• Content Count

  • Joined

  • Last visited

  • Days Won


kya100 last won the day on January 17

kya100 had the most liked content!

About kya100

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

983 profile views
  1. Google announced that it was going to start charging law enforcement authorities for legal data disclosure requests, such as subpoenas and search warrants, related to its users. The company receives thousands of petitions from authorities every year and has decided to charge to help “offset the costs” associated with producing the information. The New York Times reports that Google sent out a notice announcing the new fees, which went into effect on Jan. 13, to law enforcement officials. The fees are legal, as federal law allows companies to charge reimbursement fees for these requests, and they are not new for Google. According to the Times, the company has charged to fulfill legal data requests in the past, and it is not the only company that charges for such work. Cell phone carriers have been charging to fulfill similar legal requests for years. Nonetheless, a Google spokesman told the Times that for many years now, the company had not “systematically charged” for these requests. In the first half of 2019, Google received more than 26,000 data disclosure requests in the U.S. It also received more than 11,000 data preservation requests, or requests to set aside a copy of specific data while the government agency obtains a legal process to obtain the information. Google’s “Notice of Reimbursement” documented sent to law enforcement officials listed the following prices for different data requests. Subpoena: $45 Order: $150 Search warrant: $245 PRTT (Pen register or trap and trace) order: $60 Wiretap order: $60 The Google spokesman told the Times that the company would not charge for requests in some cases, such as child safety investigations and life-threatening emergencies. Law enforcement can get all sorts of information on users from Google, although the information that Google provides will depend on the legal demand presented. According to Google’s website, local and federal government agencies can request to obtain information created in the past or information created in real-time. Subpoenas, for instance, will reveal information created in the past. They can require Google to disclose the name a user provided when creating a Gmail address account as well as the IP addresses used to create the account and sign in and sign out. For this last part of information, Google provides the dates and times. A warrant, which also relates to information created in the past, requires Google to provide data such as a user’s search query information and private content stored in a Google account, such as Gmail messages, documents, photos and YouTube videos. Wiretaps and PRTT orders require Google to hand over information created in real-time. Wiretaps require Google to turn over the content of communication in real-time. PRTT, on the other hand, allows law enforcement agencies to retrieve dialing, routing, addressing and signaling information, but excludes the content of communications. PRTT orders can reveal the phone numbers you dial on your phone or the IP address issued by an ISP. The news that Google will begin charging to fulfill legal data requests has received mixed responses. Some told the Times that the new fees would prevent excessive surveillance, while others stated that they would hamper smaller law enforcement agencies. If it does turn out to be a burden on U.S law enforcement, there’s probably a pretty good chance that we’ll hear about it. It’s not like U.S. authorities shy away from fighting with tech companies over issues like these nowadays.
