Month: October 2017

Australian defense firm was hacked and F-35 data stolen, DOD confirms

F-35 Joint Program Office acknowledges breach, says no classified data was stolen.

Enlarge (credit: Royal Australian Air Force)

The Australian Cyber Security Centre noted in its just-issued 2017 Threat Report that a small Australian defense company "with contracting links to national security projects" had been the victim of a cyber-espionage attack detected last November. "ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data," the ACSC report stated. "The adversary remained active on the network at the time."

More details of the breach were revealed on Wednesday at an IT conference in Sydney. ASD Incident Response Manager Mitchell Clarke said, "The compromise was extensive and extreme." The attacker behind the breach has been internally referred to at the Australian Signals Directorate as "APT Alf" (named for a character in Australia's long-running television show Home and Away, not the US television furry alien). Alf stole approximately 30 gigabytes of data, including data related to Australia's involvement in the F-35 Joint Strike Fighter program, as well as data on the P-8 Poseidon patrol plane, planned future Australian Navy ships, the C-130 Hercules cargo plane, and the Joint Direct Attack Munition (JDAM) bomb. The breach began in July of 2016.

A spokesperson for the US Department of Defense's F-35 Joint Program Office confirmed the breach to Defense News, stating that the Office "is aware" of the breach. The spokesperson reiterated that no classified data was exposed.

Read 7 remaining paragraphs | Comments

Windows 10 is getting a Startup Settings menu

Your computer never seems to boot as quickly as it does on the day you first turn it on… because once you’re done installing a bunch of programs that insist on loading every time you reboot the computer, they tend to slow down the process. …

Your computer never seems to boot as quickly as it does on the day you first turn it on… because once you’re done installing a bunch of programs that insist on loading every time you reboot the computer, they tend to slow down the process. Microsoft has long offered a way to see which apps […]

Windows 10 is getting a Startup Settings menu is a post from: Liliputing

Tech Giants Protest Looming US Pirate Site Blocking Order

The CCIA, which represents global tech firms including Google, Facebook and Microsoft, is protesting a looming injunction that would require search engines, ISPs and hosting companies to stop linking to or offering services to several “pirate” sites. The injunction requested by — is overbroad, the tech giants warn.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

While domain seizures against pirate sites are relatively common in the United states, ISP and search engine blocking is not. This could change soon though.

In an ongoing case against Sci-Hub, regularly referred to as the “Pirate Bay of Science,” a magistrate judge in Virginia recently recommended a broad order which would require search engines and Internet providers to block the site.

The recommendation followed a request from the academic publisher American Chemical Society (ACS) that wants these third-party services to make the site in question inaccessible. While Sci-Hub has chosen not to defend itself, a group of tech giants has now stepped in to prevent the broad injunction from being issued.

This week the Computer & Communications Industry Association (CCIA), which includes members such as Cloudflare, Facebook, and Google, asked the court to limit the proposed measures. In an amicus curiae brief submitted to the Virginia District Court, they share their concerns.

“Here, Plaintiff is seeking—and the Magistrate Judge has recommended—a permanent injunction that would sweep in various Neutral Service Providers, despite their having violated no laws and having no connection to this case,” CCIA writes.

According to the tech companies, neutral service providers are not “in active concert or participation” with the defendant, and should, therefore, be excluded from the proposed order.

While search engines may index Sci-Hub and ISPs pass on packets from this site, they can’t be seen as “confederates” that are working together with them to violate the law, CCIA stresses.

“Plaintiff has failed to make a showing that any such provider had a contract with these Defendants or any direct contact with their activities—much less that all of the providers who would be swept up by the proposed injunction had such a connection.”

Even if one of the third party services could be found liable the matter should be resolved under the DMCA, which expressly prohibits such broad injunctions, the CCIA claims.

“The DMCA thus puts bedrock limits on the injunctions that can be imposed on qualifying providers if they are named as defendants and are held liable as infringers. Plaintiff here ignores that.

“What ACS seeks, in the posture of a permanent injunction against nonparties, goes beyond what Congress was willing to permit, even against service providers against whom an actual judgment of infringement has been entered.That request must be rejected.”

The tech companies hope the court will realize that the injunction recommended by the magistrate judge will set a dangerous precedent, which goes beyond what the law is intended for, so will impose limits in response to their concerns.

It will be interesting to see whether any copyright holder groups will also chime in, to argue the opposite.

CCIA’s full amicus curiae brief is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

After second bungle, IRS suspends Equifax’s “taxpayer identity” contract

During suspension, IRS says it will review “Equifax systems and security.”

Enlarge (credit: Bloomberg/Getty Images)

Last week we brought news that the Internal Revenue Service awarded a $7.2 million contract to Equifax to allow Equifax to "verify taxpayer identity." The contract was awarded days after Equifax announced it had exposed the personal data, including Social Security Numbers, of about 145 million people.

