Anzeige: Certified Ethical Hacker (CEH) – Intensivkurs zum Zertifikat

Unternehmen weltweit stehen im Fokus von Cyberangriffen. Ein fünftägiger Deep-Dive-Workshop bereitet auf die Zertifizierung als Certified Ethical Hacker vor, CEH-Prüfung inklusive. (Golem Karrierewelt, Server-Applikationen)

Unternehmen weltweit stehen im Fokus von Cyberangriffen. Ein fünftägiger Deep-Dive-Workshop bereitet auf die Zertifizierung als Certified Ethical Hacker vor, CEH-Prüfung inklusive. (Golem Karrierewelt, Server-Applikationen)

Rocket delivered to launch site for first human flight to the Moon since 1972

We’re standing by for news on NASA’s decision on what to do about Orion’s heat shield.

Rocket delivered to launch site for first human flight to the Moon since 1972

Enlarge (credit: NASA/Isaac Watson)

The central piece of NASA's second Space Launch System rocket arrived at Kennedy Space Center in Florida this week. Agency officials intend to start stacking the towering launcher in the next couple of months for a mission late next year carrying a team of four astronauts around the Moon.

The Artemis II mission, officially scheduled for September 2025, will be the first voyage by humans to the vicinity of the Moon since the last Apollo lunar landing mission in 1972. NASA astronauts Reid Wiseman, Victor Glover, Christina Koch, and Canadian mission specialist Jeremy Hansen will ride the SLS rocket away from Earth, then fly around the far side of the Moon and return home inside NASA's Orion spacecraft.

"The core is the backbone of SLS, and it’s the backbone of the Artemis mission," said Matthew Ramsey, NASA's mission manager for Artemis II. "We’ve been waiting for the core to get here because all the integrated tests and checkouts that we do have to have the core stage. It has the flight avionics that drive the whole system. The boosters are also important, but the core is really the backbone for Artemis. So it’s a big day.”

Read 31 remaining paragraphs | Comments

If Z-Library Scam Did Deceive Millions, Exploiting a Lack of Research Was Ironic

If a new security report is correct, millions of people hoping to access Z-Library may have been lured to a phishing campaign instead. As we take a closer look at the report, which suggests that the personal details of millions could be at risk, the irony is unavoidable. Information on how to spot this scam is readily available, yet the scam itself relies on a steady stream of people eager to research on Z-Library, having done no research at all on the potential pitfalls.

From: TF, for the latest news on copyright battles, piracy and more.

scammerIn terms of general internet security, there are few things worse than reports of yet another potentially massive leak of personal information.

Whether due to incompetence or deception, the bottom line is often the same; exploitation of data at the expense of those to whom it relates, and a further undermining of online safety to the detriment of all.

A report published by Cybernews.com claims that a Z-Library related scam lured 10 million people to a look-a-like site, where their personal information was held for nefarious purposes.

Key Claims

TorrentFreak has not seen the allegedly exposed database, so it necessarily follows that we’re in no position to confirm or reject any claim of authenticity. However, the general circumstances are familiar to us so with that as background, we’re able to provide some additional context.

Cybernews says its researchers discovered the database exposed on Z-Library lookalike site, z-lib.is, on June 27, 2024. It describes z-lib.is as a “malicious clone of Z-Library” and claims that the exposed database contains “almost 10 million users’ data.” The specifics are reproduced below verbatim.

Threat actors accidentally leaked usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses of 9,761,948 users.

For many users, other data contains country codes, book requests, timestamps, comments, invoices, etc.

Researchers verified the validity of the data and confirmed that registered users were spammed with malicious links.

Researchers conclude with a high level of certainty that the data is authentic and filled out by users themselves

Z-Lib.is Previously Described as Malicious

Based on information publicly available for more than a year, Z-Lib.is is almost certainly malicious. In March 2023, the domain was reported alongside several others as fraudulent and a security risk by the official Z-Library team. They were very specific about the nature of the threat.

“These websites may steal your personal information and compromise your security,” Z-Library wrote.

The new report indicates that the data of almost 10 million users appears in the database. That is a very large number but on a base level, not impossible when considering traffic to the clone domains. Data shows that in February 2023 alone, Z-Lib.is had around 7.8 million visits. In the same month, the connected Zlibrary.to had around 9.1 million visits.

‘Data of 9.76 Million Users Leaked’

The claim that 9,761,948 people had their “usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses” leaked in the database is less easily explained.

While it would be unremarkable for all users to have a username, an email address, and a password, it seems unlikely that details of Bitcoin and Monero wallets were handed over at anything like a similar rate. It’s of course feasible that the report didn’t intend to give that impression.

Yet if we assume that not every user handed over their crypto details (or even had any to hand over at all), that meets a challenge later in the report. It describes the leak as “extremely disturbing as it deanonymizes millions of crypto wallets and links related transactions to individuals who tried to access pirated content.”

Copyright Consequences, Punishment for Piracy?

After linking crypto with attempts to access pirated content, two further references to copyright infringement feature later in the report.