  2. Vyommitra can perform tasks just like an astronaut—and she's bilingual. The Indian Space Research Organisation (ISRO) has released footage of its newest astronaut: a half-humanoid robot named Vyommitra. As part of its Chandrayaan-3 mission, ISRO will send an unmanned lander (well, with Vyommitra inside) to the moon after a failed attempt last September. Vyommitra is meant to help ISRO understand how astronauts will one day interact with the equipment inside India's spacecrafts. When the Indian Space Research Organisation (ISRO) sends its first astronaut into space, it won't have to worry about building her a spacesuit. Vyommitra is a half-humanoid robot that ISRO plans to send to space this December during a bid to successfully land an unmanned spacecraft on the moon. In September, the space agency tried—and failed—to touch down on the lunar surface when its Vikram lander experienced a braking problem. If Vikram had landed safely, India would have been the fourth country to land on the moon, following Russia, the U.S., and China. This time around, as part of India's next space mission, Vyommitra will sit in the Gaganyaan spacecraft, which is equipped to fit up to three humans. The full Gaganyaan agenda, as it stands, is broken into two unmanned missions in December 2020 and July 2021, plus a manned launch in December 2021 or sometime in 2022. Vyommitra will be able to give out warnings if the environment in the cabin changes at all, becoming uncomfortable. That could protect astronauts in the future when India is ready for its manned journey to the moon. Beside the fact she has a particularly humanlike face—though she does look more like a wax figure than a real person—and is bilingual, Vyommitra can also take up certain postures that a real astronaut might sit in for takeoff and launch. Other features include the ability to operate switch panels to control the capsule, plus a social function where, in the future, she'll be able to recognize and chat with fellow astronauts. Vyommitra won't be the first, uh, woman in space, nor will she be the first humanoid robot to accomplish the feat. NASA was actually the first to send a humanoid robot into space. Back in 2011, it put Robonaut, another half-humanoid robot without legs, in the Discovery space shuttle. It was only meant to be a sort of robotic butler, but it certainly set a trend. Then there's Fedor, a humanoid robot whose name stands for "Final Experimental Demonstration Object Research." Last August, Roscomos, the Russian space agency, sent Fedor to the International Space Station (ISS). Fedor looks very different from Vyommitra—he's just under six feet tall, weighs about 350 pounds, and eerily resembles the creature from the 1979 film Alien—and also had a much different task: to set up a new emergency rescue system on a Soyuz 2.1a rocket. JAXA, the Japanese space agency, sent its own robot to the ISS in 2013. Kirobo became the first robot to speak in space and even has a facial recognition camera to see fellow astronauts. However, the robot, which researchers at Toyota and Tokyo University developed, is all alone in space. Indeed, it will help JAXA to understand the best ways to combat space flight-induced loneliness.
  3. We've seen a lot of track-only supercars and hypercars in recent years, but nothing remotely like this. A tiny fraction of a tiny fraction of people in this life get to drive a Formula One car in anger. They're the ultimate expert-level test of a driver, and will bite you savagely if you don't bring talent and skill worthy of their metal. And if you're rich enough to be able to slap down US$2 million to populate your toybox, you can now own one. Bedfordshire's Tour de Force Engineering will start out with a genuine F1 chassis from a Sauber or Marussia car that raced in 2011 or 2012, complete with its suspension and "associated mechanicals." The TDF team, mainly comprised of ex-F1 engineers and technicians, will then fit it with a 1,730cc, 600-horsepower four-cylinder turbo engine, developed from a Mountune unit and tuned so it revs to 9,000 rpm. This is mated to a six speed semi-auto gearbox made from magnesium and carbon fiber. The powertrain is designed to maintain the original race car's weight balance and geometry. TDF says the motor gives you 90 percent of the original 2.4-liter naturally aspirated race engine's performance, without you needing to constantly keep the revs up so high. The ultimate race car, the old saying goes, would cross the finish line and disintegrate into pieces, because anything designed to last longer would be wasting weight on durability that could be sacrificed for more speed. The TDF-1 is not the ultimate race car; indeed, it's nowhere near as flighty and highly-strung as a pukka F1 car. You can start it with a button instead of needing external starter gear, and it only needs servicing once a year or every 3,000 km (1,860 mi). The TDF-1 weighs in at just 600 kg (1,320 lb), hitting the magical one horsepower per kilogram mark that production supersport motorcycles didn't achieve until sometime in the late 2000s. It hardly needs to be stated that the weight of a rider will change that equation much more