The tax-collecting agency is now temporarily suspending the contract because of another Equifax snafu. The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by just three of 65 antivirus providers. The development means that at least for now, taxpayers cannot open new Secure Access accounts with the IRS. Secure Access allows taxpayers to retrieve various online tax records and provides other "tax account tools" to those who have signed up.

An "alert" on the IRS website says the Secure Access service "is unavailable for new users at this time." The alert notes that taxpayers who already have an account can "continue the login process."

Read 6 remaining paragraphs | Comments

Pumping liquid metal at 1,400°C opens the door for better solar thermal systems

A ceramic pump can handle the heat; careful engineering prevents it from cracking.

Christopher Moore, Georgia Tech

Researchers from the Georgia Institute of Technology, Stanford, and Purdue University have built a ceramic mechanical pump that can move liquid metal as hot as 1,673K (that is, about 1,400 degrees Celsius). Usually, the temperature of liquid metals that you can pump tends to cap out at 1,300K (1,027 degrees Celsius) because there are few pump-building materials that will stay solid and chemically stable beyond that. Those materials that exist tend to crack or break quickly under the stress of such heat.

But this new pump, made of carefully engineered ceramic, could be good news for concentrated solar power, as well as accompanying thermal energy storage.

Read 9 remaining paragraphs | Comments

Pi-Top updates its modular, Raspberry Pi-powered laptop

Raspberry Pi’s single-board computers are surprisingly versatile devices that can be used for all sort of things ranging from desktop PCs to game consoles to smart speakers. Hackers have also been building Raspberry Pi-powered laptops for years, …

Raspberry Pi’s single-board computers are surprisingly versatile devices that can be used for all sort of things ranging from desktop PCs to game consoles to smart speakers. Hackers have also been building Raspberry Pi-powered laptops for years, and back in 2014 a UK-based team launched one of the more interesting versions, since the Pi-Top allowed […]

Pi-Top updates its modular, Raspberry Pi-powered laptop is a post from: Liliputing

1 GBit/s symmetrisch: Vodafone startet Glasfaserausbau in Düsseldorf

Bis zu 1 GBit/s symmetrisch hat Vodafone in Gewerbegebieten im Angebot. Zusammen mit der Deutschen Glasfaser sollen rund 100.000 Firmen versorgt werden. Auch der Preis für 1 GBit/s symmetrisch steht nun fest. (Vodafone, Glasfaser)

Bis zu 1 GBit/s symmetrisch hat Vodafone in Gewerbegebieten im Angebot. Zusammen mit der Deutschen Glasfaser sollen rund 100.000 Firmen versorgt werden. Auch der Preis für 1 GBit/s symmetrisch steht nun fest. (Vodafone, Glasfaser)

Solar World Challenge: Regen in Australien verdirbt Solarrennern den Spaß

Regen und das Knattern von Generatoren: Beim Rennen Solar World Challenge in Australien herrschen in diesem Jahr untypische Bedingungen. Ein deutsches Team darf sich Hoffnung auf eine gute Platzierung machen. Von Werner Pluta (Elektroauto, Technologie)

Regen und das Knattern von Generatoren: Beim Rennen Solar World Challenge in Australien herrschen in diesem Jahr untypische Bedingungen. Ein deutsches Team darf sich Hoffnung auf eine gute Platzierung machen. Von Werner Pluta (Elektroauto, Technologie)

5 things we learned from Waymo’s big self-driving car report

A 43-page safety report suggests Waymo is gearing up to release a product.

Enlarge (credit: Waymo)

Waymo just dropped a 43-page white paper called the Waymo Safety Report that provides a wealth of new details about Waymo's vision for the self-driving car product the company is getting ready to launch.

Officially, the document is a regulatory filing with the National Highway Traffic Safety Administration, which has encouraged—but not yet required—the makers of self-driving cars to file a report describing how they expect to deal with a variety of safety issues. But the document is also another part of the public education campaign the company has been running to convince Americans of the benefits of its technology.

It's fundamentally a marketing document rather than a technical one, so it leaves a lot of unanswered questions about exactly how Waymo's technology will work. Still, it provides a lot of new information—and publicly confirms a lot of rumors and educated guesswork—about how Waymo envisions the self-driving car product that Waymo could launch as soon as this year.

Read 28 remaining paragraphs | Comments

Vernetztes Fahren: Autoindustrie weiter scharf auf Wetter- und Staudaten

Die Debatte über die Datenhoheit beim vernetzten Fahren geht an der Automobilbranche völlig vorbei. Fast alle Firmen fordern weiterhin eine gesetzliche Verpflichtung zum Transfer von Wetter – und Staudaten. (Vernetztes Fahren, Bitkom)

Die Debatte über die Datenhoheit beim vernetzten Fahren geht an der Automobilbranche völlig vorbei. Fast alle Firmen fordern weiterhin eine gesetzliche Verpflichtung zum Transfer von Wetter - und Staudaten. (Vernetztes Fahren, Bitkom)