“The database backup was generated on June 20th, 2024. It contains user data and other information used in the operation, such as received Digital Millennium Copyright Act (DMCA) takedown requests and payments to access the website’s resources,” the report notes.

“Z-Lib users should expect that the exposed data will likely be used by authorities, cybersecurity researchers, cybercriminals, and potentially anyone who can benefit from it. The data is not widespread yet, but it is vital to take action to protect other accounts.

“Law enforcement and copyright holders may use the leaked data to take legal action against the website’s users,” the researchers add.

As stated at the beginning, we have no access to the database and no knowledge of what else it may contain. On that basis, predicting whether it might be useful for civil litigation or even criminal prosecution, would be premature. The report makes no mention of any implications for the operators of the website itself, but notes that there may be attempts to blackmail users.

The Cybernews report also warns that people could face targeted phishing campaigns for the purpose of stealing their cryptocurrency, and follows up with various tips for those who may be affected.

Whether any, all, or none of these dangers will surface any time soon is unknown. That being said, it does seem fairly ironic that Z-Library is seen as a platform for study and research, but the success of the scam relies on potential targets being oblivious to the threat, having done little or no research over the past year.

Of course, there’s as much misinformation as there is information right now, so research may prove difficult. The basics, on the other hand, are very predictable. No pirate site ever needs a user’s personal details and handing them over will never lead to anything good.

From: TF, for the latest news on copyright battles, piracy and more.

Google claims math breakthrough with proof-solving AI models

AlphaProof and AlphaGeometry 2 solve problems, with caveats on time and human assistance

An illustration provided by Google.

Enlarge / An illustration provided by Google. (credit: Google)

On Thursday, Google DeepMind announced that AI systems called AlphaProof and AlphaGeometry 2 reportedly solved four out of six problems from this year's International Mathematical Olympiad (IMO), achieving a score equivalent to a silver medal. The tech giant claims this marks the first time an AI has reached this level of performance in the prestigious math competition—but as usual in AI, the claims aren't as clear-cut as they seem.

Google says AlphaProof uses reinforcement learning to prove mathematical statements in the formal language called Lean. The system trains itself by generating and verifying millions of proofs, progressively tackling more difficult problems. Meanwhile, AlphaGeometry 2 is described as an upgraded version of Google's previous geometry-solving AI modeI, now powered by a Gemini-based language model trained on significantly more data.

According to Google, prominent mathematicians Sir Timothy Gowers and Dr. Joseph Myers scored the AI model's solutions using official IMO rules. The company reports its combined system earned 28 out of 42 possible points, just shy of the 29-point gold medal threshold. This included a perfect score on the competition's hardest problem, which Google claims only five human contestants solved this year.

Read 9 remaining paragraphs | Comments

OpenAI hits Google where it hurts with new SearchGPT prototype

New tool may solve a web-search problem partially caused by AI-generated junk online.

The OpenAI logo on a blue newsprint background.

Enlarge (credit: Benj Edwards / OpenAI)

Arguably, few companies have unintentionally contributed more to the increase of AI-generated noise online than OpenAI. Despite its best intentions—and against its terms of service—its AI language models are often used to compose spam, and its pioneering research has inspired others to build AI models that can potentially do the same. This influx of AI-generated content has further reduced the effectiveness of SEO-driven search engines like Google. In 2024, web search is in a sorry state indeed.

It's interesting then, that OpenAI is now offering a potential solution to that problem. On Thursday, OpenAI revealed a prototype AI-powered search engine called SearchGPT that aims to provide users with quick, accurate answers sourced from the web. It's also a direct challenge to Google, which also has tried to apply generative AI to web search (but with little success).

The company says it plans to integrate the most useful aspects of the temporary prototype into ChatGPT in the future. ChatGPT can already perform web searches using Bing, but SearchGPT seems to be a purpose-built interface for AI-assisted web searching.

Read 12 remaining paragraphs | Comments

Chrome will now prompt some users to send passwords for suspicious files

Google says passwords and files will be deleted shortly after they are deep-scanned.

Chrome will now prompt some users to send passwords for suspicious files

(credit: Chrome)

Google is redesigning Chrome malware detections to include password-protected executable files that users can upload for deep scanning, a change the browser maker says will allow it to detect more malicious threats.

Google has long allowed users to switch on the Enhanced Mode of its Safe Browsing, a Chrome feature that warns users when they’re downloading a file that’s believed to be unsafe, either because of suspicious characteristics or because it’s in a list of known malware. With Enhanced Mode turned on, Google will prompt users to upload suspicious files that aren’t allowed or blocked by its detection engine. Under the new changes, Google will prompt these users to provide any password needed to open the file.

Beware of password-protected archives

In a post published Wednesday, Jasika Bawa, Lily Chen, and Daniel Rubery of the Chrome Security team wrote:

Read 6 remaining paragraphs | Comments

Lego’s newest retro art piece is a 1,215-piece Super Mario World homage

$130 set is available for preorder now, ships on October 1.

Nintendo and Lego are at it again—they've announced another collaboration today as a follow-up to the interactive Mario sets, the replica Nintendo Entertainment System, the unfolding question mark block with the Mario 64 worlds inside, and other sets besides.