than the weight of a driver will in this car. The speed and acceleration will be biblical. Then there's the braking and cornering forces, which will genuinely hurt you if you're not physically conditioned to get behind the wheel of a track scalpel like this. With its made-to-order Pirelli tires (available in soft, medium, hard and wet compounds, of course), carbon fiber suspension wishbones, Ohlins dampers, Hitco carbon discs and carbon brake pads, you're looking at a machine that can generate 4.5 g of braking force, and an eye-watering 4 g of sideways acceleration in high-speed corners. TDF describes the experience as "visceral." I believe you and I would describe it in much more lurid terms were we ever to experience it. We won't, but some will, and these lucky folk will receive not only the car, but a driver training course, complete with simulator time and a pro racer as their tutor. TDF engineers will set the car up to the driver's physical proportions and driving preferences, including a bespoke seat unit, and they'll also receive a set of track spares and flight cases for moving it all around. Owners can also expect invitations to TDF's own drive days at a series of European F1 tracks. One thing's for sure: if you take a TDF-1 to a regular local track day, you are honor-bound to wipe the floor with everyone else present. There will be no excuses, and you will have a mile-wide target on your back. That guy in the Subaru might well be willing to sacrifice his dung heap just on the off chance he can say he overtook you. Such is the price behind the price of owning a machine like this. Beware! Source: Tour de Force
  4. Mercedes-Benz's squat little Unimog trucks have proven their expeditionary prowess yet again with the announcement that a U 5023 truck has set a new altitude record for wheeled vehicles, reaching 6,694 m (21,962 ft) above sea level. The mission: install four emergency radios at high-altitude campsites around the Ojos de Salado in Chile – the tallest active volcano on the planet, summiting at 6,893 m (22,615 ft) and rising out of the Atacama desert. The trucks: a pair of specially prepped Unimogs with extreme off-road tires and big winch units. In order to handle the steep, mountainous terrain without toppling, the trucks were also fitted with a system allowing them to move weight forward and backward to modify the vehicles' centers of gravity. Expedition leader Matthias Jesche broke his own altitude record, which he set in an older Mercedes Zetros in 2014. Getting up that high wasn't strictly necessary for the mission – the team had all four radios installed by the time the Unimogs got up to the Amistad high-altitude camp at 6,100 m (20,013 ft). But, hey, as long as you're there, you might as well take a little time to make history, eh? Frankly, we're impressed that the Unimog's Euro 6-compliant, 4-cylinder gasoline engine was able to breathe up that high. We'd be huffing and puffing at half that altitude. Source: Daimler
  5. Keep it local If you’re an iPhone user who is steadfast about retaining your privacy, you’re probably not very happy about the recent news that Apple is retaining the ability to decrypt most of what’s in an iCloud backup at the request of government entities, such as the FBI. In that case, you may want to pay attention to the adage that sometimes the best ways are the old ways. While it’s more convenient to use iCloud to back up your phone, you can back up your iPhone to your Mac or Windows computer and retain full control of your data backups. If you’ve always backed up via iCloud, or if you haven’t done a local backup in a while, you might be able to use a refresher course. Here’s how you do it. Connect your phone to your computer using its charging cable Fire up iTunes if you’re using Windows or a Mac with a macOS 10.14 or earlier; use Finder on a Mac with macOS 10.15 Catalina If you’re using Finder, open a Finder window (by either clicking on the Finder icon in your dock or selecting “File” > “New Finder Window” in the top Finder menu bar), and look for your iPhone in the left-hand menu under “Locations.” Using Finder to change your backup from iCloud to local. Using Finder to change your backup from iCloud to local. In iTunes, you should see a small iPhone icon in the upper left corner; select that. (If you don’t see it, you may need to authorize your system. Go to the top iTunes menu and select “Account” > “Authorizations” > “Authorize This Computer...” and follow the instructions.) Look for the phone icon in iTunes. Look for the phone icon in iTunes. After that, the process for either iTunes or Finder is much the same, although the look of the pages and the language will be slightly different. Look for the category labeled “Backups.” Select “This computer” (in iTunes) or “Back up all of the data on your iPhone to your Mac” (in Finder). You’re going to want to encrypt your backup for increased security. Check “Encrypt iPhone backup” (in iTunes) or “Encrypt local back” (in Finder) and enter a password. Don’t lose that password; otherwise, you’re going to lose access to your data. Once you set the encryption, it’s probable that the backup will start automatically. Otherwise, click