Mystery of secret note hidden in 1888 woman’s silk dress finally solved by a codebreaker
Read "Mystery of secret note hidden in 1888 woman’s silk dress finally solved by a codebreaker" on SmartNews: https://l.smartnews.com/p-wv6yY/mJL6l3 Yahoo Mail: Search, Organize, Conquer
Mysterious Words Found on Note Hidden in 1890s Dress May Have Been Secret Code
Read "Mysterious Words Found on Note Hidden in 1890s Dress May Have Been Secret Code" on SmartNews: https://l.smartnews.com/p-Kz4dp/XCjPtx
Dems pass new law requiring a 'kill switch' in all new vehicles sold after 2026
Read "Dems pass new law requiring a ‘kill switch’ in all new vehicles sold after 2026" on SmartNews: https://l.smartnews.com/p-LHKKH/tb2tun
AI translates 5,000-year-old cuneiform tablets into English
Read "AI translates 5,000-year-old cuneiform tablets into English" on SmartNews: https://l.smartnews.com/p-KoQ83/L3dODA Jim Bell's note:Such writing can be considered a code or cipher, although its meaning was not intended to be concealed at the time of its writing.
Re: Cypherpunks Ethics
That sounds very interesting. I will have to read it. On Sun, Sep 10, 2023 at 10:48 AM, John Young wrote: "Cypherpunks Ethics," a book published in 2022, offers a comprehensive view of the group's formation and evolution, with focus on Tim May's "Crypto-Anarchy" and Julian Assange's "Crypto-Justice." "After presenting a genealogy of cypherpunk platforms—including Timothy May’s BlackNet, Jim Bell’s Assassination Politics, Ross Ulbricht’s Silk Road, and John Young’s Cryptome—it discusses the two central functions of Julian Assange’s WikiLeaks." Cypherpunk ethics is a moral worldview of the cypherpunks, a movement that advocates the use of strong digital cryptography to defend individual privacy and promote institutional transparency in the digital age. The movement is rooted in two competing paradigms of cypherpunk philosophy: crypto anarchy and crypto justice. The former advocates for the use of cryptography to create a stateless society, while the latter seeks to use cryptography to promote social justice and protect human rights. The movement has implications for a range of contemporary moral issues, including surveillance, privacy, whistleblowing, cryptocurrencies, journalism, democracy, censorship, intellectual property, and power. If you want to learn more about cypherpunk ethics, you can read Patrick D. Anderson’s book “Cypherpunk Ethics: Radical Ethics for the Digital Age” (https://www.taylorfrancis.com/books/mono/10.4324/9781003220534/cypherpunk-ethics-patrick-anderson)
Re: Jim Bell 1995 Posts and More
Very interesting On Fri, Sep 8, 2023 at 12:03 PM, pro2...@yahoo.com.au wrote: Thanks John Proves if there was a vast conspiracy to hide those emails, it failed. Thank you very much! Oh, and while you're here, perhaps a small favor? A mirror of " The CJ files " - I have a copy if yours has followed Gregs into oblivion. Thanks in advance! Matt.
Why are SanDisk Wiping People's Information?
https://nofilmschool.com/sandisk-erasing-issue
Phys.org: Scientists design novel nonlinear circuit to harvest clean power using graphene
https://phys.org/news/2023-08-scientists-nonlinear-circuit-harvest-power.html
Windows Central: ULTRARAM could change the PC landscape forever
https://www.windowscentral.com/hardware/cpu-gpu-components/ultraram-could-potentially-revolutionize-the-pc-landscape-as-we-know-it
Ars Technica: SanDisk Extreme SSDs are “worthless,” multiple lawsuits against WD say
https://arstechnica.com/gadgets/2023/08/sandisk-extreme-ssds-are-worthless-multiple-lawsuits-against-wd-say/
Ars Technica: Google announces new algorithm that makes FIDO encryption safe from quantum computers
https://arstechnica.com/security/2023/08/passkeys-are-great-but-not-safe-from-quantum-computers-dilithium-could-change-that/
Pi formula
Read "Formula Calculates Any Digit Of Pi, Nobody Noticed For Centuries" on SmartNews: https://l.smartnews.com/p-NFxsZ/FSO79I
ULTRARAM may be a silly name but it's the holy grail for memory tech and means your PC could hibernate for over 1,000 years
: ULTRARAM may be a silly name but it's the holy grail for memory tech and means your PC could hibernate for over 1,000 years https://share.newsbreak.com/4ovo7rns
Intel Downfall: Severe flaw in billions of CPUs leaks passwords, more | PCWorld
https://www.pcworld.com/article/2025589/downfall-serious-security-vulnerability-in-billions-of-intel-cpus-how-to-protect-yourself.html
AnandTech: Kioxia's CD8P SSD Unveiled: Up to 30.72 TB, PCI 5.0 x4 Interface
30 terabytes. A million times larger than the biggest I ever sold, in 1992. 31 years ago. Inventor of the SSD, 1980. 43 years ago.Jim Bell, SemiDisk Systemshttps://www.anandtech.com/show/19998/kioxias-cd8p-ssd-unveiled-up-to-3072-tb-pci-50-x4-interface
CoinDesk: SEC Asked Coinbase to Stop Trading in all Cryptocurrencies Other Than Bitcoin Before Suing: Report
https://www.coindesk.com/policy/2023/07/31/sec-asked-coinbase-to-stop-trading-in-all-cryptocurrencies-other-than-bitcoin-before-suing-report/
Re: Cryptocurrency: Superconductor Mining Chips... First To Fab, First To Profit, FTW
That report of a room-temp, ambient pressure superconductor is amazing Jim Bell On Wed, Jul 26, 2023 at 2:52 PM, grarpamp wrote: Superconductors, Aliens, AI, Genetic Compilers, Quantum... Singularity. https://arxiv.org/pdf/2307.12008.pdf https://arxiv.org/pdf/2307.12037.pdf For the first time in the world, we succeeded in synthesizing the room-temperature superconductor (Tc 400 K, 127 oC) working at ambient pressure with a modified lead-apatite (LK-99) structure. A material called LK-99®, a modified-lead apatite crystal structure with the composition (Pb10-xCux(PO4)6O (0.9
BBC News: The tech flaw that lets hackers control surveillance cameras
BBC News - The tech flaw that lets hackers control surveillance cameras https://www.bbc.co.uk/news/technology-65975446
Re: My apologies to Professor Rat, although I don't recall what I did years ago.
I think I should provide some context to what I've previously said. It occurred to me that I should actively attempt a little peace, and who knows maybe even a reconciliation with Professor Rat. Or, at least, offer a mutual 'detente', a word from the 1970's, describing a lessening of that era's tensions during the Cold War. Use a little respect and tolerance, which we should all be able to give. The results, you saw, but at least I tried. Nothing ventured, nothing gained, as they say. No reason to regret the attempt. The Cypherpunks list always had a very good reason to exist. And it can still do that, today, as long as we try.
Re: My apologies to Professor Rat, although I don't recall what I did years ago.
On Fri, Sep 2, 2022 at 2:57 PM, professor rat wrote:Nothing personal Gym - its business - that's all And going by your receptions in Prague and Acapulco I might even be doing you a favor. Some things only your friends will tell you. As for the politics - if the Right don't kill you for being a Left-anarchist provocateur ( deviationist ) the Left will kill you for your Right opportunism - but you claimed you knew this going in. That your last best hope was virality. Lately all you blabber about is Black Box solutions and quantum FUD. Have you had your cognition tested lately? Maybe you're overdue to join dear old Mom and Dad. Goodnight - and may your Anarcopulco God go with you. On Fri, Sep 2, 2022 at 2:57 PM, professor rat wrote: "the Left will kill you for your Right opportunism - but you claimed you knew this going in." Okay, I don't quite remember the conversation, it may have been years. But yes, everything seems to turn into a "political" dispute, especially these days. Every faction has its enthusiastic opponents. BTW, my references to quantum have nothing to do with politics:. It is just that for years, we have seen it said that quantum techniques may help break RSA. While that might not happen for a decade or longer, messages generated today may be recorded and vulnerable later. ('Venona') So there should be pressure to replace RSA with 'quantum resistant' algorithms. Fortunately, they exist or are being developed.
My apologies to Professor Rat, although I don't recall what I did years ago.
For the last few years, I've seen negative comments by Professor Rat, against me. I have been perplexed. Well, the saying "bury the hatchet" comes to mind. I don't think I've ever said a word against you. If I did something wrong, again I apologize. Perhaps I crossed an 'invisible line' at some point. MAYBE this started back about 2017 (?) when I attended the Anarchapulco conference. I was not aware of any problem with going. It has been so long, 5 years, so I don't recall if announced my intention on the CP list, or recall getting any negative feedback. I do rather little ideological discussion on the Internet. I don't understand the intricacies of alternative politics. (Nor non-alternative politics, either.) My understanding was that Anarchapulco was, in large part, a meeting for the discussion of crypto-currencies, so I went primarily for that purpose, and to visit an interesting prominent destination. I was invited to go, so I did. I didn't see any harm at the time. Generally, I go when I am invited, and so far quite rarely. I don't seek out such events, and never have. So, having not intended to offend you, I have been and remain very, very sorry. Could you accept these apologies? Peace. Jim Bell
The Hill: The mother of all ‘zero-days’ — immortal flaws in semiconductor chips
The Hill: The mother of all ‘zero-days’ — immortal flaws in semiconductor chips. https://thehill.com/opinion/cybersecurity/3617715-the-mother-of-all-zero-days-immortal-flaws-in-semiconductor-chips/ The CHIPS Act of 2022 was signed into law on Aug. 9. It provides tens of billions of dollars in public support for revitalization of domestic semiconductor manufacturing, workforce training, and “leap ahead” wireless technology. Because we outsource most of our device fabrication — including the chips that go into the Navy’s submarines and ships, the Army’s jeeps and tanks, military drones and satellites — our industrial base has become weak and shallow. The first order of business for the CHIPS Act is to address a serious deficit in our domestic production capacity. Notoriously absent from the language of the bill is any mention of chip security. Consequently, the U.S. is about to make the same mistake with microelectronics that we made with digital networks and software applications: Unless and until the government demands in-device security, our competitors will have an easy time of manipulating how chips function and behave. Nowhere is this more dangerous than our national security infrastructure. For the first quarter-century of ubiquitous internet access, policy makers and industry leaders did not imagine — literally could not conceive — a deliberate electronic intrusion from an ideological adversary. Now they hit us almost at will. Deterrence has proven to be an obviously insufficient policy alternative. Western civil societies — our power stations, waste processing facilities, and hospitals — are paying a heavy price for their porous defenses and cyber naivete. Every chip starts life as a software program before it is fabricated, mostly in Asia, and mostly in Taiwan, into a chip. The process that transforms design code into “sand in the hand” silicon is just as vulnerable today as consumer applications were in the early 2010s, and for all the same reasons. The impact is deeper and more penetrating because once a chip is compromised, it is nearly impossible to patch. It might be in space or under an ocean. Our enemies know this too.
Satellite Quantum key distribution.
https://phys.org/news/2022-08-compact-qkd-paves-cost-effective-satellite-based.html Researchers experimentally demonstrated a space-to-ground QKD network using a compact QKD terminal aboard the Chinese Space Lab Tiangong-2 and four ground stations. Credit: Cheng-Zhi Peng, University of Science and Technology of China Researchers report an experimental demonstration of a space-to-ground quantum key distribution (QKD) network using a compact QKD terminal aboard the Chinese Space Lab Tiangong-2 and four ground stations. The new QKD system is less than half the weight of the system the researchers developed for the Micius satellite, which was used to perform the world's first quantum-encrypted virtual teleconference.The demonstration represents an important step toward practical QKD based on constellations of small satellites, a setup considered one of the most promising routes to creating a global quantum communication network. "QKD offers unconditional security by using single photons to encode information between two distant terminals," said research team member Cheng-Zhi Peng from the University of Science and Technology of China. "The compact system we developed can reduce the cost of implementing QKD by making it possible to use small satellites." Peng and researchers from other institutions in China describe their new system and experimental results in Optica. They also found that QKD performance can be boosted by building a network of satellites orbiting at different angles, or inclinations, in relation to the equator. "Our new work demonstrates the feasibility of a space-ground QKD network based on a compact satellite payload combined with constellations of satellites with different orbit types," said Peng. "In the near future, this type of QKD system could be used in applications that require high security such as government affairs, diplomacy and finance." The researchers created the compact payload—shown here in ground experiments— that allowed the Tiangong-2 Space Lab to act as a satellite QKD terminal. It included a tracking system, QKD transmitter and a laser communication transmitter. Credit: Cheng-Zhi Peng, University of Science and Technology of China Shrinking the QKD system QKD uses the quantum properties of light to generate secure random keys for encrypting and decrypting data. In previous work, the research group demonstrated satellite-to-ground QKD and satellite-relayed intercontinental quantum networks using the Micius satellite. However, the QKD system used aboard that satellite was bulky and expensive. About the size of a large refrigerator, the system weighed around 130 kg and required 130 W of power. As part of China's quantum constellation plan, the researchers sought to develop and demonstrate a more practical space-ground QKD network. To do this, they developed a compact payload that allowed the Tiangong-2 Space Lab to act as a satellite QKD terminal. The QKD payload—consisting of a tracking system, QKD transmitter and a laser communication transmitter—weighed around 60 kg, required 80 W of power and measured about the size of two microwave ovens."This payload was as integrated as possible to reduce volume, weight and cost while achieving the high performance necessary to support space-to-ground QKD experiments," said Peng. "It also had to be very durable to withstand harsh conditions such as the severe vibration experienced during launch and the extreme thermal vacuum environment of space." The researchers performed a total of 19 QKD experiments during which secure keys were successfully distributed between the Space Lab terminal and four ground stations on 15 different days between October 2018 and February 2019. These experiments were conducted at night to avoid the influence of daylight background noise. The researchers found that the medium (~42°) inclination orbit of the space lab allowed multiple passes over a single ground station in one night, which increased the number of keys that could be generated. They also built a model to compare the performance of satellite-based QKD networks with different orbit types. They found that combining satellites with a medium-inclination orbit like the space lab with a sun-synchronous orbit that travels over the polar regions achieved the best performance. Satellite-based QKD transmission could be used to create a highly secure global quantum communication network. Credit: Cheng-Zhi Peng, University of Science and Technology of China Next steps The researchers are now working to improve their QKD system by increasing the speed and performance of the QKD system, reducing cost, and exploring the feasibility of daytime satellite-to-ground QKD transmission. "These improvements would allow a practical quantum constellation to be created by launching multiple low-orbit satellites," said Peng. "The constellation could be combined with a medium-to-high-orbit quantum satellit
Re: Anti War: Thread
On Fri, Jul 15, 2022 at 12:53 AM, grarpamp wrote:https://nitter.net/pic/media%2FFXVNIJgXwAAUV-F.jpg Ukrainians are selling WEAPONS on the BLACK MARKET! Javelin, NLAW and AT4 launchers are for sale by Ukrainian arms dealers. Ukrainian generals and soldiers are underpaid and sell US and UK weapons on the black market. Every wannabe terrorist can now destroy civilian aircraft and kill hundreds for just $20k. I suppose it should be possible to geo-limit these weapons to prevent them from being used outside a pre-defined area.
