2020-01-01 00:00:00 ..
2020-02-19 10:38:24 UTC
2020-02-19 17:38:36 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.
Tuesday's advisory from the DHS' Cybersecurity and Infrastructure Security Agency, or CISA, didn't identify the site except to say that it was a natural gas-compression facility. Such sites typically use turbines, motors, and engines to compress natural gas so it can be safely moved through pipelines.
The attack started with a malicious link in a phishing email that allowed attackers to pivot from the facility's IT network to the facility's OT network, which is the operational technology hub of servers that control and monitor physical processes of the facility. With that, both the IT and OT networks were infected with what the advisory described as "commodity ransomware."
The infection didn't spread to programmable logic controllers, which actually control compression equipment, and it didn't cause the facility to lose control of operations, Tuesday's advisory said. The advisory explicitly said that "at no time did the threat actor obtain the ability to control or manipulate operations."
Still, the attack did knock out crucial control and communications gear that on-site employees depend on to monitor the physical processes.
[...] Facility personnel implemented a "deliberate and controlled shutdown to operations" that lasted about two days. "Geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies," the advisory said. As a result, the shutdown affected the entire "pipeline asset," not just the compression facility. Normal operations resumed after that.
Also at threatpost.
A team of researchers at the University of Toronto has successfully tested a new strategy for identifying genetic resources critical for the ongoing battle against plant pathogens such as bacteria, fungi, and viruses that infect and destroy food crops worldwide.
"As much as 40 per cent of global crop yield annually is lost to pests and pathogens such as bacteria, viruses and other disease-causing microorganisms," said David Guttman, a professor in the Department of Cell & Systems Biology (CSB) at the University of Toronto and co-author of a study published in Science. "In Canada, pathogens of the top five crops cause annual losses of approximately CDN $3.2B, even with no significant outbreaks."
[...] "Effectors play key roles in disease since they evolved to enhance the ability of pathogens to attack and infect their hosts. Fortunately, plants have evolved counter-defenses in the form of immune receptors that can recognize certain effectors," said Desveaux. "A plant is able to mount an 'effector-triggered' immune response that usually stops the infection, if it carries a specific immune receptor that recognizes a specific pathogen effector. This effector-receptor interaction has been called gene-for-gene resistance, and is the basis for nearly all agricultural resistance breeding."
The team started by sequencing the genomes of approximately 500 strains of the bacteria Pseudomonas syringae (P. syringae), which causes disease on nearly every major crop species.
"From these bacterial genomes we identified approximately 15,000 effectors from 70 distinct families," said Guttman. "We then reduced this complexity by identifying 530 effectors that represent their global diversity."
[...] "We found that over 11% of the effectors elicited immune response, and that almost 97% of all P. syringae strains carry at least one immune-eliciting effector," said Desveaux. "We also identified new plant immune receptors that recognize these effectors, and found that almost 95% of all P. syringae strains can be blocked by just two A. thaliana immune receptors."
[...] "While wild plant species have a diverse array of immune receptors, most domesticated crop species have lost much of this immunodiversity due to intensive artificial selection," said Guttman. "Our approach enables the rapid identification of new immune receptors in wild relatives of crops that can then be moved into elite agricultural lines by traditional breeding, ultimately creating new varieties with greater ability to resist agricultural pathogens."
Bradley Laflamme et al. The pan-genome effector-triggered immunity landscape of a host-pathogen interaction, Science (2020). DOI: 10.1126/science.aax4079
A team at the National Institute of Standards and Technology (NIST) has developed a tool to monitor changes in widely used composite materials known as fiber reinforced polymers (FRPs), which can be found in everything from aerospace and infrastructure to wind turbines. The new tool, integrated into these materials, can help measure the damage that occurs as they age.
[...] Since the 1960s, scientists have been experimenting with ways to make FRPs lighter and stronger. This has often meant testing the bond between fiber and resin. As reported in a previous publication, the NIST team added small molecules that fluoresce after the impact of mechanical force. These molecules, called "mechanophores," change color or light up, helping identify tiny nanometer-sized openings or cracks between the fiber and resin.
The NIST team has taken this technology to the next level by incorporating the mechanophore throughout the composite resin. Although not noticeable to the naked eye, the newest approach allows scientists to use special microscopy imaging techniques to measure FRP damage. The approach incorporates a minute amount (less than 0.1% mass) of a fluorescent dye called rhodamine that causes no appreciable changes in the material's physical properties.
If the new mechanophore is embedded in structures made of FRP, field testing for fatigue could be done inexpensively and on a regular basis. Structures like wind turbines could frequently be scanned easily for interior cracks, even years after they've been erected.