on “Back Up Now.” Using iTunes to change your backup from iCloud to this computer. Using iTunes to change your backup from iCloud to this computer. If you need to restore your backup, just go to the same page and click on “Restore Backup...” Note that you can either manually back up your iPhone, or you can also have it automatically back up each time you connect it to your computer. Look for “Options” just below the “Backups” section, and select “Automatically sync when this iPhone is connected.” Once you’ve set up your backup to your computer, you probably want to delete any backups you’ve made to iCloud. To do this on your Mac: Click on the Apple icon in the top corner of your system Select “System Preferences” > “iCloud” Select the “Manage” button in the lower-right corner of the window Select a backup to delete, and select “Delete.” You’ll be asked to select “Delete” again; this will both delete all your backups from iCloud and turn off any further backups. To do this on your iPhone: Go to “Settings” and tap your name Select “iCloud” > “Manage Storage” > “Backups” Tap on a backup and then on “Delete Backup” Tap on “Turn Off & Delete” One more thing: dealing with iMessage without saving your data to iCloud can get a bit complicated, partly because iMessage uses end-to-end encryption (which means that it needs a key at either end) and partly because iMessage can also use Messages for iCloud, the feature that allows for syncing iMessage between multiple Mac or iOS devices with the same account. We consulted with Apple, and this is basically how it works: If you have iCloud Backup turned on, then your backup includes a copy of the key that protects your messages. This is the most convenient setup. But in this article, we’re assuming that you want to turn iCloud Backup off. If you have iCloud Backup turned off but Messages for iCloud turned on (which you can do on your iPhone by going to Settings, tapping on your name, and selecting “iCloud” > “iMessage”), your messages will be shared among all your devices, but your encryption key will remain local to those devices. According to Apple, that encryption key will not be saved to the company’s servers. If you have both iCloud Backup and Messages for iCloud turned off, then your only backup options will be local.
  6. The fight over 3D-printed guns has gone back and forth for years. One side wins, the other appeals and so on. Now, 21 US attorneys general are banding together to renew the fight and sue the Trump administration. Their lawsuit, submitted Thursday, challenges new federal regulations that could, once again, allow blueprints for making 3D-printed guns to be posted on the internet. The 3D-printed weapons are also known as "ghost guns" because they don't contain registration numbers that could be used to trace them. Opponents fear that if blueprints are shared online, criminals who aren't legally allowed to purchase firearms, might be able to obtain the so-called ghost guns. The battle over 3D-printed guns began in 2013, when the Texas-based company Defense Distributed posted blueprints for a 3D-printed pistol. More than 100,000 copies were downloaded before the US State Department stepped in, ruling that Defense Distributed was violating International Traffic in Arms Regulations. Defense Distributed countered that it had a First Amendment right to post the blueprints online. For a few years, the case bounced between a Texas district court, a US Court of Appeals (both of which denied Defense Distributed's injunction request) and the Supreme Court (which declined to hear the case). That could have been the end, but in 2018, under the Trump administration, the US State Department and Defense Distributed reached a settlement, which allowed Defense Distributed to continue sharing its firearm files. But the debate was far from over. States quickly joined together to sue the Trump administration, arguing that the settlement violated the Administrative Procedure Act and the Tenth Amendment. There was a temporary ban on 3D-printed firearms, then an extension. Meanwhile Defense Distributed used a loophole to share the blueprints with private customers. In November, a Seattle judge overturned the settlement between Defense Distributed and the US State Department because it failed to give a proper explanation and thus violated the federal Administrative Procedure Act. Apparently not ready to give up, yesterday, the Trump administration finalized new rules that transfer the regulation of 3D-printed guns from the Department of State to the Department of Commerce. According to a press release shared by New York AG Letitia James, "loopholes in Commerce regulations mean the agency will lack the power to regulate 3D-printed guns in any meaningful way -- effectively allowing their unlimited distribution." In the lawsuit filed yesterday, the AGs argue that the new rules are unlawful. At this point, it's hard to say if this legislation will be any more successful than the last. The 21 attorneys general involved in the case represent Washington (where the lawsuit was filed) California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia and the District of Columbia.