IEEE Spectrum: “Quantum-Safe” Crypto Hacked by 10-Year-Old PC
IEEE Spectrum: “Quantum-Safe” Crypto Hacked by 10-Year-Old PC. https://spectrum.ieee.org/quantum-safe-encryption-hacked Future quantum computers may rapidly break modern cryptography. Now researchers find that a promising algorithm designed to protect computers from these advanced attacks could get broken in just 4 minutes. And the catch is that 4-minute time stamp was not achieved by a cutting-edge machine but by a regular 10-year-old desktop computer. This latest, surprising defeat highlights the many hurdles postquantum cryptography will need to clear before adoption, researchers say. In theory, quantum computers can quickly solve problems it might take classical computers untold eons to solve. For example, much of modern cryptography relies on the extreme difficulty that classical computers face when it comes to mathematical problems such as factoring huge numbers. However, quantum computers can in principle run algorithms that can rapidly crack such encryption. To stay ahead of this quantum threat, cryptographers around the world have spent the past two decades designing postquantum cryptography (PQC) algorithms. These are based on new mathematical problems that both quantum and classical computers find difficult to solve. “What is most surprising is that the attack seemingly came out of nowhere.” —Jonathan Katz, University of Maryland at College Park For years, researchers at organizations such as the National Institute of Standards and Technology (NIST) have been investigating which PQC algorithms should become the new standards the world should adopt. NIST announced it was seeking candidate PQC algorithms in 2016, and received 82 submissions in 2017. In July, after three rounds of review, NIST announced four algorithms that would become standards, and four more would enter another round of review as possible additional contenders.
Tom's Hardware: Tachyum Submits Bid to Build 20 Exaflops Supercomputer
Tom's Hardware: Tachyum Submits Bid to Build 20 Exaflops Supercomputer. https://www.tomshardware.com/news/tachyum-submits-bid-to-build-20-exaflops-supercomputer "Tachyum on Tuesday said that it had submitted a bid to the Department of Energy to build a 20 exaflops supercomputer in 2025. The machine would be based on the company's next-generation Prodigy processors featuring a proprietary microarchitecture that can be used for different types of workloads. "The U.S. DoE wants a 20 exaflops supercomputer with a 20MW–60MW power consumption to be delivered by 2025. The system is set to be installed at Oak Ridge National Laboratory (ORNL) and will complement the lab's Frontier system that went online earlier this year. "Tachyum does not disclose which hardware it proposed to the DoE, but only says that it has its 128-core Prodigy processor today as well as a higher-performing Prodigy 2 processor in its roadmap, so it is safe to say that by 2025 it will have the latter on hand and it could be able to address the upcoming system. "Tachyum's Prodigy is a universal homogeneous processor packing up to 128 proprietary 64-bit VLIW cores that feature two 1024-bit vector units per core and one 4096-bit matrix unit per core. Tachyum expected its flagship Prodigy T16128-AIX processor(opens in new tab) to offer up to 90 FP64 teraflops for HPC as well as up to 12 'AI petaflops' for AI inference and training (presumably when running INT8 or FP8 workloads). Prodigy consumes up to 950W and uses liquid cooling. "That was all before Tachyum sued Cadence, its intellectual property provider, for lower-than-expected performance of its Prodigy processor. We have no idea what the current performance expectations are for the chip. "In theory, Tachyum could power an exaflops system using over 11,000 of its Prodigy processors, though power consumption of such a machine would be gargantuan. Presumably, Prodigy 2 has a better chance to meet the needs of a next-generation exascale system than the original Prodigy. "There is currently one exaflops-class supercomputer in the U.S., the 1.1 exaflops Frontier system at Oak Ridge National Laboratory (ORNL) that is based on AMD's 64-core EPYC CPUs as well as Instinct MI250X compute GPUs. There are two more exascale systems being built in the USA, the 2 exaflops Aurora machine powered by Intel's 4thGeneration Xeon Scalable processors and Xe-HPC compute GPUs (aka, Ponte Vecchio) as well as the ">2 exaflops" El Capitan supercomputer based on AMD's Zen 4 architecture EPYC CPUs and Instinct MI300 GPUs. "One of the interesting things about the DoE's supercomputing plans is that from now on it wants to upgrade its high-performance compute capabilities every 12–24 months, not every 4–5 years. As a result, the DoE will be more eager to adopt exotic architectures like Tachyum's Prodigy than it is today.
Google Program to Free Chips Boosts University Semiconductor Design
https://www.hpcwire.com/2022/08/11/google-program-to-free-chips-boosts-university-semiconductor-design/ August 11, 2022 A Google-led program to design and manufacture chips for free is becoming popular among researchers and computer enthusiasts. The search giant’s open silicon program is providing the tools for anyone to design chips, which then get manufactured. Google foots the entire bill, from a chip’s conception to delivery of the final product in a user’s hand. Google’s Open MPW program includes an open-source design toolkit from a company called EFabless, which also manages the program. Enthusiasts and researchers have to submit their chip design, which then gets manufactured in the factories of SkyWater on the 130nm process. The submission deadline for the latest Open MPW program is September 12. Open MPW’s popularity can be measured by the number of projects using Efabless’ EDA tools. Chips from about 240 open-source silicon projects via Efabless’ tools will be manufactured in Skywater’s factories, Mike Wishart, CEO of Efabless. “The total projects posted on our site are like 570. That has gone extremely well. It’s diverse, from 25 countries,” Wishart said. Efabless had about 160 tapeouts in 2021, and had no tapeouts in 2020. Efabless provides a simple design EDA tool to make chips, which is mostly about dragging and dropping the core elements inside a chip. An open-source PDK (process design kit) prepares the chip for fabrication in factories. The Open MPW program added recent partners, including the U.S. Department of Defense, which last month poured $15 million into the project to get open-source chips made on SkyWater’s 90nm process. GlobalFoundries also joined the alliance and will also manufacture chips on the 180nm node. The manufacturing technology provided through the project is very old, but it is cost-effective. Intel, Apple and others make expensive chips on the more advanced processes such as 5nm, which uses cutting-edge technology and provides the fastest computing in devices. Open MPW is popular in academia and research, and for those experimenting or testing chips and need small batches, Wishart said. “Our incentive is to make it simple for more and more people and grow a community around those executing designs… [on] nodes that are more accessible to them and therefore lower costs,” Wishart said. Typically, chips can be expensive to manufacture, and factories are open to corporations. But Open MPW makes factories available to researchers and students. “There was an unmet need in academia, that was overwhelming and not appreciated because they didn’t know what they could get,” Wishart said. The open-source toolkits cover the full concept of chip development, from conceptualization to delivery of parts. Some universities may have deals with chip factories, but students at the undergraduate, master’s and PhD programs still have poor awareness of chip fabrication.
The Hacking of Starlink Terminals Has Begun | WIRED
https://www.wired.com/story/starlink-internet-dish-hack/ Since 2018, Elon Musk’s Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia’s war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked. "Today, Lennert Wouters, a security researcher at the Belgian university KU Leuven, will reveal one of the first security breakdowns of Starlink’s user terminals, the satellite dishes (dubbed Dishy McFlatface) that are positioned on people’s homes and buildings. At the Black Hat security conference in Las Vegas, Wouters will detail how a series of hardware vulnerabilities allow attackers to access the Starlink system and run custom code on the devices. "To access the satellite dish’s software, Wouters physically stripped down a dish he purchased and created a custom hacking tool that can be attached to the Starlink dish. The hacking tool, a custom circuit board known as a modchip, uses off-the-shelf parts that cost around $25. Once attached to the Starlink dish, the homemade printed circuit board (PCB) is able to launch a fault injection attack—temporarily shorting the system—to help bypass Starlink’s security protections. This “glitch” allows Wouters to get into previously locked parts of the Starlink system."
TC BioPharm Says It Aims To Deliver A Big Breakthrough In Cancer Treatments
TC BioPharm Says It Aims To Deliver A Big Breakthrough In Cancer Treatments https://share.newsbreak.com/1k9e54im
Russian Hacker Warns Cyberwarfare Will Turn Deadly
Russian Hacker Warns Cyberwarfare Will Turn Deadly https://share.newsbreak.com/1k9dxeho group Killnet has stated that cyberwarfare will result in casualties, just days after threats against a major American weapons manufacturer reportedly came to fruition. On Sunday, that hacker, Killmilk, told the Russian news site Gazeta.Ru that he has helped galvanize countless other hackers who "for one reason or another, support Russia in the NWO [New World Order]," pledging to "be a pioneer" if pro-Russian and pro-Ukrainian hackers confront one another to the point where deaths occur. "In Russia, I will become a hero, and abroad, a criminal," said Killmilk, who launched Killnet on November 1, 2021. "Soon, I and Killnet will launch powerful attacks on European and American enterprises, which will indirectly lead to casualties. I will do my best to make these regions and countries answer for each of our soldiers," he said, according to an English translation.
Quantum Computation and Its Possible Effects on Society
Quantum Computation and Its Possible Effects on Society https://share.newsbreak.com/1k522vw8 Abstract Quantum computation is slowly becoming mainstream, as research on it is picking up pace, but can it really become part of our everyday life given how much our society depends on classical computation? This paper will discuss what quantum computation is and the effects it can have on the way our society works. Introduction Quantum computation is a new domain of computation techniques that has been slowly setting its roots in the world of science over the past few decades. Rather than improve upon what already exists, it is a completely new domain that works on several new principles. Since it will directly affect the societies we live in, it is important to consider just how it would do so. How will quantum computation bring change to the society we live in? Before delving into what quantum computation is, and what it is capable of, we must understand what classical computation is and what advancements have come to light since its first instance. Classical Computation Classical computation is the computation done through means termed “classical” as they have been used for quite some time. Classical computation is quite limited in physical terms. As classical computation is done using discrete states i.e., which can either be on or off, we cannot do everything with a limited set of states unless we increase the number of states. If we use finite automata to compute something then we can only do so till our physical limitations allow us to i.e., we cannot have an infinite number of states. The idea of Turing Machines came from this concept, as that gives us an infinite tape on which to carry out the computations. However, it is infinite only in theory as it cannot physically exist. So, in order to make classical computation more powerful and efficient, there have been several enhancements to it that have been modeled in interesting ways. These include the idea of reversibility and probabilistic logic. These ideas were still inherently limited and so came the concept of Quantum Computation.
Family Shocked by Ford Focus Electric Battery Replacement Costing More Than the Car
Family Shocked by Ford Focus Electric Battery Replacement Costing More Than the Car https://share.newsbreak.com/1jzjzwot
Asymmetric cryptosystem based on optical scanning cryptography and elliptic curve algorithm
Asymmetric cryptosystem based on optical scanning cryptography and elliptic curve algorithm https://share.newsbreak.com/1jyqtw88 - Open Access - Published: 11 May 2022 Asymmetric cryptosystem based on optical scanning cryptography and elliptic curve algorithm - Xiangyu Chang, - Wei Li, - … - Ting-Chung Poon Show authors Scientific Reports volume 12, Article number: 7722 (2022) Cite this article - 359 Accesses - Metricsdetails Abstract We propose an asymmetric cryptosystem based on optical scanning cryptography (OSC) and elliptic curve cryptography (ECC) algorithm. In the encryption stage of OSC, an object is encrypted to cosine and sine holograms by two pupil functions calculated via ECC algorithm from sender’s biometric image, which is sender’s private key. With the ECC algorithm, these holograms are encrypted to ciphertext, which is sent to the receiver. In the stage of decryption, the encrypted holograms can be decrypted by receiver’s biometric private key which is different from the sender’s private key. The approach is an asymmetric cryptosystem which solves the problem of the management and dispatch of keys in OSC and has more security strength than the conventional OSC. The feasibility of the proposed method has been convincingly verified by numerical and experiment results. Introduction Optical image encryption has attracted much attention in recent years because of its inherent capability of high parallelism and multidimensional freedoms (amplitude, phase and polarization). Since Refrégiér and Javidi first proposed the double random phase encoding (DRPE) technique1, researchers have introduced many extended optical encryption methods such as a series of optical transforms2,3,4,5, digital holography6,7,8, joint transform correlator9,10,11 and ghost imaging12,13,14, etc. Furthermore, optical scanning cryptography (OSC)15,16,17,18,19 envisioned by Poon has become a prospective technology. Different from that of other CCD-based hologram acquisition systems, it can capture the hologram of a physical object with a fast scanning mechanism along with single-pixel recording. Indeed, some encryption systems have been proposed based on OSC. Yan et al. obtained experimental results of encryption using fingerprint keys18. Furthermore, they first demonstrated optical cryptography of 3-D object images in an incoherent optical system with biometric keys19
A CPU world record has been broken by dousing a $6,000+ AMD chip in liquid nitrogen
A CPU world record has been broken by dousing a $6,000+ AMD chip in liquid nitrogen https://share.newsbreak.com/1juy5ego It's a shame that AMD's Threadripper processors are no longer in the reach of most enthusiast gamers because the AMD Ryzen Threadripper Pro 5995WX just crushed a Cinebench run to net itself the world record. Proving once again that AMD's mammoth chip is not to be trifled with. With a multithreaded score of 116,142 in Cinebench R23, overclocker TSAIK has net themselves the world number one spot (spotted by 9550pro on Twitter ), beating out user blueleader with two AMD Epyc 7763 server chips at 113,566.