Jeremiah W. Woodcock et al. Damage sensing using a mechanophore crosslinked epoxy resin in single-fiber composites, Composites Science and Technology (2020). DOI: 10.1016/j.compscitech.2020.108074
When your family opened up that brand-new computer when you were a kid, you didn't think of all of the third-party work that made typing in that first BASIC program possible. There once was a time when we didn't have to worry about which companies produced all the bits of licensed software or hardware that underpinned our computing experience. But recent malware attacks and other security events have shown just how much we need to care about the supply chain behind the technology we use every day.
The URGENT/11 vulnerability, the subject of a Cybersecurity and Infrastructure Security Agency advisory issued last July, is one of those events. It forces us to care because it affects multiple medical devices.
[...] medical device vendors don't always have the flexibility to upgrade their underlying platforms because of the way they license components. Since third-party components are usually licensed for a prebuilt function, the license may only allow for the device's use with a certain version of an operating system or kernel.
[...] addressing the risks means understanding and addressing the value chain for how a device evolves from concept to disposition. We need to also evolve how devices are designed and updated to match the level of support that Samsung and Apple provide. This means there needs to be dedication by manufacturers to use platforms for a longer time and a commitment to keeping the build chains current to be able to consistently deliver patches and updates to customers.
[...] Outside of the major manufacturers, many of the companies that manufacture these devices are smaller businesses, and they have to be able to afford to develop new devices and support what they have at the same time—which is often difficult even for large companies.
We need to partner with our medical device vendors to solve issues like Urgent/11 through better processes. We need to understand how the devices work, and we need to understand that it takes a lot of work to get a patch out for devices that are more complex than a standard PC. Deploying patches to these devices also carries different risks.
The S in Medical IoT stands for Security.
Here's a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time.
Yesterday, the former outgoing chair of the Young Adult Library Services Association's [(YALSA)] Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA's board. The email asked, "Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise."
[...] She ignored the message until another member of the committee reached out to her after responding to an identical message. The "assignment" turned out to be a textbook payment scam, and it came from a new email address—"presidentnewboxmailme [at]gmail.com":
Would you help in paying a Merchant and get reimbursed by [name of the board's financial chair]? [He] not available today due to health reasons, But promised a swift reimbursement before Friday. It's imperative and it's $6,980. I was able to sent out $4000 from my daily savings limit. Get back to me if you can send the remaining $2,980 via Zelle & CashApp. It concerns our YALSA's 2020 Young Adult Services Symposium.
[...] Knowing that Paula worked with the purported sender of the message, the recipient forwarded the message to her and asked, "Seems sketchy... has he been hacked?" Soon, others chimed in on a group chat that they had received similar suspicious messages.
No one fell for the phish.
[...] This attack—targeting members of a non-profit association—is just the latest wrinkle in that trend, borrowing the tactics, if not the precision, of big-dollar targeted attacks against corporations.
[...] associations and other non-profit organizations—which may have both somewhat less money and somewhat less in the way of centralized IT—are now apparently being targeted because of their nature. They have very public websites as part of their mission outreach, filled with the names and email addresses of people willing to do many things for the organization's mission—including reaching for their own wallets.
[...] Until Zelle, CashApp, and other peer-to-peer payment providers offer a way to help spot fraudulent accounts, they'll continue to be a popular target.
If you need more tips on spotting these kinds of scams... just ask a librarian.
This demonstration from the cybersecurity firm McAfee is the latest indication that adversarial machine learning can potentially wreck autonomous driving systems, presenting a security challenge to those hoping to commercialize the technology.
Mobileye EyeQ3 camera systems read speed limit signs and feed that information into autonomous driving features like Tesla's automatic cruise control, said Steve Povolny and Shivangee Trivedi from McAfee's Advanced Threat Research team.
The researchers stuck a tiny and nearly imperceptible sticker on a speed limit sign. The camera read the sign as 85 instead of 35, and in testing, both the 2016 Tesla Model X and that year's Model S sped up 50 miles per hour.
This is the latest in an increasing mountain of research showing how machine-learning systems can be attacked and fooled in life-threatening situations.
[...] Tesla has since moved to proprietary cameras on newer models, and Mobileye EyeQ3 has released several new versions of its cameras that in preliminary testing were not susceptible to this exact attack.
There are still a sizable number of Tesla cars operating with the vulnerable hardware, Povolny said. He pointed out that Teslas with the first version of hardware cannot be upgraded to newer hardware.
