×

Submission + - China Starts Operating First 4th-generation Reactor, Readying Giant Nuclear Ship (reuters.com)

Submitted by hackingbear
hackingbear writes: China has started commercial operations at a new generation nuclear reactor that is the first of its kind in the world, state media said on Dec 5. Compared with previous reactors, the fourth generation Shidaowan plant, a modular 200 megawatt (MW) high-temperature, gas-cooled reactor (HTGCR) plant developed jointly by state-run utility Huaneng, Tsinghua University and China National Nuclear Corporation, is designed to use fuel more efficiently and improve its economics, safety and environmental footprint as China turns to nuclear power to try to meet carbon emissions goals. In a related development, Shanghai-based Jiangnan Shipyard has unveiled a design for an innovative new giant container ship — with a load capacity starting at 24,000 standard containers — powered by a thorium molten-salt nuclear reactor, an alternative 4th gen design. “The new ship model uses nuclear energy as a clean energy source and adopts an internationally advanced fourth-generation molten salt reactor solution. The proposed design of super-large nuclear container ships will truly achieve ‘zero emissions’ during the operation cycle of this type of ship,” the journal Marine Time China said in its official WeChat account. Shipbuilders from Japan, the United States, South Korea, and Europe have come up with similar designs but none of these countries has a modern and reliable operating reactor to make the design a reality. But China has carried on and, earlier this year, got the first thorium-based molten salt reactor, which needs little amount of water to cool down, making it safer and more efficient, up and running in the Gobi desert.

Submission + - Verizon gave confidential phone data to stalker (404media.co)

Submitted by Slash_Account_Dot
Slash_Account_Dot writes: The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person that the suspect met on the dating section of porn site xHamster, according to a newly unsealed court record. Despite the relatively unconvincing cover story concocted by the suspect, including the use of a clearly non-government ProtonMail email address, Verizon handed over the victim’s data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife, according to the record.
The news is a massive failure by Verizon who did not verify that the data request was fraudulent, and the company potentially put someone’s safety at risk. The news also highlights the now common use of fraudulent emergency data requests (EDRs) or search warrants in the digital underworld, where criminals pretend to be law enforcement officers, fabricate an urgent scenario such as a kidnapping, and then convince telecoms or tech companies to hand over data that should only be accessible through legitimate law enforcement requests. As 404 Media previously reported, some hackers are using compromised government email accounts for this purpose.

Submission + - Leaked Document Offers Glimpse Into How Amazon Amasses Influence 1

Submitted by theodp
theodp writes: "Faced with community resistance to the building of new warehouses in the Inland Empire [a 27,000 square-mile region of Southern California]," the LA Times reports, "Amazon has honed a strategy of cultivating local nonprofits and politicians, according to a leaked document. [...] The leaked document reveals an extensive public relations strategy by Amazon to donate to community groups, school districts, institutions and charities in the Inland Empire and support sympathetic politicians to burnish the company’s reputation and ensure it is seen as 'the most trusted community and business partner in the Southern California area,' according to the plan."

Among the 'third party advocates" Amazon boasts of cultivating into "our vocal champions" in the document is the Rialto Unified School District, which counts on the Amazon Future Engineer philanthropic education initiative to provide students with computer science education.. Amazon often plays the Amazon Future Engineer philanthropy card to counter political and community opposition, including in its New York City and Virginia HQ2 efforts. And in 2020, Amazon CEO Jeff Bezos curiously brought up Amazon Future Engineer as he countered criticism of the company in his House antitrust subcommittee testimony.

Submission + - Signal App Facing Collapse After CIA Cuts Funding (substack.com) 1

Submitted by SonicSpike
SonicSpike writes: Signal's origins as a US government asset are a matter of extensive public record, even if the scope and scale of the funding provided has until now been secret. The app, brainchild of shadowy tech guru ‘Moxie Marlinspike’ (real name Matthew Rosenfeld), was launched in 2013 by his now-defunct Open Whisper Systems (OWS). The company never published financial statements or disclosed the identities of its funders at any point during its operation.

Sums involved in developing, launching and running a messaging app used by countless people globally were nonetheless surely significant. The newly-published financial records indicate Signal’s operating costs for 2023 alone are $40 million, and projected to rise to $50 million by 2025. Rosenfeld boasted in 2018 that OWS “never [took] VC funding or sought investment” at any point, although mysteriously failed to mention millions were provided by Open Technology Fund (OTF)."