A fearsome new botnet is rapidly gaining momentum
A fearsome new botnet is rapidly gaining momentum https://share.newsbreak.com/1juxwgz5 An old, infamous trojan has been forked, with the new variant being used to attack Linux SSH servers, experts have warned. However, unlike the original malware, whose purpose was quite clear, researchers are not yet sure what the operators are up to this time around. Cybersecurity researchers from Fortinet detected IoT malware with unusual SSH-related strings, and after digging a bit deeper, discovered RapperBot, a variant of the dreaded Mirai trojan. Access for sale? RapperBot was first deployed in mid-June 2022, and is being used to brute-force into Linux SSH servers and gain persistence on the endpoints. RapperBot borrows quite a lot from Mirai, but it does have its own command and control (C2) protocol, as well as certain unique features. But unlike Mirai, whose goal was to spread to as many devices as possible, and then use those devices to mount devastating Distributed Denial of Service (DDoS) attacks, RapperBot is spreading with more control, and has limited (sometimes even completely disabled) DDoS capabilities. The researchers’ first impression is that the malware might be used for lateral movement within a target network, and as the first stage in a multi-stage attack. It could be also used simply to gain access to the target devices, access which could later be sold on the black market. The researchers came to this conclusion, among other things, due to the fact that the trojan sits idly, once it compromises a device.
Scientists say they've debunked Google’s quantum supremacy claims once and for all
Scientists say they've debunked Google’s quantum supremacy claims once and for all https://share.newsbreak.com/1joxv01w A team of scientists in China claim to have replicated the performance of Google’s Sycamore quantum computer using traditional hardware, thereby undermining the suggestion the company has achieved quantum supremacy. As reported by Science magazine, the scientists used a system comprised of 512 GPUs to complete the same calculation developed by Google to demonstrate it had passed the quantum supremacy milestone back in 2019. The endeavor was led by statistical physicist Pan Zhang, who said his team’s supercomputer performed the calculation 10 billion times faster than Google had thought possible. Quest for quantum supremacy Quantum supremacy (or quantum advantage) can be defined as the point at which quantum computers can outstrip the maximum potential performance of classical supercomputers in a particular discipline. Three years ago, Google announced it had achieved this feat with Sycamore, which it said took just 200 seconds to complete a statistical mathematics problem that would take a supercomputer 10,000 years to solve. The problem was architected in such a way as to accentuate both the attributes of quantum computers, which exploit a phenomenon known as superposition to speed up calculations, and the limitations of traditional systems.
SciTechDaily: The Million Dollar Problem That Could Break Cryptography
SciTechDaily: The Million Dollar Problem That Could Break Cryptography. https://scitechdaily.com/the-million-dollar-problem-that-could-break-cryptography/ Usually, you can verify a solution to a problem. Whether it’s using multiplication for division or plugging the answer in for a variable, math teachers tell you to check your work using your answer in every school math class. But let’s say you can verify a solution easily, is it just as easy to solve for that solution? This is the P versus NP problem, a Millenium Prize Problem where the solver will receive a million dollars if valid proof is provided. What is P versus NP? In computer science, the efficiency of algorithms is very important. Most algorithms are believed to be “fast” if solvable in a standard called polynomial time. Polynomial time is when a problem is solvable in steps scaled by a factor of a polynomial given the complexity of input. So let’s say the complexity of input is some number n, a polynomial time algorithm will be able to solve a problem in nk steps. Essentially, P vs NP is asking the question: Are problems that can have solutions verified in polynomial time, also have their answers solved in polynomial time? NP-Completeness An Euler Diagram showing the cases for NP-Completeness for P ≠ NP and P = NP. Credit: Behnam Esfahbod, Wikimedia Commons (CC
Intel is working on a new type of processor you've never heard of
Intel is working on a new type of processor you've never heard of https://share.newsbreak.com/1j8gblhk Intel has let slip information about a new type of processor soon to make its way into the company’s portfolio: the versatile processing unit, or VPU. Although no formal announcement has been made, written materials published by Intel alongside a new Linux driver confirmed the existence of the processor, which is designed to accelerate AI inference workloads. According to the documentation, the VPU will feature inside Intel’s 14th Gen Core CPUs (also known as Meteor Lake) and will improve inference performance across “computer vision and deep learning applications”. It is most likely the brainchild of the team behind Movidius, an AI acceleration company acquired by Intel in 2016. TechRadar Pro asked Intel for further details, but did not receive an immediate response. Accelerating AI With rivals like Nvidia fighting to establish themselves as the leading chip maker of the AI era, Intel will be thinking hard about how to demonstrate its own credentials in the space. Broadly speaking, there are two types of AI workload: training and inference. The former refers to the use of large-scale datasets to develop AI applications with specific capabilities, while the latter refers to the feeding of new data into these systems to generate a result.
Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s federal prison
Jim Bell's comment:. I spent about 1.5 years here. June 2010-March 12, 2012== Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s federal prison https://share.newsbreak.com/1j2kzqbb Vicious beatings, possibly in retaliation for lawsuits, claimed at Oregon’s federal prison Jefferson Public Radio | By Conrad Wilson / OPBPublished August 1, 2022 at 6:01 PM PDT - Facebook - Twitter - LinkedIn - Email The Federal Correctional Institution in Sheridan, Ore.Ericka Cruz Guevarra “I could see the blood dripping off his head onto the ground,” one witness inside the prison told the federal public defender’s office. A growing number of people incarcerated at the Sheridan Federal Correctional Institution sent urgent notes to their attorneys last week complaining of guards from other federal facilities coming in to toss their cells and indiscriminately beat people. Several sources complained of food taken, papers torn up and brutal beatings. “We were extracted the other day by [Special Operation and Response Teams] from across the nation and told that ‘we did this’ and ‘this is your own damn fault,’” wrote one unnamed person in custody at the facility, whose account was one of several included in court documents filed by the federal public defender, Lisa Hay, on Sunday. A number of the people who were allegedly targeted have previously filed lawsuits over conditions inside the facility, according to Hay’s latest filing. “So we are being RETALIATED against for filing this petition against the prison for mistreatment and excessive Lockdowns?” the person wrote to Hay. The accounts from inside the prison, which is located in Yamhill County, detail allegations of teams of prison staff wearing “stab-vests” (a kind of body armor) and shirts that read “Sheridan Disruption Unit,” engaging in unit-by-unit, cell-by-cell violence during the last two weeks in July. Oregon’s federal public defender’s office filed an emergency
Post-quantum encryption contender is taken out by single-core PC and 1 hour
Post-quantum encryption contender is taken out by single-core PC and 1 hour https://share.newsbreak.com/1j2jwill In the US government's ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms. Last month, the US Department of Commerce's National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer. In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE. Getting totally SIKEd SIKE—short for Supersingular Isogeny Key Encapsulation—is now likely out of the running thanks to research that was published over the weekend by researchers from the Computer Security and Industrial Cryptography group at KU Leuven. The paper, titled An Efficient Key Recovery Attack on SIDH (Preliminary Version), described a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour’s time. The feat makes the researchers, Wouter Castryck and Thomas Decru eligible for a $50,000 reward from NIST. “The newly uncovered weakness is clearly a major blow to SIKE,” David Jao, a professor at the University of Waterloo and co-inventor of SIKE, wrote in an email. “The attack is really unexpected.”
The New Way Police Could Use Your Google Searches Against You
The New Way Police Could Use Your Google Searches Against You https://share.newsbreak.com/1j23z8tj For millennia, we’ve been told that asking questions was the path to enlightenment. But in the surveillance age, it might land you in jail. That’s the danger of a new search tactic that police are increasingly turning to in their constant campaign to transform our phones and devices into evidence against us: keyword warrants. One Denver court may soon rule on whether they can continue as a policing tactic—and in the post-Roe era, the wrong decision could put abortion seekers in unprecedented danger Police have used web browser history and search engine data in their investigations for about as long as the data has existed, but keyword warrants are different—a digital dragnet to find every user who searches for a specific person, place or thing. We don’t know how often they are used, but we the number of publicly known examples is only growing. And soon a Denver judge will provide one of the first decisions on their constitutionality. As far back as 2009, police would ask Google for a user’s search history for use in investigations, viewing a single account at a time. Where there was probable cause that someone had committed an offense, officers could compel Google to provide a list of every search a user had entered. And when individuals weren’t logged into Google, they could still search by their individual IP address, the unique identifier every internet-connected computer uses to communicate with servers at companies like Google.
CNBC: Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia
CNBC: Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia. https://www.cnbc.com/2022/07/28/how-is-anonymous-attacking-russia-the-top-six-ways-ranked-.html Hacktivist group Anonymous is using six top techniques to 'embarrass' Russia PUBLISHED THU, JUL 28 2022 6:00 PM EDTUPDATED FRI, JUL 29 2022 4:09 AM EDTMonica Buchanan Pitrelli@MONICAPITRELLIWATCH LIVEKEY POINTS - Anonymous uses many strategies in its digital fight against Russia, the most effective being hacking into databases and leaking the information online, according to cybersecurity specialist Jeremiah Fowler. - The size of the leaked data will take years to process. - The hacks have also exposed Russia's cybersecurity defenses to be far weaker than previously believed, say cybersecurity researchers. In this article - NES.N-CHMembers of the loosely connected collective known as Anonymous are known for wearing Guy Fawkes masks in public. Jakub Porzycki | Nurphoto | Getty Images Ongoing efforts by the underground hacktivists known as Anonymous are "embarrassing" Russia and its cybersecurity technology. That's according to Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, who has been monitoring the hacker collective since it declared a "cyber war" on Russia for invading Ukraine. "Anonymous has made Russia's governmental and civilian cyber defenses appear weak," he told CNBC. "The group has demystified Russia's cyber capabilities and successfully embarrassed Russian companies, government agencies, energy companies and others." "The country may have been the 'Iron Curtain,'" he said, "but with the scale of these attacks by a hacker army online, it appears more to be a 'paper curtain.'" The Russian embassies in Singapore and London did not immediately respond to CNBC's request for comment. Ranking Anonymous' claims Though missile strikes are making more headlines these days, Anonymous and its affiliate groups aren't losing steam, said Fowler, who summarized many of the collective's claims against Russia in a report published Friday. CNBC grouped Anonymous' claims into six categories, which Fowler helped rank in order of effectiveness:
Yahoo News: High-risk Colombians say GPS devices only add to dangers
Yahoo News: High-risk Colombians say GPS devices only add to dangers. https://news.yahoo.com/high-risk-colombians-gps-devices-140636081.html The bulletproof vehicles that Colombia’s government assigns to hundreds of high-risk individuals are supposed to make them safer. But when an investigative reporter discovered they all had GPS trackers, she only felt more vulnerable — and outraged. No one had informed Claudia Julieta Duque — or apparently any of the 3,700-plus journalists, rights activists and labor and indigenous leaders who use the vehicles — that the devices were keeping constant tabs on their whereabouts. In Duque’s case, it happened as often as every 30 seconds. The system could also remotely cut off the SUV's engine. Colombia is among the world’s most dangerous countries for human rights defenders — with more than 500 killed since 2016. It is also a country where right-wing extremists have a track record of infiltrating national security bodies. For Duque, the GPS revelation was chilling: Movements of people already at risk of political assassination were being tracked with technology that bad actors could weaponize against them.It’s something super invasive,” said Duque, who has been a persistent target of rogue security agents. “And the state doesn’t seem to care.” The government agency responsible has said the trackers were installed to help prevent theft, to track the bodyguards who often drive the vehicles and to help respond to dangerous situations. For a decade, Colombia had been installing trackers in the armored vehicles of at-risk individuals as well as VIPs, including presidents, government ministers and senators. The agency's director made that disclosure after Duque learned last year through a public records request that the system was recording her SUV’s location an average of five times an hour.The director dismissed privacy concerns and called the practice “fundamental” to guaranteeing security. Considering the tracker a danger to her and her sources, Duque pressed for details on its exact features. But the National Protection Unit, known as UNP in Spanish, offered little. She then demanded the agency remove the device. It refused. So in February, Duque returned the vehicle, left the country and filed a legal challenge. Now back in Bogotá, she is hoping for satisfaction when Gustavo Petro, Colombia’s first leftist president, takes office Aug. 7. Petro’s domestic security transition team did not respond to questions from The Associated Press on the matter. Whatever action the new administration takes will reflect on its avowed commitment to human rights and its ability to reform a national security establishment long run by bitter political foes. The UNP is a pillar of that establishment. It employs, mostly as bodyguards, dozens of ex-agents of the disgraced DAS domestic security agency, which was dissolved in 2011 after the government of former President Alvaro Uribe abused it to spy on Supreme Court justices, journalists and political opponents. Prominent among them were Petro himself – and Duque. She was surveilled, threatened and bullied by DAS operatives after uncovering evidence that the 1999 assassination of beloved humorist and peace activist Jaime Garzon was a crime of the state. Duque's reporting eventually helped convict a former DAS deputy director in the killing, and three other ex-DAS officials have been convicted of psychological torture for threatening the lives of Duque and her daughter. Trials against eight others are pending. Through it all, threats forced her into temporary exile nearly a dozen times. The questions about the GPS devices added to growing concerns about an agency that once ranked among Latin America’s most effective in human rights protection. Adam Isacson, an analyst with the Washington Office on Latin America, said the UNP became less responsive, more politicized and more penetrated by criminality under the outgoing conservative government. “With social leaders being killed nearly every other day during the past four years, this was the worst time for the unit to fall into disarray,” he said. Right-wing death squad activity spiked following a historic 2016 peace pact with leftist rebels. Duque says she was tipped to the GPS trackers in early 2020 when she learned of a planned attempt on her life, but when she asked about them, the government stonewalled for a year. When she finally got documents with the aid of the InterAmerican Human Rights Commission, they showed her location was recorded 25,183 times over 209 days from February to August of last year alone. A software manual described a panoply of other control options, including remotely operating cameras and door locks managed through vehicles' computers. Duque asked if any such features were active in the government-leased vehicles but said she got no answer. The general manager of the company that provides the GPS sof
USB Drive Keeps Your Secrets… As Long As Your Fingers Are Wet? | Hackaday
https://hackaday.com/2022/07/30/usb-drive-keeps-your-secrets-as-long-as-your-fingers-are-wet/ Walker] has a very interesting new project: a completely different take on a self-destructing USB drive. Instead of relying on encryption or other “visible” security features, this device looks and works like an utterly normal USB drive. The only difference is this: if an unauthorized person plugs it in, there’s no data. What separates authorized access from unauthorized? Wet fingers. It sounds weird, but let’s walk through the thinking behind the concept. First, encryption is of course the technologically sound and correct solution to data security. But in some environments, the mere presence of encryption technology can be considered incriminating. In such environments, it is better for the drive to appear completely normal. Toggling the chip enable (CE) pin will hide the drive’s contents. The second part is the access control; the “wet fingers” part. [Walker] plans to have hidden electrodes surreptitiously measure the resistance of a user’s finger when it’s being plugged in. He says a dry finger should be around 1.5 MΩ, but wet fingers are more like 500 kΩ. But why detect a wet finger as part of access control? Well, what’s something no normal person would do right before plugging in a USB drive? Lick their finger. And what’s something a microcontroller should be able to detect easily without a lot of extra parts? A freshly-licked finger. Of course, detecting wet skin is only half the equation. You still need to implement a USB Mass Storage device, and that’s where things get particularly interesting. Even if you aren’t into the covert aspect of this device, the research [Walker] has done into USB storage controllers and flash chips, combined with the KiCad footprints he’s already put together means this open source project will be a great example for anyone looking to roll their own USB flash drives. Regular readers may recall that [Walker] was previously working on a very impressive Linux “wall wart” intended for penetration testers, but the chip shortage has put that ambitious project on hold for the time being. As this build looks to utilize less exotic components, hopefully it can avoid a similar fate.