"What we're trying to do is we're really trying to raise awareness for both consumers and vendors of the types of flaws that are possible," Povolny said "We are not trying to spread fear and say that if you drive this car, it will accelerate into through a barrier, or to sensationalize it."
So, it seems this is not so much that a particular adversarial attack was successful (and fixed), but that it was but one instance of a potentially huge set. Obligatory xkcd.
Protecting Smart Machines From Smart Attacks
A New Clothing Line Confuses Automated License Plate Readers
A Simple Sticker Tricked Neural Networks Into Classifying Anything as a Toaster
3D Printed Turtles Fool Google Image Classification Algorithm
Slight Street Sign Modifications Can Completely Fool Machine Learning Algorithms
The Mission for Education and Multimedia Engagement Satellite (MEMESat-1) is planned to be the first meme broadcasting cube satellite ever created. MEMESAT-1 is being developed by letsgo2space.com, a non-profit trying to increase the exposure kids have to STEM topics.
At the moment, the team hopes to launch the satellite by late 2021, and no later than Spring 2022. The satellite will be a cubesat with flash memory containing thousands of meme images that will be broadcast to Earth via a transmitter operating in the UHF 70cm radio band. Enthusiasts on the ground will be able to receive the meme images with a Yagi antenna and we anticipate that RTL-SDRs will be a commonly used receiver. The satellite will also contain an FM UHF/VHF repeater operating in the amateur radio band for ham radio use.
Currently letsgo2space is fundraising and looking for $30,000 to fund the launch of MEMESAT-1. You can either donate any amount or submit a meme for their broadcast database for $1.69 via their website.
For non-radioheads, the 70cm band refers to the 433MHz frequency band normally used for industrial, scientific and medical devices. You should be able to pick up the signal with any UHF digital terrestrial television antenna and decode it with a Software Defined Radio receiver (Realtek RTL2832U clones being the most common due to its low cost) and gnuradio on a PC.
Blue Origin formally opened a factory Feb. 17 that the company plans to use to produce engines both for its vehicles and for United Launch Alliance's Vulcan rocket.
A ribbon-cutting ceremony marked the completion of a 350,000-square-foot factory [in Huntsville, Alabama] that will produce BE-4 and BE-3U engines. The factory, built in a little more than a year, will host more than 300 employees and produce up to 42 engines a year.
[...] While the building is complete, Blue Origin is not yet ready to start producing engines there. Employees will start moving into the factory this week, company officials said, with tooling and other equipment to start arriving in the coming weeks. The factory should be ready to start building BE-4 engines this summer, starting with a "site certification" engine that will be fired at both at Blue Origin's West Texas test site and a test stand at NASA's Marshall Space Flight Center that the company is refurbishing.
Blue Origin is currently building BE-4 engines at its headquarters in Kent, Washington. That work includes a series of engines used in testing and two "flight readiness" engines that Smith said in his remarks will be delivered to United Launch Alliance in May for integration on that company's Vulcan rocket for testing. The first engines intended for flight will also be produced there.
The company plans to transition production over a couple of years from Kent to Huntsville. Once the BE-4 production line is stabilized, Huntsville staff will be trained in Kent and then return to ramp up engine production in Huntsville. Ultimately the factory will be able to produce 42 engines a year, split roughly evenly between the BE-4 and the BE-3U engine that will power the upper stage of New Glenn. The company expects to take two to three years to reach that production rate.
SpaceX is planning to return to the Port of Los Angeles after previously abandoning plans for a Starship factory there.
Previously: Blue Origin Will Build its Rocket Engine in Alabama
Blue Origin Wins Contract to Supply United Launch Alliance With BE-4 Rocket Engines
Blue Origin Starts Construction of Rocket Engine Factory in Alabama
For decades, the trend was for more and more of a computer's systems to be integrated onto a single chip. Today's system-on-chips, which power smartphones and servers alike, are the result. But complexity and cost are starting to erode the idea that everything should be on a single slice of silicon.
Already, some of the most of advanced processors, such as AMD's Zen 2 processor family, are actually a collection of chiplets bound together by high-bandwidth connections within a single package. This week at the IEEE Solid-State Circuits Conference (ISSCC) in San Francisco, French research organization CEA-Leti showed how far this scheme can go, creating a 96-core processor out of six chiplets.
The CEA-Leti chip—for want of a better word—stacks six 16-core chiplets on top of a thin sliver of silicon, called an active interposer. The interposer contains both voltage regulation circuits and a network that links the various parts of the core's on-chip memories together. Active interposers are the best way forward for chiplet technology if it is ever to allow for disparate technologies and multiple chiplet vendors to be integrated into systems, according to Pascal Vivet, a scientific director at CEA-Leti.
