From Dominic Gwinn at wonkette:
Yesterday the DOJ announced that the FBI had taken control of a major server in a Kremlin-linked Russian botnet that has infected 500,000 home and office routers in 54 countries. Computer nerds and authorities believe this to be one of the missing pieces in the 2016 DNC hacking puzzle, and are urging people to reset both their home and office routers.
Known as VPNFilter, the malware infected routers from Linksys, MikroTik, NETGEAR, and TP-Link. (Yep, one of those is your router!) Once installed, the malware could quietly download add-ons that allow attackers to spy on incoming and outgoing Internet traffic, steal website credentials, and brick (AKA: kill) any infected hardware.
The FBI, DOJ, and nerds are recommending people immediately reset routers to wipe out potential infections, as well as installing firmware and software updates, and changing your passwords.
Some more detail, from Ars Technica:
Both Cisco and Symantec are advising users of any of these devices to do a factory reset, a process that typically involves holding down a button in the back for five to 10 seconds. Unfortunately, these resets wipe all configuration settings stored in the device, so users will have to reenter the settings once the device restarts. At a minimum, Symantec said, users of these devices should reboot their devices. That will stop stages 2 and 3 from running, at least until stage 1 manages to reinstall them.
Users should also change all default passwords, be sure their devices are running the latest firmware, and, whenever possible, disable remote administration. (Netgear officials in the past few hours started advising users of "some" router models to turn off remote management. TP-Link officials, meanwhile, said they are investigating the Cisco findings.
There's no easy way to determine if a router has been infected. It's not yet clear if running the latest firmware and changing default passwords prevents infections in all cases. Cisco and Symantec said the attackers are exploiting known vulnerabilities, but given the general quality of IoT firmware, it may be possible the attackers are also exploiting zeroday flaws, which by definition device manufacturers have yet to fix.
'[G]iven the worldwide nature of business and worldwide travel of people
The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the
The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."
SB 1001 should not become law.
- The studies came out of a program that also funded research into UFO sightings.
- One report describes the possibility of using dark energy to warp space and effectively travel faster than light.
- However, a theoretical physicist says there's "zero chance that anyone within our lifetimes or the next 1,000 years" will see it happen.
Sometime after August 2008, the US Department of Defense contracted dozens of researchers to look into some very, very out-there aerospace technologies, including never-before-seen methods of propulsion, lift, and stealth. Two researchers came back with a 34-page report for the "propulsion" category titled, "Warp Drive, Dark Energy and the Manipulation of Extra Dimensions". The document is dated April 2, 2010, though it was only recently released by the Defense Intelligence Agency. The authors suggest we may not be too far away from cracking the mysteries of higher, unseen dimensions and negative or "dark energy" — a repulsive force that physicists believe is pushing the universe apart at ever-faster speeds.
"Control of this higher dimensional space may b source of technological control vr the dark energy density and could ultimately play role in the development of exotic propulsion technologies; specifically, warp drive," the authors write.
However, Sean Carroll, a theoretical physicist at Caltech who studies and follows the topics covered by the report, had a lot of cold water to pour on the report's optimism.
"It's bits and pieces of theoretical physics dressed up as if it has something to do with potentially real-world applications, which it doesn't." Carroll said. "There is something called a warp drive, there are extra dimensions, there is a Casimir effect, and there's dark energy. All of these things are true," he said. "But there's zero chance that anyone within our lifetimes, or the next 1,000 years, are going to build anything that makes use of any of these ideas, for defense purposes or anything like that." "If you took the entire Earth and annihilated it into energy, that's how much energy you'd need, except you'd need a negative amount of that, which no one has any clue how to make," Carroll said. "We're not taking the atoms of the Earth and dispersing them like the Death Star would do. We're making them cease to exist."
The study states that its conclusions are speculative, admits the negative-energy figure "is, indeed, an incredible number," and adds that "a full understanding of the true nature of dark energy may be many years away." However, it suggests "that experimental breakthroughs at the Large Hadron Collider or developments in the field of M-theory could lead to quantum leap in our understanding of this unusual form of energy and perhaps help to direct technological innovations."
Several weeks ago, it became clear that the most important instrument—the Advanced Baseline Imager—had a cooling problem. This instrument images the Earth at a number of different wavelengths, including the visible portion of the spectrum as well as infrared wavelengths that help detect clouds and water vapor content. The infrared wavelengths are currently offline. The satellite has to be actively cooled for these precision instruments to function, and the infrared wavelengths only work if the sensor stays below 60K—that’s about a cool -350F. The cooling system is only reaching that temperature 12 hours a day. The satellite can still produce visible spectrum images, as well as the solar and lightning monitoring, but it’s not a glorious next-gen weather satellite without that infrared data.
According to a report by Capitol Media Services published in the Arizona Daily Star, state Superintendent of Public Instruction Diane Douglas has proposed to largely eliminate mentions of the word "evolution" from the state's educational standards, instead replacing them with phrases like "change over time," "biological diversity" and "change in genetic composition."
The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the company's internal tools. The subdomain — promotool.t-mobile.com, which can be easily found on search engines — contained a hidden API that would return T-Mobile customer data simply by adding the customer's cell phone number to the end of the web address.
Although the API is understood to be used by T-Mobile staff to look up account details, it wasn't protected with a password and could be easily used by anyone.
The returned data included a customer's full name, postal address, billing account number, and in some cases information about tax identification numbers. The data also included customers' account information, such as if a bill is past-due or if the customer had their service suspended.
"The autonomous Uber SUV that struck and killed an Arizona pedestrian in March spotted the woman about six seconds before hitting her, but did not stop because the system used to automatically apply brakes in potentially dangerous situations had been disabled, according to federal investigators.
In a preliminary report on the crash, the National Transportation Safety Board said Thursday that emergency braking is not enabled while Uber's cars are under computer control, "to reduce the potential for erratic vehicle behavior."
Instead, Uber relies on a human backup driver to intervene. The system, however, is not designed to alert the driver."
The report comes a day after Uber announced it will be ending it's self driving vehicle testing in Arizona.
Full report available at https://www.ntsb.gov/news/pres...