Daily Mail: Fibre-optic cables may be used to eavesdrop up to 1km away, study says
Daily Mail: Fibre-optic cables may be used to eavesdrop up to 1km away, study says. https://www.dailymail.co.uk/sciencetech/article-11057699/Fibre-optic-cables-used-eavesdrop-1km-away-study-says.html 21st Century wire tap? Spies could use fibre-optic broadband cables to EAVESDROP on people from over half a mile away, study shows By Jonathan Chadwick For Mailonline14:24 28 Jul 2022, updated 15:02 28 Jul 202 54 comment Scientists have developed a system that picks up sound from fibre-optic cables - Fibre-optic cables use light pulses to transmit data and are used for broadband - But they are sensitive to changes in environmental pressure caused by sound - This security flaw may let snoopers eavesdrop on confidential conversations Fibre-optic cables could be used to eavesdrop on people over half a mile away by detecting changes in light that occur when they speak, a new study shows. Researchers in China have developed a system that picks up sound at one end of a fibre-optic cable and transmits the audio at the other end. But they're sensitive to changes in environmental pressure, which could be caused by acoustic waves, such as sound from someone speaking – a potential security risk.Modern fibre optic cables, which use pulses of light to transmit data, deliver full fibre broadband (file photo) The new study was conducted by researchers at Tsinghua University, Beijing and published on the pre-print server arXiv. 'Optical fibre networks are widely deployed all over the world, which not only facilitates data transmission but also provides an opportunity to obtain additional information,' they say in their paper.
Phys.org: Quantum cryptography: Making hacking futile
Phys.org: Quantum cryptography: Making hacking futile. https://phys.org/news/2022-07-quantum-cryptography-hacking-futile.html The Internet is teeming with highly sensitive information. Sophisticated encryption techniques generally ensure that such content cannot be intercepted and read. But in the future high-performance quantum computers could crack these keys in a matter of seconds. It is just as well, then, that quantum mechanical techniques not only enable new, much faster algorithms, but also exceedingly effective cryptography. Quantum key distribution (QKD)—as the jargon has it—is secure against attacks on the communication channel, but not against attacks on or manipulations of the devices themselves. The devices could therefore output a key which the manufacturer had previously saved and might conceivably have forwarded to a hacker. With device- independent QKD (abbreviated to DIQKD), it is a different story. Here, the cryptographic protocol is independent of the device used. Theoretically known since the 1990s, this method has now been experimentally realized for the first time, by an international research group led by LMU physicist Harald Weinfurter and Charles Lim from the National University of Singapore (NUS). For exchanging quantum mechanical keys, there are different approaches available. Either light signals are sent by the transmitter to the receiver, or entangled quantum systems are used. In the present experiment, the physicists used two quantum mechanically entangled rubidium atoms, situated in two laboratories located 400 meters from each other on the LMU campus. The two locations are connected via a fiber optic cable 700 meters in length, which runs beneath Geschwister Scholl Square in front of the main building. To create an entanglement, first the scientists excite each of the atoms with a laser pulse. After this, the atoms spontaneously fall back into their ground state, each thereby emitting a photon. Due to the conservation of angular momentum, the spin of the atom is entangled with the polarization of its emitted photon. The two light particles travel along the fiber optic cable to a receiver station, where a joint measurement of the photons indicates an entanglement of the atomic quantum memories.
Tech Xplore: Twin physically unclonable functions (PUFs) based on carbon nanotube arrays to enhance the security of communications
Tech Xplore: Twin physically unclonable functions (PUFs) based on carbon nanotube arrays to enhance the security of communications. https://techxplore.com/news/2022-07-twin-physically-unclonable-functions-pufs.html As the amount of data stored in devices and shared over the internet continuously increases, computer scientists worldwide are trying to devise new approaches to secure communications and protect sensitive information. Some of the most well-established and valuable approaches are cryptographic techniques, which essentially encrypt (i.e., transform) data and texts exchanged between two or more parties, so that only senders and receivers can view it in its original form.Physical unclonable functions (PUFs), devices that exploit "random imperfections" unavoidably introduced during the manufacturing of devices to give physical entities unique "fingerprints" (i.e., trust anchors). In recent years, these devices have proved to be particularly valuable for creating cryptographic keys, which are instantly erased as soon as they are used. Researchers at Peking University and Jihua Laboratory have recently introduced a new system to generate cryptographic primitives, consisting of two identical PUFs based on aligned carbon nanotube (CNT) arrays. This system, introduced in a paper published in Nature Electronics, could help to secure communications more reliably, overcoming some of the vulnerabilities of previously proposed PUF devices. "Classical cryptography uses cryptographic algorithms and keys to encrypt or decrypt information, and the most popular strategies are Rivest, Shamir, and Adleman (RSA) encryption," Zhiyong Zhang, one of the researchers who carried out the study, told TechXplore. "In an asymmetric algorithm, the public key can be accessed by anyone, but the public key cracking requires factoring a very large number, which is extremely difficult for a classical computer. This task has, however, been shown mathematically to be accomplishable in polynomial time using a quantum computer." One of the most employed cryptographic strategies today is symmetric encryption, which shares the same "secret keys" for encryption and decryption with all users participating in a specific conversation. These strategies generally store secret keys in a non-volatile memory, which is vulnerable to physical and side-channel cyber-attacks. In recent years, researchers have thus been exploring alternative cryptographic approaches, including quantum key distribution (QKD). QKD methods exploit concepts rooted in quantum theory to protect communications. Specifically, they leverage the intrinsic disturbances affecting quantum systems while they are being measured.
The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe
The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe. https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/ Actual quantum computers don't exist yet. The cryptography to defeat them may already be here NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms Thomas Claburn in San FranciscoTue 5 Jul 2022 // 22:36 UTC43 The US National Institute of Standards and Technology (NIST) has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits – quantum bits – that a quantum machine can muster, and other factors, such as error correction. Researchers at Google and in Sweden last year suggested it should be possible to factor a 2,048-bit integer in an RSA cryptosystem in about eight hours, given a 20 million-qubit quantum computer. Researchers in France claim it should be possible to factor 2,048-bit RSA integers in 177 days with 13,436 qubits and multimode memory. Current quantum computers have orders of magnitude fewer qubits than they need to be cryptographically relevant. IBM recently unveiled a 127-qubit quantum processor. The IT giant says it is aiming to produce a 1,000-qubit chip by the end of 2023 and its roadmap places machines of more than 1 million qubits in an unidentified time period. The Jülich Supercomputing Center (JSC) and D-Wave Systems have a 5,000-qubit machine. Not all qubits are equal however. The JSC/D-Wave machine relies on a quantum annealing processor and is adept at solving optimization problems. IBM's machine is gate-based, which is better suited for running Shor's algorithm to break cryptography.I n any event, the expectation is that quantum computers, eventually, will be able to conduct practical attacks on data protected using current technology – forcibly decrypt data encrypted using today's algorithms, in other words. Hence, the
The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe
The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe. https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/ IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe Big Blue says it helped developed the algos, so knows what it's doing Simon Sharwood, APAC EditorWed 27 Jul 2022 // 06:30 UTC5 IBM has started offering quantum-resistant crypto – using the quantum-resistant crypto recommended by the US National Institute of Standards and Technology (NIST). Quantum computers are expected to be so powerful they’ll carve through conventional encryption, exposing secrets in seconds. China is felt to be stealing data today, safe in the knowledge its future quantum computers will be able to decrypt it in the near future. Other data, such as health information, is required to be kept for decades and the encryption used to protect it probably won’t survive the advent of quantum computers. To prevent such scenarios and offer long-term data security, NIST in 2017 initiated a post-quantum crypto project to develop ciphers that can be used with classical computers and survive decryption attempts made with quantum computers. As a result of those efforts, NIST selected two algorithms and two signature schemes as suitable to become standards. IBM today revealed it had a hand in the development of three of the four algorithms chosen by NIST, “along with partners from industry and academia.” - AWS buys before it tries with quantum networking center - Protecting data now as the quantum era approaches - Biden orders new quantum push to ensure encryption isn't cracked by rivals Big Blue also revealed that the Z16 mainframe it unveiled in April 2021 can use the CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms approved by NIST to create quantum-resistant digital signatures. To do so, the mainframe needs to include the Crypto Express 8S card, a device that IBM proclaimed was ready for post-quantum crypto because it employs lattice-based cryptography. News that IBM contributed to the NIST-approved algos, which use lattice-based cryptography, suggests Big Blue’s claim the Z16 was read for post-quantum crypto was no mere puffery. However IBM arrived at its April assertions, it’s now made them real and given all of us the chance to protect data more robustly than was previously possible which is surely welcome. And will be more welcome still once the same offering reaches more common and gently-priced machines than the Z16. ®
BleepingComputer: Hackers scan for vulnerabilities within 15 minutes of disclosure
BleepingComputer: Hackers scan for vulnerabilities within 15 minutes of disclosure. https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/ System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed. According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited. "The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion blog post. Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them. Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch. Unit 42 presents CVE-2022-1388 as an example, a critical unauthenticated remote command execution vulnerability impacting F5 BIG-IP products.
