this week looks at the creation of Infinite Crisis, one of the slew of Dota 2/League of Legends team multiplayer competitors currently under development. What makes this one stand out however is not only its use of DC Comics heroes like Batman and Wonder Woman, but the experience of the studio behind it, Turbine, in massively multiplayer online games and punishing abusive and toxic players, something League of Legends developer Riot has serious struggles with. Turbine was the studio behind the popular Asheron's Call, and is applying many of th same policing techniques it used in RPGs to the growing MOBA genre. Of course, they still have troubles with the inevitable: balancing Superman as a playable character. it's a challenge, Kerr admits, especially when you're having to nerf the Man of Steel as a result. "Yes, we redid Superman three times, because, and I know this is going to be a surprise, he was super overpowered," says Infinite Crisis creative director Cardell Kerr.

RogueyWon writes: "A recent blog post from Lucasarts had confirmed that the new Star Wars movies planned for release by Disney will formally break continuity with the Expanded Universe novels, comics and video games. They say, 'In order to give maximum creative freedom to the filmmakers and also preserve an element of surprise and discovery for the audience, Star Wars Episodes VII-IX will not tell the same story told in the post-Return of the Jedi Expanded Universe.' The news is unlikely to be a surprise, given George Lucas's previous pronouncements on the issue."

savuporo writes "The two days of DARPA's humanoid robotics challenge are now over. 16 teams entered in three categories — custom built humanoid, DARPA supplied Atlas platform, and a non-humanoid form — and competed in eight different tasks. The all-Japanese SCHAFT team scored 27 out of 32 maximum points, followed by IHMC Robotics and Tartan Rescue, with 20 and 18 points. The tasks included challenges like driving a vehicle, climbing ladders and walls, using handheld tools to cut through walls, etc. All robots had a mix of autonomy and teleoperated controls to accomplish the tasks. Full details on scores can be found here. The eight teams that scored highest will get continued funding from DARPA to compete in the final challenge in 2014. Two NASA teams also entered, and the JPL-built non-humanoid RoboSimian placed 5th, whereas the JSC built and touted 'Valkyrie' came out of competition with zero points. Team SCHAFT and Boston Dynamics (building the Atlas platform) were recently acquired by Google."

ananyo writes "A team of physicists has provided some of the clearest evidence yet that our Universe could be just one big projection. In 1997, theoretical physicist Juan Maldacena proposed that an audacious model of the Universe in which gravity arises from infinitesimally thin, vibrating strings could be reinterpreted in terms of well-established physics. The mathematically intricate world of strings, which exist in nine dimensions of space plus one of time, would be merely a hologram: the real action would play out in a simpler, flatter cosmos where there is no gravity. Maldacena's idea thrilled physicists because it offered a way to put the popular but still unproven theory of strings on solid footing — and because it solved apparent inconsistencies between quantum physics and Einstein's theory of gravity. It provided physicists with a mathematical Rosetta stone, a 'duality', that allowed them to translate back and forth between the two languages, and solve problems in one model that seemed intractable in the other and vice versa. But although the validity of Maldacena's ideas has pretty much been taken for granted ever since, a rigorous proof has been elusive. In two papers posted on the arXiv repository, Yoshifumi Hyakutake of Ibaraki University in Japan and his colleagues now provide, if not an actual proof, at least compelling evidence that Maldacena's conjecture is true."

hypnosec writes that the government of Thailand "has declared Bitcoin illegal following which all trading activities related to the electronic currently have been suspended indefinitely. Through a message posted on its website, the Bitcoin Co. Ltd. has said officials of the Foreign Exchange Administration and Policy Department cited absence of applicable laws, capital controls "and the fact that Bitcoin straddles multiple financial facets" as reasons because of which the virtual currency is illegal. This ruling implies that activities such as buying & selling of Bitcoins, buying or selling any service in exchange of Bitcoins, sending Bitcoins to anyone located outside of Thailand, and receiving Bitcoins from anyone outside of Thailand are illegal. This has forced the company to indefinitely suspend operations."

beaverdownunder writes "Melbourne restauranteur Paul Mathis has developed a one-character replacement for the word 'The' – effectively an upper-case 'T' and a lower-case 'h' bunched together so they share the upright stem – and an app that puts it in everyone's hand by allowing users to download an entirely new keyboard complete not just with his 'Th' symbol, but also a row of keys containing the 10 or 15 (depending on the version) most frequently typed words in English. Mathis has already copped criticism from people who claim he is attempting to trademark a symbol that is part of the Serbian Cyrillic alphabet (pronounced 'tshe,' the letter represents the 'ch' sound found in the word 'chew')."