Month: November 2023

Enlarge (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Identity and authentication management provider Okta on Friday published an autopsy report on a recent breach that gave hackers administrative access to the Okta accounts of some of its customers. While the postmortem emphasizes the transgressions of an employee logging into a personal Google account on a work device, the biggest contributing factor was something the company understated: a badly configured service account.

In a post, Okta chief security officer David Bradbury said that the most likely way the threat actor behind the attack gained access to parts of his company’s customer support system was by first compromising an employee’s personal device or personal Google account and, from there, obtaining the username and password for a special form of account, known as a service account, used for connecting to the support segment of the Okta network. Once the threat actor had access, they could obtain administrative credentials for entering the Okta accounts belonging to 1Password, BeyondTrust, Cloudflare, and other Okta customers.

Passing the buck

“During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop,” Bradbury wrote. “The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.”

Enlarge / A Falcon 9 rocket lifts off from Cape Canaveral Space Force Station on Friday night. (credit: SpaceX)

CAPE CANAVERAL, Florida—In three-and-a-half years of service, one of SpaceX's reusable Falcon 9 boosters stands apart from the rest of the company's rocket inventory. This booster, designated with the serial number B1058, has now flown 18 times. For its maiden launch on May 30, 2020, the rocket propelled NASA astronauts Doug Hurley and Bob Behnken into the history books on SpaceX's first mission to send people into orbit.

This ended a nine-year gap in America's capability to launch astronauts into low-Earth orbit and was the first time a commercial spacecraft achieved this feat. At that time, the rocket was fresh from SpaceX's factory in Southern California, glistening white in color, with a bright red NASA "worm" logo emblazoned on the side.

Over the course of its flights to space and back, that white paint has darkened to a charcoal color. Soot from the rocket's exhaust has accumulated, bit by bit, on the 15-story-tall cylinder-shaped booster. The red NASA worm logo is now barely visible.

Enlarge / Starship is stacked and ready to fly, SpaceX says. (credit: SpaceX)

SpaceX announced on Friday that the company is targeting "mid-November" for the second flight test of the Super Heavy rocket and its Starship upper stage.

The company said the launch date is pending regulatory approval, which means that the Federal Aviation Administration and US Fish and Wildlife Service have yet to complete the environmental review process for the rocket and its launch site, which is surrounded by wetlands in South Texas.

Even so, the SpaceX announcement indicates that the company believes it may soon receive this regulatory approval. This is consistent with what sources have told Ars—that federal approval for the second launch of Starship is close to wrapping up.

Blizzard just held the opening keynote of its first in-person BlizzCon since 2019, announcing numerous updates to its various games and franchises. Among those was Diablo IV, which launched earlier this year. The big news for that game is that its first full expansion will launch in "late 2024."

The expansion will be titled Vessel of Hatred, and it will take players to a new, jungle-like region called Nahantu, which will be about the same size as any one of the five regions that shipped in the game initially. The story will take place right after the main game and will deal with Mephisto, the brother of Diablo and Baal.

The announcement was light on further details other than to note that a new class will be added to the game—specifically, one that has not been seen in any prior Diablo game. Some leaks a few days back suggested the new class could be called the Spiritborn, but nothing's certain on that front.

Enlarge / Sundrop is among the citrus soft drinks that still contains BVO. (credit: Sun Drop)

The Food and Drug Administration may finally ban a food additive used in citrusy drinks that the agency determined over 50 years ago could not be considered generally safe. The agency proposed a ban on the additive Thursday.

The additive is brominated vegetable oil (BVO), which is a flavoring emulsifier and stabilizer that has been used to keep citrus flavoring from separating and floating to the top of soft drinks since the 1920s. It was previously used in big brand-name beverages such as Mountain Dew and Gatorade but has been removed amid toxicity concerns in recent years. Since at least 2014, PepsiCo and Coca-Cola have been phasing out BVO from their drinks, though it can still be found in some store-brand sodas and regional drinks, including the citrus soda Sun Drop.

BVO is already banned in Europe, Japan, Australia, and New Zealand. In October of this year, California banned BVO, along with other problematic food additives, including red dye No. 3. (While reporting California's ban on red dye No. 3, Ars also reported that the FDA planned to ban BVO.)

Enlarge / A look at the Nvidia T234 that could be the basis for a scaled-down custom chip in the next Nintendo console. (credit: Nvidia / Imgur)

In recent months, the long-running speculation surrounding Nintendo's inevitable follow-up to the Switch has become more frequent and more specific, pointing to a release sometime in late 2024. Now, the pixel-counting boffins over at Digital Foundry have gone deep with some informed speculation on the system, dissecting leaked details on what they're convinced is the Nvidia chip Nintendo will be putting in their Switch follow-up.

That chip is the Nvidia T239, a scaled-down, custom variant of the Nvidia Orin T234 that is popular in the automotive and robotics markets. While Digital Foundry can't say definitively that this is the next Switch chip with "absolute 100 percent certainty," the website points to circumstantial links and references to the chip in a number of leaks, a recent Nvidia hack, LinkedIn posts from Nvidia employees, and Nvidia's own Linux distribution.

"From my perspective, the bottom line is that by a process of elimination, T239 is the best candidate for the processor at the heart of the new Nintendo machine," Digital Foundry's Richard Leadbetter writes. "With a mooted 2024 release date, there have been no convincing leaks whatsoever for any other processor that could find its way into the new Switch."