IEEE Spectrum: Micron Is First to Deliver 3D Flash Chips With More Than 200 Layers
IEEE Spectrum: Micron Is First to Deliver 3D Flash Chips With More Than 200 Layers. https://spectrum.ieee.org/micron-is-first-to-deliver-3d-flash-chips-with-more-than-200-layers Boise, Idaho–based memory manufacturer Micron Technology says it has reached volume production of a 232-layer NAND flash-memory chip. It’s the first such chip to pass the 200-layer mark, and it’s been a tight race. Competitors are currently providing 176-layer technology, and some have said they are on track to follow Micron’s skyward move or already have working chips in hand. The new Micron tech as much as doubles the density of bits stored per unit area versus competing chips, packing in 14.6 gigabits per square millimeter. Its 1-terabit chips are bundled into 2-terabyte packages, each of which is barely more than a centimeter on a side and can store about two weeks worth of 4K video. With 81 trillion gigabytes (81 zettabytes) of data generated in 2021 and International Data Corp. (IDC) predicting 221 ZB in 2026, “storage has to innovate to keep up,” says Alvaro Toledo, Micron’s vice president of data-center storage. The move to 223 layers is a combination and extension of many technologies Micron has already deployed. To get a handle on them, you need to know the basic structure and function of 3D NAND flash. The chip itself is made up of a bottom layer of CMOS logic and other circuitry that’s responsible for controlling reading and writing operations and getting data on and off the chip as quickly and efficiently as possible. Improvements to this layer, such as optimizing the path data travels and reducing the capacitance of the chip’s inputs and outputs, yielded a 50 percent improvement in the data transfer rate to 2.4 Gb/s. Above the CMOS are layers upon layers of NAND flash cells. Unlike other devices, Flash-memory cells are built vertically. They start as a (relatively) deep, narrow hole etched through alternating layers of conductor and insulator. Then the holes are filled with material and processed to form the bit-storing part of the device. It’s the ability to reliably etch and fill the holes through all those layers that’s a key limit to the technology. Instead of etching through all 232 layers in one go, Micron’s process builds them in two parts and stacks one atop the other. Even so, “it’s an astounding engineering feat,” says Alvaro. “That was one of the biggest challenges we overcame.” According to Toledo, there is a path toward even more layers in future NAND chips. “There are definitely challenges,” he says. But “we haven’t seen the end of that path.” In addition to adding more and more layers, NAND flash makers have been increasing the density of stored bits by packing multiple bits into a single device. Each of the Micron chip’s memory cells is capable of storing three bits per cell. That is, the charge stored in each cell produces a distinct enough effect to discern eight different states. Though 3-bit-per-cell products (called TLC) are the majority, four-bit products (called QLC) are also available. One QLC chip presented by Western Digital researchers at the IEEE International Solid State Circuits Conference earlier this year achieved a 15 Gb/mm2 areal density in a 162-layer chip. And Kioxia engineers reported 5-bit cells last month at the IEEE Symposium on VLSI Technology and Circuits. There has even been a 7-bit cell demonstrated, but it required dunking the chip in 77-kelvin liquid nitrogen
Semiconductor bill unites Sanders, the right — in opposition
Semiconductor bill unites Sanders, the right — in opposition https://share.newsbreak.com/1hx0vuzi WASHINGTON (AP) — A bill to boost semiconductor production in the United States has managed to do nearly the unthinkable — unite the democratic socialist Sen. Bernie Sanders and the fiscally conservative right. The bill making its way through the Senate is a top priority of the Biden administration. It would add about $79 billion to the deficit over 10 years, mostly as a result of new grants and tax breaks that would subsidize the cost that computer chip manufacturers incur when building or expanding chip plants in the United States.Supporters say that countries all over the world are spending billons of dollars to lure chipmakers. The U.S. must do the same or risk losing a secure supply of the semiconductors that power the nation’s automobiles, computers, appliances and some of the military’s most advanced weapons systems. Sanders, I-Vt., and a wide range of conservative lawmakers, think tanks and media outlets have a different take. To them, it’s “corporate welfare.” It’s just the latest example of how spending taxpayer dollars to help the private sector can scramble the usual partisan lines, creating allies on the left and right who agree on little else. They are positioning themselves as defenders of the little guy against powerful interest groups lining up at the public trough. Sanders said he doesn’t hear from people about the need to help the semiconductor industry. Voters talk to him about climate change, gun safety, preserving a woman’s right to an abortion and boosting Social Security benefits, to name just a few.
CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications
CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications https://share.newsbreak.com/1hlpc2u2 On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year. But when US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection, multiple sources familiar with the episode told CNN. Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said. Federal officials quietly killed the project before construction was underway. The canceled garden is part of a frenzy of counterintelligence activity by the FBI and other federal agencies focused on what career US security officials say has been a dramatic escalation of Chinese espionage on US soil over the past decade. Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities. Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons.
Surveillance is pervasive: Yes, you are being watched, even if no one is looking for you
Surveillance is pervasive: Yes, you are being watched, even if no one is looking for you https://share.newsbreak.com/1h6myng5 Surveillance is pervasive: Yes, you are being watched, even if no one is looking for you By Peter Krapp, Professor of Film & Media Studies, University of California, Irvine, 5 hrs agoMost Americans are aware of video surveillance of public spaces. Likewise, most people know about online tracking – andwant Congress to do something about it . But as a researcher who studies digital culture and secret communications , I believe that to understand how pervasive surveillance is, it’s important to recognize how physical and digital tracking work together. Databases can correlate location data from smartphones , the growing number of private cameras, license plate readers on police cruisers and toll roads, and facial recognition technology , so if law enforcement wants to track where you are and where you’ve been, they can. They need a warrant to use cellphone search equipment: Connecting your device to a mobile device forensic tool lets them extract and analyze all your data if they have a warrant . However, private data brokers also track this kind of data and help surveil citizens – without a warrant. There is a large market for personal data, compiled from information people volunteer, information people unwittingly yield – for example, via mobile apps – and information that is stolen in data breaches. Among the customers for this largely unregulated data are federal, state and local law enforcement agencies .
Russia Delivers a Scathing Setback to Crypto
Russia Delivers a Scathing Setback to Crypto https://share.newsbreak.com/1gp0afkg Hardly a week goes by without the young crypto industry receiving some bad news. The industry is currently playing a guessing game which consists of trying to guess which crypto company or crypto platform is next to be impacted by the liquidity crisis affecting prominent crypto lenders like Celsius Network, Voyager Digital and BlockFi. This cash crunch crisis comes from the fall in cryptocurrency prices that led to a collapse of more than $2 trillion in the crypto market since November. The damages are substantial. Celsius and Voyager have filed for Chapter 11 bankruptcy and their customers don't even know if they will be able to get their money back. Other platforms like Babel Finance, CoinLoan or CoinFlex have suspended withdrawals, thus preventing their customers from having access to their funds. BlockFi was bailed out by cryptocurrency exchange FTX.com. Another difficulty for the sector is how to bring back retail investors, many of whom fled the crypto sector after suffering colossal losses? Some investors even lost everything following the crash of sister tokens Luna and UST in May. Three Arrows Capital, also known as 3AC, a crypto hedge fund was forced into liquidation. As if that were not enough, bad news has just arrived from Russia. Indeed, President Vladimir Putin has just signed a tougher law against cryptocurrencies after it was passed by the Russian National Assembly or Duma on July 8. This law banned any payment for assets, goods, products and services with digital means or any utility tokens. It is the latest legal arsenal adopted by Moscow to prevent cryptocurrencies from being used as a means of payment. Crypto and Sanctions The Minister of Finance Anton Siluanov had introduced a draft On Digital Currency in parliament for regulation of the sector in February. The Russian government, however, didn't follow the recommendation of the Central Bank of Russia, which called in March for an outright ban on cryptocurrencies and the entire crypto industry in the country. The institution recommended a ban on trading, mining, and paying for goods and services with cryptocurrencies. The Russian war in Ukraine may play a big role here. In the face of NATO sanctions, there has been a surge of interest in how Russia might use cryptocurrencies to sidestep sanctions. Selected Russian banks were disconnected from the SWIFT, a secure messaging system used by financial institutions, brokers, and investment firms. Russia's economy has suffered under the sanctions with the ruble's value plummeting. According to government figures,
SATAn hack can steal data directly from your SATA cable
SATAn hack can steal data directly from your SATA cable https://share.newsbreak.com/1gozsduo Researchers at the University of the Negev, Israel, have published a paper that demonstrates how a hacker could extract data from an otherwise secure system via its SATA cable. The attack uses the SATA cable itself as a form of wireless transmitter, and the data it carries can be intercepted as a form of radio signal in the 6GHz band. The attack is appropriately referred to as SATAn. The researchers published a paper here (opens in new tab) (via Tom’s Hardware (opens in new tab)). They successfully demonstrated the technique and showed it in a video that’s included above. It has to be said that this kind of attack is complicated and requires specific malware to be installed on the target machine. It requires specialized shellcode to modify file system activity that generates identifiable radio signals from SATA cables.The electromagnetic leakage of the cables can be intercepted by a wireless receiver and replicated on a second device. The researchers entered the word ‘secret’ on the target machine, which was picked up by a second machine. It’s just a simple demo but there’s no reason that targeted malware couldn’t be used to extract passwords or other sensitive text information. It’s a complicated method as it would require access to the target computer. An air gapped system without any network access would require malware to be directly installed. There’s also the problem that the SATA signal emission is weak and requires the receiving antenna to be around 1 meter away. It’s not easy to just walk up to a secure system and say hi.
A Beginner’s Guide to Quantum Programming
A Beginner’s Guide to Quantum Programming https://share.newsbreak.com/1govv8d9 A new guide on programming quantum algorithms leads programmers through every step, from theory to implementing the algorithms on IBM’s publicly accessible 5-qubit ibmqx4 quantum computer and others. The guide covers the fundamentals, along with a summary of the main quantum algorithms and instructions on how to implement them on publicly available quantum computers As quantum computers proliferate and become more widely available, would-be quantum programmers are left scratching their brains over how to get started in the field. A new beginner’s guide offers a complete introduction to quantum algorithms and their implementation on existing hardware.“Writing quantum algorithms is radically different from writing classical computing programs and requires some understanding of quantum principles and the mathematics behind them,” said Andrey Y. Lokhov, a scientist at Los Alamos National Laboratory and lead author of the recently published guide in ACM Transactions on QuantAnother section looks at the various types of quantum algorithms. From there, the guide dives into the 20 selected algorithms, with a problem definition, description, and steps for implementing each one on the IBM or, in a few cases, other computers. Extensive references at the end of the guide will help interested readers go deeper in their explorations of quantum algorithms. The study was funded by the Information Science and Technology Institute at Los Alamos National Laboratory through the Laboratory Directed Research and Development program. Reference: “Quantum Algorithm Implementations for Beginners” by Abhijith J., Adetokunbo Adedoyin, John Ambrosiano, Petr Anisimov, William Casper, Gopinath Chennupati, Carleton Coffrin, Hristo Djidjev, David Gunter, Satish Karra, Nathan Lemons, Shizeng Lin, Alexander Malyzhenkov, David Mascarenas, Susan Mniszewski, Balu Nadiga, Daniel O’malley, Diane Oyen, Scott Pakin, Lakshman Prasad, Randy Roberts, Phillip Romero, Nandakishore Santhi, Nikolai Sinitsyn, Pieter J. Swart, James G. Wendelberger, Boram Yoon, Richard Zamora, Wei Zhu, Stephan Eidenbenz, Andreas Bärtschi, Patrick J. Coles, Marc Vuffray and Andrey Y. Lokhov, 7 July 2022, ACM Transactions on Quantum Computing. DOI: 10.1145/351734 - - - -
Homeland Security Is Buying Its Way Around the Fourth Amendment
Homeland Security Is Buying Its Way Around the Fourth Amendment https://share.newsbreak.com/1goc7w5v American taxpayers pay to be spied upon. That's one takeaway from new documents obtained by the American Civil Liberties Union (ACLU), which has been examining how federal agents spent millions to purchase massive troves of cellphone location data and dodge Fourth Amendment requirements. As part of a lawsuit against the Department of Homeland Security (DHS), the ACLU obtained thousands of previously unreleased records showing how DHS agencies—including Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE)—are purchasing and accessing "huge volumes of people's cell phone location information quietly extracted from smartphone apps." These agencies are "sidestepping our Fourth Amendment right against unreasonable government searches and seizures," suggests the ACLU. In 2018, the U.S. Supreme Court held (in Carpenter v. United States) that under the Fourth Amendment, law enforcement must have a warrant before accessing a suspect's phone location data from cellular service providers. But federal authorities have been getting around this by purchasing aggregated cellphone location data from data broker firms like Venntel and Babel Street. And they're spending millions of taxpayer dollars doing it. This was first revealed by the Wall Street Journal back in 2020. The ACLU then set out to learn more, filing a Freedom of Information Act (FOIA) request and later suing to force DHS, ICE, and CBP to respond. "Although the litigation is ongoing, we are now making public the records that CBP, ICE, the U.S. Secret Service, the U.S. Coast Guard, and several offices within DHS Headquarters have provided us to date," the ACLU announced yesterday. Cellphone location data purchased by DHS is aggregated. It doesn't directly link the names or personal information of cellphone users to specific location data. But there's still a lot of privacy-infringing information that can be gleaned from such information, says the ACLU: In the documents we received over the past year, we found Venntel marketing materials sent to DHS explaining how the company collects more than 15 billion location points from over 250 million cell phones and other mobile devices every day. With this data, law enforcement can "identify devices observed at places of interest," and "identify repeat visitors, frequented locations, pinpoint known associates, and discover pattern of life," according to a Venntel marketing brochure. The documents belabor how precise and illuminating this data is, allowing "pattern of life analysis to identify persons of interest." By searching through this massive trove of location information at their whim, government investigators can identify and track specific individuals or everyone in a particular area, learning details of our private activities and associations.
Homeland Security records show 'shocking' use of phone data, ACLU says
Homeland Security records show 'shocking' use of phone data, ACLU says https://share.newsbreak.com/1gj8uwno In just three days in 2018, documents show that the CBP collected data from more than 113,000 locations from phones in the Southwestern United States — equivalent to more than 26 data points per minute — without obtaining a warrant. | Lindsay Whitehurst/AP Photo Updated: 07/18/2022 03:30 PM EDT The Trump administration’s immigration enforcers used mobile location data to track people’s movements on a larger scale than previously known, according to documents that raise new questions about federal agencies’ efforts to get around restrictions on warrantless searches. The data, harvested from apps on hundreds of millions of phones, allowed the Department of Homeland Security to obtain data on more than 336,000 location data points across North America, the documents show. Those data points may reference only a small portion of the information that CBP has obtained.These data points came from all over the continent, including in major cities like Los Angeles, New York, Chicago, Denver, Toronto and Mexico City. This location data use continued into the Biden administration, as Customs and Border Protection renewed a contract for $20,000 that ended in September 2021. The American Civil Liberties Union obtained the records from DHS through a lawsuit it filed in 2020 . It provided the documents to POLITICO and separately released them to the public on Monday . The documents highlight conversations and contracts between federal agencies and the surveillance companies Babel Street and Venntel. Venntel alone boasts that its database includes location information from more than 250 million devices. The documents also show agency staff having internal conversations about privacy concerns on using phone location data.
