Forgot your password?
Close
typodupeerror

Submission + - SPAM: Fire destroys gov cloud storage, no backups available

Submitted by Anonymous Coward
An anonymous reader writes: NIRS fire destroys government's cloud storage system, no backups available

“A fire at the National Information Resources Service (NIRS)'s Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil servants, the Ministry of the Interior and Safety said Wednesday.”

Submission + - Cloudflare Starts Blocking Pirate Sites For UK Users (torrentfreak.com)

Submitted by Anonymous Coward
An anonymous reader writes: Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK’s residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents. These so-called “no fault’ injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won’t contest a blocking order against various pirate sites, and typically that’s good enough for the Court to issue an order with which they subsequently comply. For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs’ individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.

In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world. The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the [Error 451 — Unavailable for Legal Reasons] notice ... As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK. [...] In this case there’s no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority. [...] The issue lies with dynamic injunctions; while a list of domains will appear in the original order (which may or may not be made available), when the MPA concludes that other domains that appear subsequently are linked to the same order, those can be blocked too, but the details are only rarely made public.

From information obtained independently, one candidate is an original order obtained in December 2022 which requested blocking of domains with well known pirate brands including 123movies, fmovies, soap2day, hurawatch, sflix, and onionplay. This leads directly to another unusual issue. The notice linked from Cloudflare doesn’t directly concern Cloudflare. The studios sent the notice to Google after Google agreed to voluntarily remove those domains from its search indexes, if it was provided with a copy of relevant court orders. Notices like these were supplied and the domains were deindexed, and the practice has continued ever since. That raises questions about the nature of Cloudflare’s involvement here and why it links to the order sent to Google; notices sent to Cloudflare are usually submitted to Lumen by Cloudflare itself. That doesn’t appear to be the case here.

Submission + - British Perl guru Matt Trout dead at 42

Submitted by Anonymous Coward
An anonymous reader writes: British Perl guru Matt Trout dead at 42

Obituary Matt Trout will be missed by many, even though he was a divisive figure who featured several times on The Register.

Trout was a child prodigy and also found his way into the Perl community young – in his own words, "thrust into Perl at the tender age of seventeen by a backup accident". His verdict on the language, from his homepage, spoke to us:

Perl is a wonderful language once you get over the fact that a slightly quirky set of syntax and embedded regular expressions have a tendency to make it look like line noise in the wrong light. Once you're used to it, it's a hell of an expressive dynamically typed language with a huge set of libraries and classes available for it.

Submission + - Crypto 'Pig Butchering' Scam Wrecks Kansas Bank, Sends Ex-CEO To Prison (nbcnews.com)

Submitted by Anonymous Coward
An anonymous reader writes: The former CEO of a small Kansas bank was sentenced to more than 24 years in prison for looting the bank of $47 million — which he sent to cryptocurrency wallets controlled by scammers who had duped him in a “pig butchering” scheme that appealed to his greed, federal prosecutors said. The massive embezzlement by ex-CEO Shan Hanes in a series of wire transfers over just eight weeks last year led to the collapse and FDIC takeover of Heartland Tri-State Bank in Elkhart, one of only five U.S. banks that failed in 2023.

Hanes, 53, also swindled funds from a local church and investment club — and a daughter’s college savings account — to transfer money, purportedly to buy cryptocurrency as the scammers insisted they needed more funds to unlock the supposed returns on his investments, according to records from U.S. District Court in Wichita, Kansas. But Hanes never realized any profit and lost all of the money he stole as a result of the scam. Judge John Broomes on Monday sentenced Hanes to 293 months in prison — 29 months more than what prosecutors requested after he pleaded guilty in May to a single count of embezzlement by a bank officer. [...]

[P]rosecutors and bank regulators said that Hanes, who has three daughters with his school teacher wife, began stealing after being targeted in a pig-butchering scheme in late 2022. That scheme was described in a court filing as “a scammer convincing a victim (a pig) to invest in supposedly legitimate virtual currency investment opportunities and then steals the victim’s money — butchering the pig.” Hanes, who had served on the board of the American Bankers Association, and been chairman of the Kansas Bankers Association, in December 2022 began making transactions to buy cryptocurrency, which “appeared to be precipitated by communication with an unidentified co-conspirator on the electronic messaging app ‘WhatsApp,’” prosecutors wrote in a court filing. “To date, the true identity of the co-conspirator, or conspirators, remain unknown,” the filing notes. Hanes initially used personal funds to buy crypto, but in early 2023 he stole $40,000 from Elkhart Church of Christ and $10,000 from the Santa Fe Investment Club, according to prosecutors and a defense filing. He also used $60,000 taken from a daughter’s college fund, and nearly $1 million in stock from the Elkhart Financial Corporation, his lawyer said in a filing.

In May 2023, he began to make wire transfers from Heartland Tri-State Bank to accounts controlled by scammers, at first with a $5,000 transfer. Two weeks later, on May 30, Hanes wired $1.5 million and a day after that, he sent another transfer of the same amount the following day, filings show. Three days later he directed two wire transfers totaling $6.7 million to be sent by the bank to the crypto wallet, and a whopping $10 million less than two weeks later, and another $3.3 million days afterward. Hanes told bank employees to execute the wire transfers, and “made many misrepresentations to various people” to get access to the funds so they could be transferred, prosecutors wrote. Heartland Tri-State employees circumvented the bank’s own wire policy and daily limits to approve Hanes’ wire transfers, according to a report by the Office of the Inspector General of the Board of Governors of the Federal Reserve System.