Submission + - Restoring a 1986 DEC PDP/11 Minicomputer - Will it boot?? (youtube.com) 1

Submitted by Shayde
Shayde writes: I've been working on a PDP/11 I basically got as a 'barn find' from an estate sale a year ago. The project has absolutely had it's ups and downs, as the knowledgebase for these machines is aging quickly. I'm hoping to restore my own expertise with this build, but it's been challenging finding parts, technical details, and just plain information.

I leaned pretty heavily on the folks at the Vintage Computing Federation (vcfed.org), as well as connections I've made in the industry — and made some great progress.

The latest chapter in how it's going was just posted, check it out if you're keen on retrocomputing and old minicomputers and DEC gear.

Submission + - UEFI bugs allow all security to be bypassed (arstechnica.com)

Submitted by jd
jd writes: Researchers have identified a large number of bugs to do with the processing of images at boot time. This allows malicious code to be installed undetectably (since the image doesn't have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack.

From TFA: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.

The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

“Once arbitrary code execution is achieved during the DXE phase, it’s game over for platform security,” researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. “From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started.”

From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device—a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June—runs standard firmware defenses, including Secure Boot and Intel Boot Guard.

Submission + - Amazon's Strict Return-to-office Policy Is Pushing More Employees Into Quitting (techspot.com) 1

Submitted by jjslash
jjslash writes: Are you among the many individuals strongly opposed to returning to the office, to the point where you would prefer quitting your job rather than going back? It's an issue several companies are facing, but Amazon appears to be particularly prone to losing staff over its RTO policy, though it doesn't seem willing to do anything about it:

Ending a policy of allowing employees to work from home full-time is always a contentious move by companies, but none have faced as much pushback as Amazon. The original announcement resulted in an employee petition in February, which was resoundingly rejected, and it was one of the reasons behind a walkout later in the year.

Adding fuel to the fire is another Amazon policy introduced in July that requires some corporate workers to relocate to other cities near their teams' "hub" offices – central locations assigned to each individual team.

Submission + - Polish train manufacturer DRM's trains (hackerspace.pl) 2

Submitted by Askmum
Askmum writes: Polish train manufacturer NEWAG has put DRM in the software of their trains which detects if a train has been serviced at a third party site and which will lock the train, preventing it from being used, giving bogus error codes. An unlock procedure was present in the software but has been subsequently removed.

Submission + - People Who Complied with COVID Restrictions Suffer More Mental Health Issues (westernjournal.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: A recent study conducted by a university in the United Kingdom found that individuals who fully complied with COVID-19 measures are more likely to suffer from lingering mental health issues than those who resisted government mandates and viewed such orders with skepticism.

The findings might be the least surprising bit of post-pandemic data out there.

But they are nonetheless hard data for individuals who desired to make their own health choices during the madness of the pandemic era and were vilified for doing so.

Meanwhile, that person you might still see today wearing a mask in public — four years after the outbreak began — could need help, according to a study sanctioned by Bangor University in Wales.

Submission + - Bruce Schneier: 'We Are About To Enter the Era of Mass Spying' (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering barriers to spying activities that currently require human labor. In the piece, Schneier notes that the existing landscape of electronic surveillance has already transformed the modern era, becoming the business model of the Internet, where our digital footprints are constantly tracked and analyzed for commercial reasons.

Spying, by contrast, can take that kind of economically inspired monitoring to a completely new level: "Spying and surveillance are different but related things," Schneier writes. "If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did." Schneier says that current spying methods, like phone tapping or physical surveillance, are labor-intensive, but the advent of AI significantly reduces this constraint. Generative AI systems are increasingly adept at summarizing lengthy conversations and sifting through massive datasets to organize and extract relevant information. This capability, he argues, will not only make spying more accessible but also more comprehensive. "This spying is not limited to conversations on our phones or computers," Schneier writes. "Just as cameras everywhere fueled mass surveillance, microphones everywhere will fuel mass spying. Siri and Alexa and 'Hey, Google' are already always listening; the conversations just aren’t being saved yet." [...]

In his editorial, Schneier raises concerns about the chilling effect that mass spying could have on society, cautioning that the knowledge of being under constant surveillance may lead individuals to alter their behavior, engage in self-censorship, and conform to perceived norms, ultimately stifling free expression and personal privacy. So what can people do about it? Anyone seeking protection from this type of mass spying will likely need to look toward government regulation to keep it in check since commercial pressures often trump technological safety and ethics. [...] Schneier isn't optimistic on that front, however, closing with the line, "We could prohibit mass spying. We could pass strong data-privacy rules. But we haven’t done anything to limit mass surveillance. Why would spying be any different?" It's a thought-provoking piece, and you can read the entire thing on Slate.