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking https://share.newsbreak.com/1gh2bhod "It’s no secret that U.S. government agencies have been obtaining and using location data collected by Americans’ smartphones. In early 2020, a Wall Street Journal report revealed that both Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) bought access to millions of smartphone users’ location data to track undocumented immigrants and suspected tax dodgers. "However, new documents obtained by the ACLU through an ongoing Freedom of Information Act (FOIA) lawsuit now reveal the extent of this warrantless data collection. The 6,000-plus records reviewed by the civil rights organization contained approximately 336,000 location points across North America obtained from people’s phones. They also reveal that in just three days in 2018, CBP obtained records containing around 113,654 location points in the southwestern United States — more than 26 location points per minute. "The bulk of the data that CBP obtained came from its contract with Venntel, a location data broker that aggregates and sells information quietly siphoned from smartphone apps. By purchasing this data from data brokers, officials are sidestepping the legal process government officials would typically need to go through in order to access cell phone data. "Documents also detail the government agencies’ efforts to rationalize their actions. For example, cell phone location data is characterized as containing no personally identifying information (PII) in the records obtained by ACLU, despite enabling officials to track specific individuals or everyone in a particular area. Similarly, the records also claim that this data is “100 percent opt-in” and that cell phone users “voluntarily” share the location information. But many don’t realize that apps installed on their phones are collecting GPS information, let alone share that data with the government.
Ghacks: Facebook has started to encrypt links to counter privacy-improving URL Stripping
Ghacks: Facebook has started to encrypt links to counter privacy-improving URL Stripping. https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/ Facebook has started to encrypt links to counter privacy-improving URL Stripping MARTIN BRINKMANN Jul 17, 2022Facebook | 10 Facebook has started to use a different URL scheme for site links to combat URL stripping technologies that browsers such as Firefox or Brave use to improve privacy and prevent user tracking. Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser's Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well.
BleepingComputer: Tor Browser now bypasses internet censorship automatically
BleepingComputer: Tor Browser now bypasses internet censorship automatically. https://www.bleepingcomputer.com/news/security/tor-browser-now-bypasses-internet-censorship-automatically/ The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. The Tor Browser has been created specifically for accessing sites through The Onion Router (Tor) network to offer users anonymity and privacy when accessing information on the internet.It achieves this by routing traffic through nodes on the network and encrypting it at every step. The connection reaches the destination through an exit node that is used to relay the information back to the user. Auto block bypassing The updates in Tor Browser 11.5 focus on circumventing censorship, a process that started a year ago in version 10.5 with improving the Tor connection experience. In the new version, users no longer have to manually try out bridge configurations to unblock Tor. Tor Browser version 11.5 comes with a new feature called “Connection Assist”, which assigns automatically the bridge configuration known to work best for the user’s location. “Connection Assist works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent),” explains the release announcement.
DARKReading: Fake Google Software Updates Spread New Ransomware
DARKReading: Fake Google Software Updates Spread New Ransomware. https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-software-update-to-distribute-new-ransomware Fake Google Software Updates Spread New Ransomware "HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.Jai VijayanContributing Writer, Dark ReadingJuly 11, 2022 actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems.The latest example is "HavanaCrypt," a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware's command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro. Also notable, according to the researchers, is HavanaCrypt's many techniques for checking if it is running in a virtual environment; the malware's use of code from open source key manager KeePass Password Safe during encryption; and its use of a .Net function called "QueueUserWorkItem" to speed up encryption. Trend Micro notes that the malware is likely a work-in-progress because it does not drop a ransom note on infected systems.
Ars Technica: New working speculative execution attack sends Intel and AMD scrambling
Ars Technica: New working speculative execution attack sends Intel and AMD scrambling. https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/ Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability. Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, including one known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they’re about to receive and automatically execute it before the prediction is confirmed. Spculative execution attacks works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled. Is it a trampoline or a slingshot? Retpoline works by using a series of return operations to isolate indirect branches from speculative execution attacks, in effect erecting the software equivalent of a trampoline that causes them to safely bounce. Stated differently, a retpoline works by replacing indirect jumps and calls with returns, which many researchers presumed weren’t susceptible. The defense was designed to counter variant 2 of the original speculative execution attacks from January 2018. Abbreviated as BTI, the variant forces an indirect branch to execute so-called “gadget” code, which in turn creates data to leak through a side channel. Some researchers have warned for years that retpoline isn’t sufficient to mitigate speculative execution attacks because the returns retpoline used were susceptible to BTI. Linux creator Linus Torvalds famously rejected such warnings, arguing that such exploits weren’t practical.
Hackaday: Why You Should Totally Roll Your Own AES Cryptography
Hackaday: Why You Should Totally Roll Your Own AES Cryptography. https://hackaday.com/2022/07/11/why-you-should-totally-roll-your-own-aes-cryptography/ WHY YOU SHOULD TOTALLY ROLL YOUR OWN AES CRYPTOGRAPHY 24 Comments - by: Maya PoschJuly 11, 2022 - - - - - Software developers are usually told to ‘never write your own cryptography’, and there definitely are sufficient examples to be found in the past decades of cases where DIY crypto routines caused real damage. This is also the introduction to [Francis Stokes]’s article on rolling your own crypto system. Even if you understand the mathematics behind a cryptographic system like AES (symmetric encryption), assumptions made by your code, along with side-channel and many other types of attacks, can nullify your efforts. So then why write an article on doing exactly what you’re told not to do? This is contained in the often forgotten addendum to ‘don’t roll your own crypto’, which is ‘for anything important’. [Francis]’s tutorial on how to implement AES is incredibly informative as an introduction to symmetric key cryptography for software developers, and demonstrates a number of obvious weaknesses users of an AES library may not be aware of. This then shows the reason why any developer who uses cryptography in some fashion for anything should absolutely roll their own crypto: to take a peek inside what is usually a library’s black box, and to better understand how the mathematical principles behind AES are translated into a real-world system. Additionally it may be very instructive if your goal is to become a security researcher whose day job is to find the flaws in these systems. Essentially: definitely do try this at home, just keep your DIY crypto away from production servers :)
SciTechDaily: MIT Quantum Sensor Can Detect Electromagnetic Signals of Any Frequency
SciTechDaily: MIT Quantum Sensor Can Detect Electromagnetic Signals of Any Frequency. https://scitechdaily.com/mit-quantum-sensor-can-detect-electromagnetic-signals-of-any-frequency/ MIT engineers expand the capabilities of these ultrasensitive nanoscale detectors, with potential uses for biological sensing and quantum computing. With the ability to detect the most minute variations in magnetic or electrical fields, quantum sensors have enabled precision measurements in materials science and fundamental physics. However, these sensors have limited usefulness because they are only been capable of detecting a few specific frequencies of these fields. Now, MIT researchers have developed a method to enable such sensors to detect any arbitrary frequency, with no loss of their ability to measure nanometer-scale features. The new method is described in a paper published in the journal Physical Review X by graduate student Guoqing Wang, professor of nuclear science and engineering and of physics Paola Cappellaro, and four others at MIT and Lincoln Laboratory. The team has already applied for patent protection for the new method. Although quantum sensors can take many forms, at their essence they’re systems in which some particles are in such a delicately balanced state that they are affected by even tiny variations in the fields they are exposed to. These can take the form of neutral atoms, trapped ions, and solid-state spins, and research using such sensors has grown rapidly. For example, physicists use them to investigate exotic states of matter, including so-called time crystals and topological phases, while other scientists use them to characterize practical devices such as experimental quantum memory or computation devices. However, many other phenomena of interest span a much broader frequency range than today’s quantum sensors can detect.
Hackaday: Lift The Veil On RSA With This RSA Calculator
Hackaday: Lift The Veil On RSA With This RSA Calculator. https://hackaday.com/2022/07/08/lift-the-veil-on-rsa-with-this-rsa-calculator/ Encryption algorithms can be intimidating to approach, what’s with all the math involved. However, once you start digging into them, you can break the math apart into smaller steps, and get a feel of what goes into encryption being the modern-day magic we take for granted. Today, [Henry Schmale] writes to us about his small contribution to making cryptography easier to understand – lifting the veil on the RSA asymmetric encryption technique through an RSA calculator. With [Henry]’s calculator, you can only encrypt and decrypt a single integer, but you’re able to view each individual step of an RSA calculation as you do so. If you want to understand what makes RSA and other similar algorithms tick, this site is an excellent starting point. Now, this is not something you should use when roll your crypto implementations – as cryptographers say in unison, writing your own crypto from scratch is extremely inadvisable. [Henry] does say that this calculator could be useful for CTF players, for instance, but it’s also undeniably an accessible learning tool for any hacker out there wishing to understand what goes on under the wraps of the libraries we use. In modern day, cryptography is instrumental to protecting our freedoms, and it’s a joy to see people work towards explaining the algorithms used. The cryptography tools we use day-to-day are also highly valuable targets for governments and intelligence agencies, willing to go to great lengths to subvert our communication security – so it’s even more important that we get acquianted with the tools that protect us. After all, it only takes a piece of paper to encrypt your communications with someone.
Tom's Hardware: U.S. Wants China's SMIC to Stop Making 14nm Chips
Tom's Hardware: U.S. Wants China's SMIC to Stop Making 14nm Chips. https://www.tomshardware.com/news/us-wants-china-smic-to-stop-making-14nm-chips When the U.S. Department of Commerce (DOC) restricted access of China's largest contract chipmaker Semiconductor Manufacturing International Corp. (SMIC) to fab equipment used to make10nm-class chips, it was considered a tough but not too severe move. Now the U.S. government is mulling restricting China from producing logic chips using a 14nm-class fabrication process. The DOC is examining the possibility of prohibiting the exportation of chipmaking tools to companies in China that can make logic chips using 14nm-class manufacturing nodes and thinner, according to a Reuters report that cites five people familiar with the matter. The only company in China currently producing chips using its 14nm fabrication process is SMIC, which has been doing so since late 2019. What is not completely clear from the report is whether the DOC wants to ban SMIC from getting tools used to make semiconductors on its 14nm node and thinner, or if it wants to ban SMIC from getting any tools at all because it is capable of making chips using its 14nm technology.
Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing data
Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing data https://share.newsbreak.com/1f0rpzek Uber bosses told staff to use ‘kill switch’ during raids to stop police seeing data By Rob Davies and Simon Goodley, 5 hrs agoThe GuardianFollow Senior executives at Uber ordered the use of a “kill switch” to prevent police and regulators from accessing sensitive data during raids on its offices in at least six countries, leaked files reveal. The instructions to block authorities from accessing its IT systems were part of a sophisticated global operation by the Silicon Valley company to thwart law enforcement. The Uber files, a cache of confidential company data leaked to the Guardian, reveal how the company deployed its kill switch at least 12 times in France, the Netherlands, Belgium, India, Hungary and Romania. The Uber files is a global investigation based on a trove of 124,000 documents that were leaked to the Guardian. The data consist of emails, iMessages and WhatsApp exchanges between the Silicon Valley giant's most senior executives, as well as memos, presentations, notebooks, briefing papers and invoices. The leaked records cover 40 countries and span 2013 to 2017, the period in which Uber was aggressively expanding across the world. They reveal how the company broke the law, duped police and regulators, exploited violence against drivers and secretly lobbied governments across the world. To facilitate a global investigation in the public interest, the Guardian shared the data with 180 journalists in 29 countries via the International Consortium of Investigative Journalists (ICIJ). The investigation was managed and led by the Guardian with the ICIJ. In a statement , Uber said: "We have not and will not make excuses for past behaviour that is clearly not in line with our present values. Instead, we ask the public to judge us by what we’ve done over the last five years and what we will do in the years to come."
In era of transparency, Arizona law limits filming police
In era of transparency, Arizona law limits filming police https://share.newsbreak.com/1epq2b9e PHOENIX (AP) — Arizona’s governor has signed a law that restricts how the public can video police at a time when there’s growing pressure across the U.S. for greater law enforcement transparency. Civil rights and media groups opposed the measure that Republican Gov. Doug Ducey signed Thursday. The law makes it illegal in Arizona to knowingly video police officers 8 feet (2.5 meters) or closer without an officer’s permission.Someone on private property with the owner’s consent can also be ordered to stop recording if a police officer finds they are interfering or the area is not safe. The penalty is a misdemeanor that would likely incur a fine without jail time. There needs to be a law that protects officers from people who “either have very poor judgment or sinister motives,” said Republican Rep. John Kavanagh, the bill’s sponsor. “I’m pleased that a very reasonable law that promotes the safety of police officers and those involved in police stops and bystanders has been signed into law,” Kavanagh said Friday. “It promotes everybody’s safety yet still allows people to reasonably videotape police activity as is their right.” The move comes nearly a year after the U.S. Department of Justice launched a widespread probe into the police force in Phoenix to examine whether officers have been using excessive force and abusing people experiencing homelessness. It’s similar to other investigations opened in recent months in Minneapolis and Louisville.