  7. Clearview has already amassed more than three billion photographs from sites including Facebook and Twitter. They are used by the FBI and Department of Homeland Security and more than 600 other law-enforcement agencies around the world to identify suspects. In a cease-and-desist letter sent on Tuesday, Twitter said its policies had been violated and requested the deletion of any collected data. Twitter's developer agreement policy says: "Information derived from Twitter content may not be used by, or knowingly displayed, distributed, or otherwise made available to any public-sector entity for surveillance purposes." According to the New York Times, the Clearview app includes programming that could pair the images with augmented-reality glasses that would allow users to identify the names and addresses of anyone they saw. 'Dangerous behaviours' US senator Ron Wyden said on Twitter Clearview's activities were "extremely troubling". "Americans have a right to know whether their personal photos are secretly being sucked into a private facial-recognition database," he said. "Every day, we witness a growing need for strong federal laws to protect privacy." Senator Edward J Markey also shared his concerns, in a letter sent to the company, suggesting its technology could "facilitate dangerous behaviours and effectively destroy individuals' ability to go about their lives anonymously". It follows suggestions the European Commission is considering a five-year ban on the use of facial recognition in public areas. Regulators want time to work out how to prevent the technology being abused. Concerns over the use of facial-recognition technology have grown recently, even in China, where the government continues to embrace its uses. Some 74% of Chinese respondents in a recent survey by the Beijing research institute said they wanted the option to be able to use traditional ID methods over the tech to verify their identity.
  8. The cloud contract is worth $10bn over the next 10 years Amazon has asked a court to "pause" Microsoft's work on a multibillion dollar deal to provide cloud services to the US military. Microsoft was awarded the Joint Enterprise Defense Infrastructure (Jedi) contract in October. A month later, Amazon filed a notice in the US Court of Federal Claims, claiming the process had contained deficiencies and "unmistakable bias". It accused President Trump of political interference. Amazon had been the favourite to win the vast contract, which is worth $10bn over the next 10 years. It now wants the deal put on hold until the court rules on its protest. In a statement, Amazon's cloud division Amazon Web Services said: "It is common practice to stay contract performance while a protest is pending, and it's important that the numerous evaluation errors and blatant political interference that impacted the Jedi award decision be reviewed. "AWS is absolutely committed to supporting the Department of Defense's modernisation efforts and to an expeditious legal process that resolves this matter as quickly as possible." In July, President Trump told reporters that he was "getting tremendous complaints" about the possible deal between the Pentagon and Amazon. Previously he had been critical of Amazon and its founder Jeff Bezos - who owns the Washington Post. In a statement at the time the contract was awarded, the Pentagon said that all offers "were treated fairly". Defense Secretary Mark Esper has also rejected the accusations of bias, saying the Pentagon made its choice without external influence. Investment bank Wedbush said it did not think its case will change the decision. "While Amazon will continue to fight this issue in 'Jedi-gate' and possibly drag out the inevitable start of Jedi, we ultimately believe this is a paradigm changer for Microsoft." What is Jedi? The Department of Defense wants to replace its ageing computer networks with a single cloud system. Under the contract, Microsoft will provide artificial intelligence-based analysis and host classified military secrets among other services. It is hoped that Jedi will give the military better access to data and the cloud from battlefields.