Submission + - "No evidence of Sellafield nuclear site hacking" says Britain (reuters.com)

Submitted by mccalli
mccalli writes: As a follow-up to yesterday's story alleging Sellafield nuclear processing facility has been hacked, the UK Government has refuted the allegations. In addition, they also state that this information "...was confirmed to the Guardian well in advance of publication, along with rebuttals to a number of other inaccuracies in their reporting.".

That said, they do not report a rosy picture, also stating that "...Sellafield was currently not meeting certain high standards of cyber security it required, adding that it had placed the plant under significantly enhanced attention."

Submission + - Code.org's Tech Backers, Not Teachers, Produce Signature Hour of Code Lessons

Submitted by theodp
theodp writes: Organized by tech-backed Code.org, the nation's 11th annual Hour of Code kicked off Monday with its signature tutorials for K-12 students again created by the nonprofit's tech giant supporters, not by teachers. It's ironic that after 11 years, educators haven't had success in creating widely-used content for what's touted as "The Largest Learning Event in History".

For this year's event, Amazon has created an AI-themed retread ("use emojis as AI prompts to generate visual effects!") of its 2018-2022 Dance Party Hour of Code tutorials, which is hosted by Amazon Music's Head of Machine Learning ("I lead the team at Amazon Music that helps you find your favorite songs!"), features songs from Amazon Music Artists, and includes a product placement cameo by Alexa. Microsoft is also back this year with an AI-themed sequel to their 2015-2022 Microsoft Minecraft Hour of Code tutorials (Microsoft boasted that 31 million schoolchildren spent their 2015 "Hour of Code" playing Minecraft).

As he kicked off the inaugural Hour of Code in 2013, President Obama urged children to learn to program ("Don't just play on your phone; program it!"). Eleven years later, should President Biden urge the nation's 100,000+ K-12 CS teachers (most Code.org-trained) to learn to create programming tutorials for their students? And perhaps also urge the tech giants to create lesson authoring languages and provide hosting services to enable teachers to compete with the tech giant-produced and self-Cloud-hosted Hour of Code 'infomercials'?

Submission + - Cicadas Are So Loud, Fiber Optic Cables Can 'Hear' Them (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: One of the world’s most peculiar test beds stretches above Princeton, New Jersey. It’s a fiber optic cable strung between three utility poles that then runs underground before feeding into an “interrogator.” This device fires a laser through the cable and analyzes the light that bounces back. It can pick up tiny perturbations in that light caused by seismic activity or even loud sounds, like from a passing ambulance. It’s a newfangled technique known as distributed acoustic sensing, or DAS. Because DAS can track seismicity, other scientists areincreasingly using it to monitor earthquakesandvolcanic activity. (A buried system is so sensitive, in fact, that it candetect people walking and driving above.) But the scientists in Princeton just stumbled upon a rather noisier use of the technology.

In the spring of 2021, Sarper Ozharar—a physicist at NEC Laboratories, which operates the Princeton test bed—noticeda strange signal in the DAS data. “We realized there were some weird things happening,” says Ozharar. “Something that shouldn’t be there. There was a distinct frequency buzzing everywhere.” The team suspected the “something” wasn’t a rumbling volcano—not inNew Jersey—but the cacophony of the giant swarm of cicadas that had just emerged from underground, a populationknown as Brood X. A colleague suggested reaching out to Jessica Ware, an entomologist and cicada expert at the American Museum of Natural History, to confirm it. “I had been observing the cicadas and had gone around Princeton because we were collecting them for biological samples,” says Ware. “So when Sarper and the team showed that you could actuallyhearthe volume of the cicadas, and it kind of matched their patterns, I was really excited.”

Add insects to the quickly growing list of things DAS can spy on. Thanks to some specialized anatomy, cicadas are the loudest insects on the planet, but all sorts of other six-legged species make a lot of noise, like crickets and grasshoppers. With fiber optic cables, entomologists might have stumbled upon a powerful new way to cheaply and constantly listen in on species—from afar. “Part of the challenge that we face in a time when there’s insect decline is that we still need to collect data about what population sizes are, and what insects are where,” says Ware. “Once we are able to familiarize ourselves with what’s possible with this type of remote sensing, I think we can be really creative.”

Slashdot Top Deals