Submission + - Twitter deal may be the worst leveraged buyout deal for banks since Lehman (fortune.com) 1

Submitted by smooth wombat
smooth wombat writes: Purchased for $44 billion after an acrimonious attempt to back out of the deal, it is looking like Elon Musk's purchase of Twitter is the worst leveraged buyout since the 2008 global financial crisis. At last check, the company is worth only one quarter of its purchase price, a plummet exacerbated by Musk telling advertisers to ‘Go fuck yourself’ when they chose not to advertise on the site.

Typically, Wall Street banks will underwrite the debt financing from major deals, later packaging and selling the debt on to professional investors like hedge funds and pension plans in a matter of weeks or sometimes months. But the poor timing of the October 2022 Twitter deal, struck just when borrowing costs began to soar, combined with the dire financials of the social media company, soured any appetite on the part of money managers.

Nearly two years on, investment banks have been unable to offload the debt, tying up precious capital and limiting their ability to originate and finance more deals. In fact, no LBO debt has sat longer on balance sheet since the Lehman Brothers bankruptcy, according to new information from PitchBook LCD cited by the Wall Street Journal on Tuesday.

The previous record was 13 months stemming from the 2007 acquisition of car-parts group Tower Automotive by private equity firm Cerberus during the peak of the subprime bubble.

Submission + - Major Backdoor in Millions of RFID Cards Allows Instant Cloning (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.

Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper.

Submission + - Boeing, Lockheed Martin Consider Selling Space Launch Business (avweb.com)

Submitted by schwit1
schwit1 writes: As NASA brass debate the future of its crew capsule, Boeing is said to be trying to get out of the space launch business. Reuters is reporting that Boeing and Lockheed Martin, who jointly operate United Launch Alliance, are in talks to sell their rocket business to Sierra Space, a subsidiary of Sierra Nevada Corporation, an increasingly influential defense contractor that recently landed a $13 billion deal to build the federal government's new Survivable Airborne Operations System based on five used Boeing 747-8s.

The talks about the rocket business are in their early stages, and ULA has previously tried to unload it without success. The company competes with SpaceX to launch government payloads into orbit. Reuters said the company should bring in between $2 billion-$3 billion and could fit Sierra Nevada's plan to bring its Dream Chaser space plane to market and service the space station it's planning to build in partnership with Jeff Bezos's Blue Origin.

Submission + - Nuclear Fusion Reactor Created By School Teenager Successfully Achieved Plasma (interestingengineering.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: Astudent has successfully developed a small nuclear fusion reactor as part of his A-Levels. The 17-year-old built the reactor to generate neutrons as part of his Extended Project Qualification (EPQ). Notably, Cesare Mencarini’s work is claimed to be the only nuclear reactor built in a school environment. Showcased at the Cambridge Science Festival recently, the nuclear reactor achieved plasma a few months ago. It also gave Mencarini an A* in his A-Level results, according to reports. [...] Mencarini maintained that the goal of the reactor is to create conditions that are required for fusion. However, the project couldn’t get same pressure that’s generated by the Sun due to its own gravity. Therefore, to make atoms hot enough, the teen used high voltage.

The reactor achieved plasma in June. “Two days ago I achieved plasma, which was brilliant and I’m massively happy about this,” wrote Mencarini in a LinkedIn post. “The system is running thanks to a Leybold Trivac E2 roughing pump, which allows me to achieve a minimum pressure of 8E-3 Torr.” At that time, he mentioned that Pfeiffer TPH062 would be used later to achieve fusion. “This turbomolecular pump is currently isolated by a VAT Throttling Valve.” “The grid is then attached to a 30kV rated High Voltage Feedthrough connected to a 5kV Unilab power supply, which allows me to use the fusor in my school (It is limited to a 2mA output). While running the fusor I experimented with 2 grids which you can see in the images,” added Mencarini in the post.

Submission + - ATM PINs Can Be Reconstructed From Hand Positions Even When Obscured (researchgate.net)

Submitted by rezoG
rezoG writes: University of Padova researchers used a machine learning algorithm to reconstruct PINs entered by "victims" on ATMs from the positions of the typing hands, even when the PIN pad was covered.

Automated Teller Machines (ATMs) represent the most used system for withdrawing cash. The European Central Bank reported more than 11 billion cash withdrawals and loading/unloading transactions on the European ATMs in 2019. Although ATMs have undergone various technological evolutions, Personal Identification Numbers (PINs) are still the most common authentication method for these devices. Unfortunately, the PIN mechanism is vulnerable to shoulder-surfing attacks performed via hidden cameras installed near the ATM to catch the PIN pad. To overcome this problem, people get used to covering the typing hand with the other hand. While such users probably believe this behavior is safe enough to protect against mentioned attacks, there is no clear assessment of this countermeasure in the scientific literature. This paper proposes a novel attack to reconstruct PINs entered by victims covering the typing hand with the other hand. We consider the setting where the attacker can access an ATM PIN pad of the same brand/model as the target one. Afterward, the attacker uses that model to infer the digits pressed by the victim while entering the PIN. Our attack owes its success to a carefully selected deep learning architecture that can infer the PIN from the typing hand position and movements. We run a detailed experimental analysis including 58 users. With our approach, we can guess 30% of the 5-digit PINs within three attempts — the ones usually allowed by ATM before blocking the card. We also conducted a survey with 78 users that managed to reach an accuracy of only 7.92% on average for the same setting. Finally, we evaluate a shielding countermeasure that proved to be rather inefficient unless the whole keypad is shielded.

Submission + - Anatomy of Linux Kernel Shared Memory

Submitted by Anonymous Coward
An anonymous reader writes: An interesting change in the 2.6.32 kernel is Kernel Shared Memory (KSM). KSM allows the hypervisor to increase the number of concurrent virtual machines by consolidating identical memory pages. Explore the ideas behind KSM (such as storage de-duplication), its implementation, and how you manage it.

Slashdot Top Deals

It is better to travel hopefully than to fly Continental.

Close