The latest addition is an homage to 1990's Super Mario World, Mario's debut outing on the then-new 16-bit Super Nintendo Entertainment System. At first, the 1,215-piece set just looks like a caped Mario sitting on top of Yoshi. But a look at the back reveals more complex mechanics, including a hand crank that makes Yoshi's feet and arms move and a dial that opens his mouth and extends his tongue.

Most of the Mario sets have included some kind of interactive moving part, even if it's as simple as the movable mouth on the Lego Piranha Plant. Yoshi's mechanical crank most strongly resembles the NES set, though, which included a CRT-style TV set with a crank that made the contents of the screen scroll so that Mario could "walk."

Read 2 remaining paragraphs | Comments

Sonos CEO apologizes for botched app redesign, promises month-by-month updates

Restoring previously present features is Sonos’ No. 1 priority.

Two people with extremely 70s vibes looking at Sonos' app, with shag carpeting, wood paneling, and houndstooth pants in the frame.

Enlarge / I don't know how Sonos' app might have developed during the groovy era their marketing images aim to summon, but it feels like it might not have wanted to rush head-long into disappointing users quite so quickly. (credit: Sonos)

Sonos issued a redesigned app in May, and what lots of customers noticed about it wasn't the refreshed look, but the things from the previous design entirely missing. Not small things, but things that Sonos enthusiasts would really notice: sleep timers, local music library access and management, playlist and song queue editing, plus accessibility downgrades.

In May, a Sonos executive told The Verge that it "takes courage to rebuild a brand’s core product from the ground up, and to do so knowing it may require taking a few steps back to ultimately leap into the future." You might ask if bravery could have been mustered to not release an app before it was feature-complete.

Now, nearly three months after shipping, Sonos leadership has pivoted from excitement about future innovations to humility, apology, and a detailed roadmap of fixes. CEO Patrick Spence starts his "Update on the Sonos app from Patrick" with a personal apology, a note that "there isn’t an employee at Sonos who isn’t pained by having let you down," and a pledge that fixing the app is the No. 1 priority.

Read 3 remaining paragraphs | Comments

US solar production soars by 25 percent in just one year

2024 is seeing the inevitable outcome of the building boom in solar farms.

A single construction person set in the midst of a sea of solar panels.

Enlarge (credit: Vithun Khamsong)

With the plunging price of photovoltaics, the construction of solar plants has boomed in the US. Last year, for example, the US's Energy Information Agency expected that over half of the new generating capacity would be solar, with a lot of it coming online at the very end of the year for tax reasons. Yesterday, the EIA released electricity generation numbers for the first five months of 2024, and that construction boom has seemingly made itself felt: generation by solar power has shot up by 25 percent compared to just one year earlier.

The EIA breaks down solar production according to the size of the plant. Large grid-scale facilities have their production tracked, giving the EIA hard numbers. For smaller installations, like rooftop solar on residential and commercial buildings, the agency has to estimate the amount produced, since the hardware often resides behind the metering equipment, so only shows up via lower-than-expected consumption.

In terms of utility-scale production, the first five months of 2024 saw it rise by 29 percent compared to the same period in the year prior. Small-scale solar was "only" up by 18 percent, with the combined number rising by 25.3 percent.

Read 7 remaining paragraphs | Comments

Arsenic and old paint: Analyzing pigments in Rembrandt’s The Night Watch

Use of arsenic sulfides for yellow, orange/red hues adds to artist’s known pigment palette.

The Nightwatch, or Militia Company of District II under the Command of Captain Frans Banninck Cocq (1642)

Enlarge / Rembrandt's The Night Watch underwent many chemical and mechanical alterations over the last 400 years. (credit: Public domain)

Since 2019, researchers have been analyzing the chemical composition of the materials used to create Rembrandt's masterpiece, The Night Watch, as part of the Rijksmuseum's ongoing Operation Night Watch, devoted to its long-term preservation. Chemists at the Rijksmuseum and the University of Amsterdam have now detected unusual arsenic-based yellow and orange/red pigments used to paint the duff coat of one of the central figures in the painting, according to a recent paper in the journal Heritage Science. It's a new addition to Rembrandt's known pigment palette that further adds to our growing body of knowledge about the materials he used.

As previously reported, past analyses of Rembrandt's paintings identified many pigments the Dutch master used in his work, including lead white, multiple ochres, bone black, vermilion, madder lake, azurite, ultramarine, yellow lake, and lead-tin yellow, among others. The artist rarely used pure blue or green pigments, with Belshazzar's Feast being a notable exception. (The Rembrandt Database is the best resource for a comprehensive chronicling of the many different investigative reports.)

Early last year, the researchers at Operation Night Watch found rare traces of a compound called lead formate in the painting—surprising in itself, but the team also identified those formates in areas where there was no lead pigment, white or yellow. It's possible that lead formates disappear fairly quickly, which could explain why they have not been detected in paintings by the Dutch Masters until now. But if that is the case, why didn't the lead formate disappear in The Night Watch? And where did it come from in the first place?

Read 11 remaining paragraphs | Comments