IBM’s 3D chip stacking process could revive a famous rule on computing power
IBM’s 3D chip stacking process could revive a famous rule on computing power https://share.newsbreak.com/1epjejbm IBM Research and Tokyo Electron (TEL) collaborated on a new breakthrough in 3D chipmaking that uses a novel method to keep Moore's Law in motion. The two companies partnered on a chipmaking innovation that simplifies the process for producing wafers with 3D chip stacking technology, a press statement reveals. They announced that they successfully implemented the new process for producing 300 mm silicon chip wafers for 3D chip stacking technology. It is the world's first 300 mm level example of this technology.New chip-stacking process uses laser invisible to silicon Chip stacking typically requires vertical connections between layers of silicon, called through-silicon vias (TSVs). The layers are usually extremely thin, having a thickness of less than 100 microns. During the production process, each of these wafers is attached to a carrier wafer, which is usually made of glass that is temporarily bonded to the silicon. Once the wafer is processed, the glass carrier is then removed from the silicon with the use of ultraviolet lasers. IBM and TEL's new process uses a 300 mm module with an infrared laser that carries out a debonding process. This process is transparent to silicon, meaning it allows standard silicon wafers to be used instead of glass wafers for the carrier. This means that silicon wafers can be bonded to other pieces of silicon, meaning glass carriers are no longer necessary in the manufacturing process.
End-to-end encryption’s central role in modern self-defense – Ars Technica
https://www.wired.com/story/end-to-end-encryption-abortion-privacy/ A number of course-altering US Supreme Court decisions last month—including the reversal of a constitutional right to abortion and the overturning of a century-old limit on certain firearms permits—have activists and average Americans around the country anticipating the fallout for rights and privacy as abortion “trigger laws,” expanded access to concealed carry permits, and other regulations are expected to take effect in some states. And as people seeking abortions scramble to protect their digital privacy and researchers plumb the relationship between abortion speech and tech regulations, encryption proponents have a clear message: Access to end-to-end encrypted services in the US is more important than ever. Studies, including those commissioned by tech giants like Meta, have repeatedly and definitively shown that access to encrypted communications is a human rights issue in the digital age. End-to-end encryption makes your messages, phone calls, and video chats unintelligible everywhere except on the devices involved in the conversations, so snoops and interlopers can’t access what you’re saying—and neither can the company that offers the platform. As the legal climate in the US evolves, people who once thought they had nothing to hide may realize that era is now over.
FBI and M15 issue rare joint warning for all iPhone and Android users over growing China cybersecurity attacks
FBI and M15 issue rare joint warning for all iPhone and Android users over growing China cybersecurity attacks https://share.newsbreak.com/1ejnpwln "DIRECTORS from the top intelligence agencies representing the United States and the United Kingdom have appeared together to make a forceful statement. "Statements indicate Western intelligence agencies are suspicious of potential cybercrime and espionage operations orchestrated by China. MI5 Director General Ken McCallum and FBI Director Christopher Wray appeared together Credit: PAChinese President Xi Jinping had term limits scrapped so he could remain in power Credit: Alamy Live News “Today is the first time the heads of the FBI and MI5 have shared a public platform,” MI5 general director Ken McCallum told reporters from the podium at the MI5 headquarters in London. “We’re doing so to send the clearest signal we can on a massive shared challenge: China.” The joint appearance denounced activity in China that could negatively impact the global economy.
Ars Technica: The cryptopocalypse is nigh! NIST rolls out new encryption standards to prepare
Ars Technica: The cryptopocalypse is nigh! NIST rolls out new encryption standards to prepare. https://arstechnica.com/information-technology/2022/07/nist-selects-quantum-proof-algorithms-to-head-off-the-coming-cryptopocalypse/ In the not-too-distant future—as little as a decade, perhaps, nobody knows exactly how long—the cryptography protecting your bank transactions, chat messages, and medical records from prying eyes is going to break spectacularly with the advent of quantum computing. On Tuesday, a US government agency named four replacement encryption schemes to head off this cryptopocalypse. Some of the most widely used public-key encryption systems—including those using the RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman algorithms—rely on mathematics to protect sensitive data. These mathematical problems include (1) factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q) and (2) computing the discrete logarithm that key is based on.
US general says Elon Musk's Starlink has 'totally destroyed Putin's information campaign'
US general says Elon Musk's Starlink has 'totally destroyed Putin's information campaign' https://share.newsbreak.com/1e7p372p - US Brigadier General Steven Butow said Starlink has "destroyed Putin's information campaign." - The internet service helped organize attacks and kept soldiers in touch with family, per Politico. - SpaceX CEO Elon Musk sent over the first Starlink terminals within days of Russia's invasion. Starlink, the satellite-internet service from SpaceX, has been crucial part of Ukraine's defense against Russia, according to a US official and Ukrainian military members.From sending coordinates for artillery strikes against Russia to broadcasting Ukraine President Volodymyr Zelenskyy's speeches across the world, US Brigadier General Steven Butow told Politico that SpaceX's Starlink services have been indispensable to the Ukrainian military. The general has worked closely with SpaceX as the director of the space portfolio at the defense innovation unit. "The strategic impact is, it totally destroyed [Vladimir] Putin's information campaign," Butow told the publication. "He never, to this day, has been able to silence Zelenskyy." Starlink's capabilities are put to the test on a daily basis by Ukrainian soldiers. Politico reported that the satellite dish is used to plan missions and fight misinformation from Russia, as well as keep soldiers in touch with their family and provide a source of leisure activity during down times.
Drug smuggling: Underwater drones seized by Spanish police
Drug smuggling: Underwater drones seized by Spanish police - https://www.bbc.co.uk/news/world-europe-62040790 Jim Bell's comment:I actually thought of this 30+ years ago, unmanned, underwater smuggling drones, but I made no attempt to implement this. At that time, GPS was very new, solar cells were weak and relatively ineffective. I also figured that it could be an interesting hobby, minus the drugs of course. Whether this could get through the plastic trash, and 'ghost nets' I don't know.
IEEE Spectrum: Quantum Computing for Dummies
IEEE Spectrum: Quantum Computing for Dummies. https://spectrum.ieee.org/quantum-computing-for-dummies Quantum computers may one day rapidly find solutions to problems no regular computer might ever hope to solve, but there are vanishingly few quantum programmers when compared with the number of conventional programmers in the world. Now a new beginner's guide aims to walk would-be quantum programmers through the implementation of quantum algorithms over the cloud on IBM's publicly available quantum computers. Whereas classical computers switch transistors either on or off to symbolize data as ones or zeroes, quantum computers use quantum bits, or "qubits," which because of the peculiar nature of quantum physics can exist in a state called superposition where they are both 1 and 0 at the same time. This essentially lets each qubit perform two calculations at once. The more qubits are quantum-mechanically linked, or entangled (see our explainer), within a quantum computer, the greater its computational power can grow, in an exponential fashion. Currently quantum computers are noisy intermediate-scale quantum (NISQ) platforms, meaning their qubits number up to a few hundred at most and are error-ridden as well. Still, quantum processors are widely expected to grow in terms of qubit count and quality, with the aim of achieving a quantum advantage that enables them to find the answers to problems no classical computers could ever solve. Although the field of quantum programming started in the 1990s, it has to date only drawn a small community. "Programming quantum computers may seem like a great challenge, requiring years of training in quantum mechanics and related disciplines," says the guide's senior author Andrey Lokhov, a theoretical physicist at Los Alamos National Laboratory in New Mexico. "Additionally, the field is dominated by physics and algebraic notations that at times present unnecessary entry barriers for mainstream computer and mathematically trained scientists." Now, with their new guide, Lokhov and his colleagues hope their new guide will help pave the way "for the upcoming quantum computing revolution," he says. "We believe that our guide fills a missing space in the field of quantum computation, introducing non-expert computer scientists, physicists, and engineers to quantum algorithms and their implementations on real-world quantum computers." The new guide explains the basics of quantum computing and quantum programming, including quantum algorithms. "Very much like how classical algorithms describe a sequence of instructions that need to be executed on a classical computer, a quantum algorithm represents a step-by-step procedure, where each of the steps needs to be performed on a quantum computer," Lokhov says. "However, the term 'quantum algorithm' is usually reserved for algorithms that contain inherently quantum operations, such as quantum superposition or quantum entanglement, which turn out to be computationally powerful."
BBC News: Julian Assange submits High Court appeal to fight extradition
Julian Assange submits High Court appeal to fight extradition - https://www.bbc.co.uk/news/uk-62008245
Prosecutions against abortion providers could utilize 'mass surveillance,' experts warn
https://news.yahoo.com/prosecutors-states-where-abortion-now-231745604.html As the U.S. enters an era of diminished reproductive rights following the Supreme Court ruling that overturned Roe v. Wade, a path has been cleared for at least 13 states — those with “trigger laws” — to begin penalizing and prosecuting people who violate abortion bans. Bans are already in effect in Kentucky, Louisiana, South Dakota and Missouri, with at least nine other states expected to follow suit in days. While penalties vary, those states all now have laws that would charge abortion providers with some class of felony, with punishments that include fines, prison time and revocation of medical licenses. Some legal experts fear that prosecutors will use intimate pieces of evidence, such as text messages, internet search history and period tracking apps to build their cases, as well as, perhaps, information gathered from medical professionals. And, though states with abortion bans have focused punishment on the providers and not those seeking or self-managing an abortion, women will still be in the line of fire, said Farah Diaz-Tello, senior counsel and legal director of If/When/How, a reproductive justice group.
Engadget: Google warns internet service providers helped distribute Hermit spyware
Engadget: Google warns internet service providers helped distribute Hermit spyware. https://www.engadget.com/google-hermit-spyware-204549595.html?src=rss Google is warning of a sophisticated new spyware campaign that has seen malicious actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. On Thursday, the company’s Threat Analysis Group (TAG) shared its findings on RCS Labs, a commercial spyware vendor based out of Italy. On June 16th, security researchers at Lookout linked the firm to Hermit, a spyware program believed to have been first deployed in 2019 by Italian authorities as part of an anti-corruption operation. Lookout describes RCS Labs as an NSO Group-like entity. The firm markets itself as a “lawful intercept” business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely thanks to governments using the Pegasus spyware to target activists and journalists. According to Google, Hermit can infect both Android and iOS devices. In some instances, the company’s researchers observed malicious actors work with their target’s internet service provider to disable their data connection. They would then send the target an SMS message with a prompt to download the linked software to restore their internet connection. If that wasn’t an option, the bad actors attempted to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram. What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons Lookout observed allowed the program to steal data from the target’s calendar and address book apps, as well as take pictures with their phone’s camera. One module even gave the spyware the capability to root an Android device. Google believes Hermit never made its way to the Play or App stores. However, the company found evidence that bad actors were able to distribute the spyware on iOS by enrolling in Apple’s Developer Enterprise Program. Apple told The Verge that it has since blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.
TechCrunch: Google is notifying Android users targeted by Hermit government-grade spyware
TechCrunch: Google is notifying Android users targeted by Hermit government-grade spyware. https://techcrunch.com/2022/06/23/hermit-zero-day-android-spyware/ Image Credits: Bryce Durbin / TechCrunch Security researchers at Lookout recently tied a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software house RCS Lab. Now, Google threat researchers have confirmed much of Lookout’s findings and are notifying Android users whose devices were compromised by the spyware. Hermit is a commercial spyware known to be used by governments, with victims in Kazakhstan and Italy, according to Lookout and Google. Lookout says it’s also seen the spyware deployed in northern Syria. The spyware uses various modules, which it downloads from its command and control servers as they are needed, to collect call logs, record ambient audio, redirect phone calls and collect photos, messages, emails and the device’s precise location from a victim’s device. Lookout said in its analysis that Hermit, which works on all Android versions, also tries to root an infected Android device, granting the spyware even deeper access to the victim’s data. Lookout said that targeted victims are sent a malicious link by text message and tricked into downloading and installing the malicious app — which masquerades as a legitimate branded telco or messaging app — from outside of the app store. According to a new blog post published Thursday and shared with TechCrunch ahead of its publication, Google said it found evidence that in some cases the government actors in control of the spyware worked with the target’s internet provider to cut their mobile data connectivity, likely as a lure to trick the target into downloading an telco-themed app under the guise of restoring connectivity.
$100 million worth of crypto has been stolen in another major hack
$100 million worth of crypto has been stolen in another major hack https://share.newsbreak.com/1c424ehk " $100 million worth of crypto has been stolen in another major hack PUBLISHED FRI, JUN 24 2022 6:38 AM EDTUPDATED FRI, JUN 24 2022 9:28 AM EDTRyan Browne@RYAN_BROWNE_WATCH LIVEKEY POINTS - Hackers have stolen $100 million in cryptocurrency from Horizon, a so-called blockchain bridge developed by crypto start-up Harmony. - Bridges allow users to transfer tokens from one blockchain to another. They've become a prime target for hackers due to vulnerabilities in their underlying code. - It follows a series of similar attacks on blockchain bridges, including the $600 million Ronin Network heist and the $320 million stolen from Wormhole.
U.S. Tech Industry Frets About Handing Data to States Prosecuting Abortion
U.S. Tech Industry Frets About Handing Data to States Prosecuting Abortion https://share.newsbreak.com/1c3uo905
A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever Quantum Circuit
A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever Quantum Circuit https://share.newsbreak.com/1bul2vlo A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever Quantum Circuit ScienceAlert - 2 days agoAustralian scientists have created the world's first-ever quantum computer circuit – one that contains all the essential components found on a classical computer chip but at the quantum scale. The landmark discovery, published in Nature today, was nine years in the making. "This is the most exciting discovery of my career," senior author and quantum physicist Michelle Simmons, founder of Silicon Quantum Computing and director of the Center of Excellence for Quantum Computation and Communication Technology at UNSW told ScienceAlert. Not only did Simmons and her team create what's essentially a functional quantum processor, they also successfully tested it by modeling a small molecule in which each atom has multiple quantum states – something a traditional computer would struggle to achieve. This suggests we're now a step closer to finally using quantum processing power to understand more about the world around us, even at the tiniest scale. "In the 1950s, Richard Feynman said we're never going to understand how the world works – how nature works – unless we can actually start to make it at the same scale," Simmons told ScienceAlert. "If we can start to understand materials at that level, we can design things that have never been made before.