  9. What if you could instantly identify every stranger you ever saw? Clearview AI, a small startup that was mostly unknown until a story from The New York Times called it the app to "end privacy as we know it," lets strangers figure out your identity through the quick snap of a single photo. Hundreds of law enforcement agencies, including the FBI, are already using this facial recognition technology, despite bans on the tech in cities like San Francisco. The app uses over three billion images to find a match. These photos were sourced from social media sites and even apps like Venmo. Let's say a random stranger approaches you on the street, snaps a quick photo of you in a public place (which is perfectly legal), uploads the photo to an app, and soon finds your social media profiles. And your Venmo account. And your full name. And your address. That's a privacy disaster any way you slice it—but it's also at the heart of an app called Clearview AI, which The New York Times recently called "The Secretive Company That Might End Privacy as We Know It." It's not just extremely dangerous because stalkers could instantly find people through the app and hound them over social media or even show up at their house, but because hundreds of law enforcement agencies, plus the FBI, are currently using this facial recognition technology, despite the pushback the tech has seen in legislative spaces. In San Francisco, for instance, it's not even legal for law enforcement to use facial recognition. What's more, some security companies even have access to Clearview AI, which sets a dangerous precedent. Clearview AI features a database of over three billion images, which were scraped from websites like Facebook, Twitter, and even Venmo. Other databases pale in comparison, according to marketing materials the company provided to law enforcement agencies. The FBI has a database of 411 million photos, while more local authorities, like the Los Angeles Police Department, only have access to about eight million images. Sure, Clearview AI isn't readily available to the public, and when you visit the company's website, there isn't really much information on the app at all. You have to request access to learn more, let alone use the service. However, both the Times and investors in Clearview AI think that the app will be available for anyone to use in the future. That's frightening, and it's led technology think tanks like Fight for the Future, a nonprofit based in Worcester, Massachusetts, and the Washington, D.C.-based Demand Progress, to call on legislators to take action on facial recognition tech. Even Google Wouldn't Build This When companies like Google—which has received a ton of flack for taking government contracts to work on artificial intelligence solutions—won't even build an app, you know it's going to cause a stir. Back in 2011, former Google Chairman Eric Schmidt said a tool like Clearview AI's app was one of the few pieces of tech that the company wouldn't develop because it could be used "in a very bad way." Facebook, for its part, developed something pretty similar to what Clearview AI offers, but at least had the foresight not to publicly release it. That application, developed between 2015 and 2016, allowed employees to identify colleagues and friends who had enabled facial recognition by pointing their phone cameras at their faces. Since then, the app has been discontinued. Meanwhile, Clearview AI is nowhere near finished. Hidden in the app's code, which the New York Times evaluated, is programming language that could pair the app to augmented reality glasses, meaning that in the future, it's possible we could identify every person we see in real time. Perhaps the silver lining is that we found out about Clearview AI at all. Its public discovery—and accompanying criticism—have led to well-known organizations coming out as staunchly opposed to this kind of tech. Fight for the Future tweeted that "an outright ban" on these AI tools is the only way to fix this privacy issue—not quirky jewelry or sunglasses that can help to protect your identity by confusing surveillance systems. We’ve been tracking facial recognition for some time and thought we’d seen it all. But this story shows our worst fears have become real. It’s time for Congress to act. The Secretive Company That Might End Privacy as We Know It A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says. These fears and disavowals of facial recognition tech come just months after two senators introduced a bipartisan bill to limit how the FBI and the U.S. Immigration and Customs Enforcement agency could use it. "Facial recognition technology can be a powerful tool for law enforcement officials," Mike Lee, a Republican from Utah, said in a statement at the time. "But its very power also makes it ripe for abuse."