"If you want to integrate chiplets from vendor A with chiplets from vendor B, and their interfaces are not compatible, you need a way to glue them together," he says. "And the only way to glue them together is with active circuits in the interposer."
In a study with potentially far-reaching implications for criminal justice in the United States, a team of California researchers has found that algorithms are significantly more accurate than humans in predicting which defendants will later be arrested for a new crime.
[...] "Risk assessment has long been a part of decision-making in the criminal justice system," said Jennifer Skeem, a psychologist who specializes in criminal justice at UC Berkeley. "Although recent debate has raised important questions about algorithm-based tools, our research shows that in contexts resembling real criminal justice settings, risk assessments are often more accurate than human judgment in predicting recidivism. That's consistent with a long line of research comparing humans to statistical tools."
"Validated risk-assessment instruments can help justice professionals make more informed decisions," said Sharad Goel, a computational social scientist at Stanford University. "For example, these tools can help judges identify and potentially release people who pose little risk to public safety. But, like any tools, risk assessment instruments must be coupled with sound policy and human oversight to support fair and effective criminal justice reform."
The paper—"The limits of human predictions of recidivism"—was slated for publication Feb. 14, 2020, in Science Advances. Skeem presented the research on Feb. 13 in a news briefing at the annual meeting of the American Association for the Advancement of Science (AAAS) in Seattle, Wash. Joining her were two co-authors: Ph.D. graduate Jongbin Jung and Ph.D. candidate Zhiyuan "Jerry" Lin, who both studied computational social science at Stanford.
Z. Lin, et al. The limits of human predictions of recidivism [open], Science Advances (DOI: 10.1126/sciadv.aaz0652)
SpaceX announced a new partnership Tuesday to send four tourists deeper into orbit than any private citizen before them, in a mission that could take place by 2022 and easily cost more than $100 million.
The company signed the deal with Space Adventures, which is based in Washington and served as an intermediary to send eight space tourists to the International Space Station (ISS) via Russian Soyuz rockets.
The first of these was Dennis Tito, who paid $20 million for an eight hour stay on the ISS back in 2001. The last to go was Cirque du Soleil founder Guy Laliberte, in 2009.
The new tourists would be carried on SpaceX's Crew Dragon capsule, which was developed to transport NASA astronauts and is due to make its first crewed flight in the coming months.
"Our goal is to try to get to about two to three times the height of the space station," Space Adventure's president Tom Shelley told AFP.
The ISS orbits at 400 kilometers (250 miles) above Earth's surface, but the exact altitude of the Space Adventures mission would be determined by SpaceX, added Shelley.
At its earliest, it could take place by late 2021, though "probably more likely is sometime in 2022," he said.
The capsule was designed to take astronauts from the surface to the ISS. Just nine square meters in volume[sic], there are no private areas to sleep wash or use the bathroom.
Mission duration will depend on what the customers want, said Shelley.
Space Adventures has posted its official announcement on its website.
Red Hat is set to fling a flaming arrow at Red Hat CoreOS Container Linux*, the software firm said as it laid out the details of the end of life timeline for the distro it acquired in January 2018.
[...] Users who want something similar outside the context of OpenShift are directed to Fedora CoreOS, the community version, which is "the official successor to CoreOS Container Linux," according to the end of life announcement. That said, Red Hat has admitted: "Fedora CoreOS cannot currently replace Container Linux for all use cases."
[...] The team said: "We've found that the incremental, exploratory, forward-looking development required for Fedora CoreOS — which is also a cornerstone of the Fedora Project as a whole — is difficult to reconcile with the iron-clad stability guarantee that ideally exists when automatically updating systems."
Red Hat noted there is a fork of CoreOS Container Linux called Flatcar Linux which may be more suitable for users who do not want to jump into OpenShift. Flatcar Linux is supported by a Berlin company called Kinvolk.
The end of life timeline for CoreOS Container Linux is aggressive, Red Hat said. May 26 is the last date for updates including security patches. From September 1st, "published resources related to CoreOS Container Linux will be deleted or made read-only. OS downloads will be removed, CoreUpdate servers will be shut down, and OS images will be removed from AWS, Azure, and Google Compute Engine. GitHub repositories, including the issue tracker, will become read-only." The reason for deleting OS images is to discourage continued use after end of support.