Mega says it can’t decrypt your files. New POC exploit shows otherwise – Ars Technica
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/ "In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. "On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not.Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). "Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service. A decade of assurances negated "Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data. "We show that MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files," the researchers wrote on a website. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks, showcasing their practicality and exploitability."
This 1.5TB microSD is surely witchcraft
This 1.5TB microSD is surely witchcraft https://share.newsbreak.com/1bhubzb6
Kentucky court rules police violated robbery suspect’s rights by pulling from his cellphone without warrant
Kentucky court rules police violated robbery suspect’s rights by pulling from his cellphone without warrant https://share.newsbreak.com/1b052vco A sharply divided Kentucky Supreme Court ruled Thursday that police violated a robbery suspect’s constitutional protections by accessing his cellphone without a warrant, calling use of the phone as a tracking device “profoundly invasive.” In the 4-3 decision, the court’s majority said the robbery suspect was subjected to a warrantless search when police obtained his real-time cellphone location information. They ruled that the information was illegally acquired and should be excluded from evidence.At issue was whether there’s a “reasonable expectation of privacy” regarding a person’s real-time cell-site location information, also known as CSLI, under federal Fourth Amendment protections against unreasonable searches and seizures. Such information can be used to determine a cellphone’s location with “near perfect accuracy” when the phone is powered on, the court noted. “In obtaining an individual’s cell phone’s real-time CSLI, police commandeer the cell phone and its transmissions for the purpose of locating that individual,” Chief Justice John D. Minton Jr. said in writing for the majority. “We find this usurpation of an individual’s private property profoundly invasive, and we liken it to a technological trespass.” The ruling stems from a case in Kentucky’s Woodford County involving robbery suspect Dovontia Reed. One of his attorneys hailed it a far-reaching victory for civil liberties.
Hertzbleed Is A New CPU Hack Affecting Just About Everybody
Jim Bell's note: In late 1977, I built a single board microprocessor trainer called a Dyna-Micro. https://www.google.com/search?q=%22dyna+micro%22&oq=%22dyna+micro%22&aqs=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16&client=ms-android-motorola-rvo3&sourceid=chrome-mobile&ie=UTF-8#imgrc=TPvWtUel0XoNkM At the time, I noticed that if I turned on the AM radio, running the computer caused varying bleeps and bloops to be received. Probably then and before, owners of primitive PCs like Altair noticed the same thing. A few years later, I first heard of the idea called tempest, the practice of shielding computers to avoid transmitting information by radio. Even later, in the early 2000s, I read a (even then, old) book by ex MI-5 person Peter wright, called Spycatcher, that described how they could remotely determine what radio station a radio was receiving, by detecting its local oscillator's frequency. So-called heterodyne radios work by generating a local oscillator frequency, then nonlinearly mixing that with the signal from the antenna, and then filtering the difference through an IF (intermediate frequency) filter. https://www.google.com/search?q=%22dyna+micro%22&oq=%22dyna+micro%22&aqs=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16&client=ms-android-motorola-rvo3&sourceid=chrome-mobile&ie=UTF-8#imgrc=TPvWtUel0XoNkM >From that: 'Wright examines the techniques of intelligence services, exposes their ethics, notably their "eleventh commandment", "Thou shalt not get caught." He described many MI5 electronic technologies (some of which he developed), for instance, allowing clever spying into rooms, and identifying the frequency to which a superhet receiver is tuned. " ---HertzBleed Is A New CPU Hack Affecting Just About Everybody https://share.newsbreak.com/1ay58kwf Unlike more traditional ways to hack information, side-channel attacks rely on these signatures to try to infer what information was being processed. You can think of it kind of like guessing your presents before your actual birthday: a stereotypical “hacker” would think of ever-more sneaky ways to simply open the wrapping paper, but someone using a side-channel attack would be giving it a shake, feeling the edges, and estimating the weight. Hertzbleed is not by any means the first such attack to be discovered – side-channel attacks have been around for more than two decades at this point – it has a few extra capabilities that haven’t been seen before. It can be deployed remotely, making it much easier to use than previous side-channel attacks, and it also works on “constant time” mechanisms – that is, code specifically designed to eliminate one of the biggest clues for a would-be hacker, the length of time a process takes to complete. And the really bad news is, you’re almost certainly affected. Certainly, all Intel processors are susceptible to Hertzbleed, as are dozens of AMD chips. And even if your personal computer, laptop, tablet or phone doesn’t use those affected processors, thousands of servers across the planet do – servers which, as a matter of course, store your data, process your information, and run the services we depend on every day.
New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs
https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html "A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. "Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip. "The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second)," the researchers said.
Chinese hackers attack sophos
https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html " sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report. "These attacks aimed to further breach cloud-hosted web servers hosting the organization's public-facing websites." The zero-day flaw in question is tracked as CVE-2022-1040 (CVSS score: 9.8), and concerns an authentication bypass vulnerability that can be weaponized to execute arbitrary code remotely. It affects Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier."
Nearly half of Democrat men under 50 approve of assassinating politicians
The Overton Window has moved.https://en.wikipedia.org/wiki/Overton_window?wprov=sfla1 -- Nearly half of Democrat men under 50 approve of assassinating politicians https://share.newsbreak.com/1aj5jtrh "A new poll last week found that voters who identified as Democrats were more likely than voters who identified as Republicans to support political violence, including assassinating politicians they deem to be a threat." "The poll, conducted by the left-wing Southern Poverty Law Center (SPLC) and published June 1, found that 44 percent of Democrat men under the age of 50 said they “approve” of assassinating a politician “who is harming our country or democracy.” Republican women under 50 were the group with the second-highest approval for assassinating politicians, with 40 percent approving of such behavior."
Dark web drug dealer jailed over cryptocurrency millions
Dark web drug dealer jailed over cryptocurrency millions https://share.newsbreak.com/1ai5nepi
Quantum Computer Programming for Dummies
Quantum Computer Programming for Dummies https://share.newsbreak.com/1af4b2r1 Newswise — LOS ALAMOS, N.M., June 14, 2022—For would-be quantum programmers scratching their heads over how to jump into the game as quantum computers proliferate and become publicly accessible, a new beginner’s guide provides a thorough introduction to quantum algorithms and their implementation on existing hardware. “Writing quantum algorithms is radically different from writing classical computing programs and requires some understanding of quantum principles and the mathematics behind them,” said Andrey Y. Lokhov, a scientist at Los Alamos National Laboratory and lead author of the recently published guide in ACM Transactions on Quantum Computing. “Our guide helps quantum programmers get started in the field, which is bound to grow as more and more quantum computers with more and more qubits become commonplace.” In succinct, stand-alone sections, the guide surveys 20 quantum algorithms—including famous, foundational quantum algorithms, such as Grover’s Algorithm for database searching and much more, and Shor’s Algorithm for factoring integers. Making the real-world connection, the guide then walks programmers through implementing the algorithms on IBM’s publicly available 5-qubit IBMQX4 quantum computer and others. In each case, the authors discuss the results of the implementation and explain differences between the simulator and the actual hardware runs. “This article was the result of a rapid-response effort by the Information Science and Technology Institute at Los Alamos, where about 20 Lab staff members self-selected to learn about and implement a standard quantum algorithm on the IBM Q quantum system,” said Stephan Eidenbenz, a senior quantum computing scientist at Los Alamos, a coauthor of the article and director of ISTI when work on it began. The goal was to prepare the Los Alamos workforce for the quantum era by guiding those staff members with little or no quantum computing experience all the way through implementation of a quantum algorithm on a real-life quantum computer, Eidenbenz said. These staff members, in addition to a few students and well-established quantum experts, make up the long author list of this “crowd-sourced” overview article that has already been heavily cited, Eidenbenz said.
Hackers just launched the largest HTTPS DDoS attack in history
Hackers just launched the largest HTTPS DDoS attack in history https://share.newsbreak.com/1af1w5g5
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys https://share.newsbreak.com/1acrbteo Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding. Targeting DVFS The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely. The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose—or bleed out—data that's expected to remain private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs. The researchers have already shown how the exploit technique they developed can be used to extract an encryption key from a server running SIKE, a cryptographic algorithm used to establish a secret key between two parties over an otherwise insecure communications channel.
US Defense Official Credits Elon Musk's Starlink For Making It Impossible For Putin To Silence Ukraine
US Defense Official Credits Elon Musk's Starlink For Making It Impossible For Putin To Silence Ukraine https://share.newsbreak.com/19yxx0t4 Elon Musk's SpaceX-owned Starlink came in handy for Ukraine when the Eastern European country's war with Russia left it bereft of internet service. Ukraine sought for Starlink user terminals from Musk, and the latter promptly acceded. The Starlink satellite internet service has helped Ukraine, both its military and civilians, Politico said in a report. The service prevented Russia's efforts to cut Ukraine off from the outside world, the report added. Lauding Starlink's role Brigadier General Steve Butow, director of the space portfolio at the U.S. Defense Innovation Unit said, "The strategic impact is, it totally destroyed [Vladimir] Putin's information campaign," Politico said.
POLITICO: How DOJ took the malware fight into your computer
POLITICO: How DOJ took the malware fight into your computer. https://www.politico.com/news/2022/06/13/how-doj-took-the-malware-fight-into-your-computer-00038932 In the past year, federal prosecutors and FBI agents have increased their efforts to defeat botnets and contain malware outbreaks by directly removing malicious code from infected computers, without the knowledge or authorization of those computers’ owners. “We have gotten more comfortable, as a government, taking that step,” Adam Hickey, a deputy assistant attorney general for national security, said in an interview at the RSA cybersecurity conference in San Francisco. The latest example of this approach came in April, when U.S. authorities wiped malware off of hacked servers used to control a Russian intelligence agency’s botnet, preventing the botnet’s operators from sending instructions to the thousands of devices they had infected. A year earlier, the Justice Department used an even more expansive version of the same technique to send commands to hundreds of computers across the country that were running Microsoft’s Exchange email software, removing malware planted by Chinese government agents and other hackers. In both cases, federal prosecutors obtained court orders allowing them to access the infected devices and execute code that erased the malware. In their applications for these orders, prosecutors noted that government warnings to affected users had failed to fix the problems, thus necessitating more direct intervention.
'A Mass Invasion of Privacy' but No Penalties for Tim Hortons
https://news.yahoo.com/mass-invasion-privacy-no-penalties-151852739.html One way to figure out how deeply Tim Hortons is woven into Canada’s fabric is a cross-border comparison. If McDonald’s, perhaps its closest analogue in the Uni... __-- "The vector for Tim Hortons’ large-scale snooping, according to the report, was its mobile phone app, which was downloaded 10 million times in the three years following its introduction in 2017. At first, the app had typical retail functions involving payment, loyalty points and placing orders." "But the privacy commissioners found that in 2019, Tim Hortons slipped in a new feature. With the help of Radar, a geolocation software company based in the United States, it turned the GPS systems in customers’ phones into a corporate snooping tool. Many apps, of course, ask users for permission to access their phones’ GPS while they’re actively using the apps for potentially useful features like locating the nearest outlet of a store, bank or restaurant." "The Tim Hortons app, however, went far beyond that, tracking users around the clock anywhere in the world — even when the app was closed. It recorded not only their geographic location but also whether that location was a house, factory or office and, in many cases, the name of the building they were in. It even, according to the report, recorded whether they were popping into rival coffee shops. The continuous tracking took place despite users being told that they would only be tracked while using the app."
EXCLUSIVE: Crypto Traders Say Coinbase Refusing To Return Wrongly Deposited Funds Despite Having Access
EXCLUSIVE: Crypto Traders Say Coinbase Refusing To Return Wrongly Deposited Funds Despite Having Access https://share.newsbreak.com/19g5kr7n
Strong Showing for First Experimental RISC-V Supercomputer
https://www.nextplatform.com/2022/06/09/strong-showing-for-first-experimental-risc-v-supercomputer/ A European team of university students has cobbled together the first RISC-V supercomputer capable of showing balanced power consumption and performance. More importantly, it demonstrates a potential path forward for RISC-V in high performance computing and by proxy, another shot for Europe to shed total reliance on American chip technologies beyond Arm-driven architectures. The “Monte Cimone” cluster will not be crunching massive weather simulations or the like anytime soon since it’s just an experimental machine. That said, it does show that performance sacrifices for lower power envelopes aren’t necessarily as dramatic as many believe. The six-node cluster, built by folks at Università di Bologna and CINECA, the largest supercomputing center in Italy, was part of a broader student cluster competition to showcase various elements of HPC performance beyond just floating-point capability. The cluster-building team, called NotOnlyFLOPs, wanted to establish the power-performance profile of RISC-V when using SiFive’s Freedom U740 system-on-chip. That 2020-era SoC has five 64-bit RISC-V CPU cores – four U7 application cores and an S7 system management core – 2MB of L2 cache, gigabit Ethernet, and various peripheral and hardware controllers. It can run up to around 1.4GHz. Here’s a look at the components as well as feeds and speeds of Monte Cimone: - Six dual-board servers with a form factor of 4.44 cm (1U) high, 42.5 cm width, 40 cm deep. Each board follows the industry standard Mini-ITX form factor (170 mm per 170 mm); - Each board features one SiFive Freedom U740 SoC and 16GB of 64-bit DDR memory operating at 1866s MT/s, plus a PCIe Gen 3 x8 bus operating at 7.8 GB/s, one gigabit Ethernet port, and USB 3.2 Gen 1 interfaces; - Each node has an M.2 M-key expansion slot occupied by a 1TB NVME 2280 SSD used by the operating system. A microSD card is inserted in each board and used for UEFI booting; - Two 250 W power supplies are integrated inside each node to support the hardware and future PCIe accelerators and expansion board