  10. It has to move the satellite out of geostationary orbit, where most telecommunication satellites are, ASAP. DirecTV has one month to remove a satellite from geostationary orbit, so it doesn't take other satellites down with it if it ends up exploding. The AT&T-owned TV service fears that its Spaceway-1 satellite (a Boeing 702HP model) might explode due to battery issues that started manifesting in December. According to SpaceNews, DirecTV explained in an FCC filing dated January 19th that an anomaly caused "significant and irreversible thermal damage" to the satellite's batteries. The company already switched the batteries off and has been operating Spaceway-1 using power generated by its solar panels. However, it's expected to pass through Earth's shadow in late February where only batteries can serve as its power source. That's why DirecTV has to send it 300 kilometers above geostationary orbit, at a place where satellites go to die, before February 25th. "The risk of a catastrophic battery failure makes it urgent that Spaceway-1 be fully de-orbited and decommissioned prior to the February 25th start of eclipse season," the company said in a statement. Companies are required to dump their satellites' remaining fuel before decommissioning them to reduce the risk of explosion, but DirecTV asked the FCC for a waiver because it doesn't have enough time to do so. It takes two to three months to dump fuel from similar satellites, especially since DirecTV put in enough for Safeway-1 to stay in service until 2025. That said, it'll at least be in graveyard orbit if it does end up exploding, instead of in geostationary orbit where most telecommunication satellites are. SpaceNews says DirecTV fans don't need to worry, though. No customers were affected (and will presumably be affected) by the event, since Spaceway-1 was merely a backup satellite. Source: SpaceNews, FCC
  11. While pushing for additional access to Apple's devices. Ukrainian-American businessman Lev Parnas arrives for a status hearing at the Manhattan Federal Court in New York, U.S., December 2, 2019. Jefferson Siegel / Reuters While the Department of Justice, US attorney general and even the president continue to pressure Apple for additional technical support in unlocking iPhones tied to the naval base shooting in December, a letter reveals that the FBI recently cracked a password-protected iPhone 11. That phone belonged to Lev Parnas, an associate of the president's lawyer Rudy Giuliani, who has been indicted on charges of violating straw and foreign donor bans to illegally funnel money into US elections. A letter from government lawyers to the judge indicated that the FBI spent two months unlocking the defendant's iPhone 11. Last week Motherboard reported on text messages and notes that appeared to have been pulled from the iPhone using forensics software from Cellebrite. It appears, that, similar to the case of the San Bernardino shooting a few years ago, the government has access to tools that will allow them to pull data from an iPhone, but is requesting additional help and some sort of backdoor access directly from Apple.
  12. If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers. According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019. In a blog post, Microsoft confirmed that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019. Microsoft also said that the database was redacted using automated tools to remove the personally identifiable information of most customers, except in some scenarios where the information was not the standard format. "Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices," Microsoft said. However, according to Diachenko, many records in the leaked database contained readable data on customers, including their: email addresses, IP addresses, Locations, Descriptions of CSS claims and cases, Microsoft support agent emails, Case numbers, resolutions, and remarks, Internal notes marked as "confidential." "This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services," Microsoft said. By having real sensitive case information and email addresses of affected customers in hand, the leaked data could be abused by tech-support scammers to trick users into paying for non-existent computer problems by impersonating Microsoft support representatives. "The absence of Personally Identifiable Information in the dump is irrelevant here, given that technical support logs frequently expose VIP clients, their internal systems and network configurations, and even passwords. The data is a gold mine for patient criminals aiming to breach large organizations and governments," COO of ImmuniWeb Ekaterina Khrustaleva said. "Worse, many large companies and not only Microsoft have lost visibility of their external attack surface, exposing their clients and partners to significant risks. We will likely see a multitude of similar incidents in 2020." KnowBe4's Data-Driven Defense Evangelist Roger Grimes also shared his comment and experience saying: "Having worked for Microsoft for 15 years, 11 years as a full-time employee, I've seen firsthand how much they try to fight scenarios like this. There are multiple layers of controls and education designed to stop it from happening. And it shows you how hard it is to prevent it 100% of the time. Nothing is perfect. Mistakes and leaks happen. Every organization has overly permissive permissions. Every! It's just a matter of if someone outside the organization discovers it or if someone takes advantage of it." "In this case, as bad as it is, it was discovered by someone who didn't do malicious things with it. Sure, the data, sitting unprotected, could have also been used by the bad guys, but so far, no one has made that case or provided evidence that it has been used maliciously," Grimes added. "Anyone can have a mistake. The most important question is how the mistake happened and how to prevent it from happening next time, and if any others could have happened from the same set of circumstances." As a result of this incident, the company said it began notifying impacted customers whose data was present in the exposed Customer Service and Support database.