Using the Dutch-led Low Frequency Array (LOFAR) radio telescope, astronomers have discovered unusual radio waves coming from the nearby red dwarf star GJ1151. The radio waves bear the tell-tale signature of aurorae caused by an interaction between a star and its planet. The radio emission from a star-planet interaction has been predicted for over thirty-years but this is the first time astronomers have been able to discern its signature. This method, only possible with a sensitive radio telescope like LOFAR, opens the door to a new way of discovering exoplanets in the habitable zone and studying the environment they exist in.
[...] "The motion of the planet through a red dwarf's strong magnetic field acts like an electric engine much in the same way a bicycle dynamo works. This generates a huge current that powers aurorae and radio emission on the star." says Dr. Harish Vedantham, the lead author of the study and a Netherlands Institute for Radio Astronomy (ASTRON) staff scientist.
[...] "We adapted the knowledge from decades of radio observations of Jupiter to the case of this star" said Dr. Joe Callingham, ASTRON postdoctoral fellow and co-author of the study. "A scaled up version of Jupiter-Io has long been predicted to exist in the form of a star-planet system, and the emission we observed fits the theory very well."
The group is now concentrating on finding similar emission from other stars. "We now know that nearly every red-dwarf hosts terrestrial planets, so there must be other stars showing similar emission. We want to know how this impacts our search for another Earth around another star" says Dr. Callingham.
Journal Reference: H. K. Vedantham et al. Coherent radio emission from a quiescent red dwarf indicative of star–planet interaction, Nature Astronomy (2020). DOI: 10.1038/s41550-020-1011-9
Labs around the world are racing to develop new computing and sensing devices that operate on the principles of quantum mechanics and could offer dramatic advantages over their classical counterparts. But these technologies still face several challenges, and one of the most significant is how to deal with "noise"—random fluctuations that can eradicate the data stored in such devices.
A new approach developed by researchers at MIT could provide a significant step forward in quantum error correction. The method involves fine-tuning the system to address the kinds of noise that are the most likely, rather than casting a broad net to try to catch all possible sources of disturbance.
The analysis is described in the journal Physical Review Letters, in a paper by MIT graduate student David Layden, postdoc Mo Chen, and professor of nuclear science and engineering Paola Cappellaro.
"The main issues we now face in developing quantum technologies are that current systems are small and noisy," says Layden. Noise, meaning unwanted disturbance of any kind, is especially vexing because many quantum systems are inherently highly sensitive, a feature underlying some of their potential applications.
[...] we just don't have the resources to do particularly useful quantum error correction in the usual way." So instead, the researchers found a way to target the error correction very narrowly at the specific kinds of noise that were most prevalent.
The quantum system they're working with consists of carbon nuclei near a particular kind of defect in a diamond crystal called a nitrogen vacancy center. These defects behave like single, isolated electrons, and their presence enables the control of the nearby carbon nuclei.
[...] "The upshot of our approach is that we're able to get a fixed level of protection using far fewer resources than would otherwise be needed," he says. "We can use a much smaller system with this targeted approach."
The work so far is theoretical, and the team is actively working on a lab demonstration of this principle in action. If it works as expected, this could make up an important component of future quantum-based technologies of various kinds, the researchers say, including quantum computers that could potentially solve previously unsolvable problems, or quantum communications systems that could be immune to snooping, or highly sensitive sensor systems.
David Layden, Mo Chen, and Paola Cappellaro. "Efficient Quantum Error Correction of Dephasing Induced by a Common Fluctuator", Physical Review Letters (2020). DOI: 10.1103/PhysRevLett.124.020504
Every cell in our body has a computer-like control system that sends biological signals through thousands of circuits to monitor the cell's needs and regulate its responses.
But when diseases such as cancer arise, these regulatory circuits often go awry, resulting in unnatural signals and responses. The ability to accurately detect these abnormal disease signals would be a potential avenue for more precise treatments.
Now, Stanford researchers have devised a biological tool that can not only detect such faulty genetic circuits but also "debug" them—like running a patch cord around a computer hardware glitch—to facilitate the elimination of cancer cells, for instance.
In an article in the journal Molecular Cell, Stanley Qi and his team describe how they built their sense-and-respond system by modifying the CRISPR-Cas gene-editing tool, which works like a molecular switch to repair faulty genes. Qi is an assistant professor of bioengineering and of chemical and systems biology.
Qi had previously developed Cas tools that could perform multiple tasks, such as switching desired genes on or off. In his latest work, with graduate student Hannah Kempton, he expanded on that concept to develop a CRISPR-Cas tool that performs these different tasks only in the presence of different combinations of biological signals.
Hannah R. Kempton et al, Multiple Input Sensing and Signal Integration Using a Split Cas12a System, Molecular Cell (2020). DOI: 10.1016/j.molcel.2020.01.016