  13. Lockheed Martin has been awarded US$31.9 million by DARPA for further development of a ground-launched, mobile, hypersonic missile system. The contract will allow the defense company to begin the Operational Fires (OpFires) Phase 3 Weapon System Integration program for the boost-to-glide weapon system. With their ability to make controlled flight at five times the speed of sound at the edge of space, hypersonic weapons have the potential to be as big a military game-changer as the introduction of jet propulsion was after the Second World War. A missile flying at such speeds could penetrate and outrun any air defense system currently deployed while providing commanders with unprecedented abilities to strike with new speeds, range, flexibility, and precision. The new contract, which involves Lockheed, DARPA, and the US Army, will draw on Lockheed's three decades of hypersonic missile development, combined with DARPA's work on new hypersonic propulsion systems and boost-glide technologies. Lockheed is tasked with taking the present design based on initial requirements and taking it through the Critical Design Review (CDR) in late 2021. This will be followed by component and subsystem tests in the same year and integrated flight tests in 2022. "The OpFires missile is critical to providing the US Army with a highly maneuverable and rapid response solution capable of operating from unpredictable land-launch positions to suppress hostile threats," says Hady Mourad, director of Tactical and Strike Missiles Advanced Programs at Lockheed Martin Missiles and Fire Control. "Lockheed Martin will deliver the prototype missiles utilizing the experienced production teams that currently produce the ATACMS, GMLRS and PAC-3 missile systems in Camden, Arkansas." Source: Lockheed Martin
  14. Saskatchewan Cancer Agency officials say they disconnected from the eHealth network after learning of the hack. A ransomware attack on the computer system that stores confidential medical data for Saskatchewan residents ended up affecting almost 40 patients getting cancer treatment in Saskatoon and Regina. The attack on eHealth Saskatchewan began Jan. 6. Antivirus software immediately began sending alerts to staff. When eHealth officials attempted to open files on affected servers they received a message that the files had been encrypted and would remain inaccessible until a payment was made. The Saskatchewan Cancer Agency oversees the two cancer clinics in Saskatoon and Regina. It disconnected from the eHealth network after learning of the assault on the system. While the move served to protect patient data, it also meant that staff could not immediately access provincial lab results, imaging pathology and pharmacy and medical information. eHealth hit by ransomware attack but personal health data is secure, says CEO The clinics have contingency plans for when the electronic records are not accessible but it took time to co-ordinate retrieving the information. As a result, 31 patients booked for radiation and another six with chemotherapy appointments had their treatment delayed by between 24 and 48 hours. Each patient was given a personal explanation and apology for the delay and inconvenience, officials with Saskatchewan Cancer Agency said in an emailed statement. Since then the agency fully reconnected with the eHealth network.
  15. To be able to develop unmanned aerial systems (UAS) more maneuverable than current models, roboticists are drawing inspiration from birds. A team of researchers from Stanford University's Lentink Lab, for instance, has built a robotic pigeon aptly called PigeonBot, which can bend, extend and simply change the shape of its wings like real birds can. Machines that can move their wings like real birds can make tighter turns in smaller spaces and can better navigate rougher winds, Dario Floreano, a roboticist from the Swiss Federal Institute of Technology Lausanne, told ScienceNews. "Birds can dynamically alter the shape of their wings during flight, although how this is accomplished is poorly understood," the researchers wrote in one of the studies they published. So, they used dead pigeons to study how birds bend and extend their wings to change their shape. What they found was that the angle of a bird's wrist and finger determines the alignment of its flight feathers and, hence, the shape of its wings. It's by pulling their wrist and finger together or spreading them apart that pigeons can manage tight turns and fly through turbulence. The researchers then used that knowledge to build a remote-controlled robotic pigeon -- they even used real feathers for the machine. Scientists could use the machine to study bird flight. Any future findings can then be used to build even better drones that can reach places and fly in conditions more standard unmanned flying systems can't.