Sunday, February 9, 2020
Retail-based tech startups experiment with new models
Watch two rocket launches live, including a Space Station supply flight and a mission to study the Sun
There are two – that’s right two – launches happening this Sunday, and both are set to broadcast live on NASA’s official stream above. The first is a NASA International Space Station resupply mission, with a Norhtrop Grumman Cygnus spacecraft launching aboard an Antares rocket from Wallops Island in Virginia at 5:39 PM EST (2:39 PM PST). The second is the launch of the Solar Orbiter spacecraft, a joint scientific mission by NASA and the European Space Agency (ESA) that’s set to take off aboard a United Launch Alliance (ULA) Atlas V rocket from Cape Canaveral, Florida at 11:03 PM EST (8:03 PM PST).
The ISS resupply mission is the 13th operated by Northrop Grumman, and will carry around 8,000 lbs of experiment materials, supplies for the STation’s astronaut crew, and additional cargo including various cargo. If all goes to plan, the Cygnus spacecraft will get to the Space Station on Tuesday at around 4:30 AM EST, where astronauts on board will capture the spacecraft with the station’s robotic arm for docking.
The NASA/ESA Solar Orbiter mission is a bit more of an event, since it’s a launch of a very special payload with a dedicated mission to study the Sun, launching aboard a brand new custom configuration of ULA’s Atlas V rocket tailor-made for the Orbiter. The Orbiter has a mass of nearly 4,000 lbs, and a wingspan of nearly 60 feet, and is carrying a complement of 10 instruments for gathering data from our Solar System’s central player.
Solar Orbiter will take the first ever direct images of the Sun’s poles once it arrives at our star, but it first has to get there, using the gravitational force of both Earth and Venus to help propel it along its path. Already, the planned launch of Solar Orbiter has been delayed by a few days – and timing is key to making sure those gravitational forces can work as designed to get it to tis goal, so here’s hoping today’s launch goes off as planned.
As its name implies, Solar Orbiter is designed to orbit the Sun – and it’ll do so from a relatively close distance of around 26 million miles away. That’s closer than Mercury, the planet in our solar system closest to the Sun, and at that distance it’ll still face max temperatures of around 520 degrees Celsius (968 degrees Fahrenheit). To endure those temps, the spacecraft is protected by a titanium heat shield that will always be oriented towards the star, and even its solar panels will actually have to tilt away from the Sun during the spacecraft’s closest approach to make sure they don’t get too hot while powering the satellite.
Solar Orbiter will study the Sun’s polar regions, as mentioned, and shed some light on how its magnetic field and emissions of particles from the star affect its surrounding cosmic environment, including the region of space that we inhabit here on Earth. After launch, Orbiter should make its way to Venus for a flyby this December, then cost paths with Earth for a planned approach in November, 2021, before making its first close approach to the Sun in 2022.
Check back above for live views of both launches, with the stream for the first mission kicking off shortly after 5 PM EST (2PM PST).
The war against space hackers: how the JPL works to secure its missions from nation-state adversaries
NASA’s Jet Propulsion Laboratory designs, builds, and operates billion-dollar spacecraft. That makes it a target. What the infosec world calls Advanced Persistent Threats — meaning, generally, nation-state adversaries — hover outside its online borders, constantly seeking access to its “ground data systems,” its networks on Earth, which in turn connect to the ground relay stations through which those spacecraft are operated.
Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotage of a billion-dollar mission also exists. Over the last few years, in the wake of multiple security breaches which included APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.
I talked to Arun Viswanathan, a key NASA cyber security researcher, about that work, which is a fascinating mix of “totally representative of infosec today” and “unique to the JPL’s highly unusual concerns.” The key message is firmly in the former category, though: information security has to be proactive, not reactive.
Each mission at JPL is like its own semi-independent startup, but their technical constraints tend to be very unlike those of Valley startups. For instance, mission software is usually homegrown/innovative, because their software requirements are so much more stringent: for instance, you absolutely cannot have software going rogue and consuming 100% of CPU on a space probe.
Successful missions can last a very long time, so the JPL has many archaic systems, multiple decades old, which are no longer supported by anyone; they have to architect their security solutions around the limitations of that ancient software. Unlike most enterprises, they are open to the public, who tour the facilities by the hundred. Furthermore, they have many partners, such as other space agencies, with privileged access to their systems.
All that … while being very much the target of nation-state attackers. Theirs is, to say the last, an interesting threat model.
Viswanathan has focused largely on two key projects. One is the creation of a model of JPL’s ground data systems — all its heterogeneous networks, hosts, processes, applications, file servers, firewalls, etc. — and a reasoning engine on top of it. This then can be queried programmatically. (Interesting technical side note: the query language is Datalog, a non-Turing-complete offshoot of venerable Prolog which has had a resurgence of late.)
Previous to this model, no one person could confidently answer “what are the security risks of this ground data system?” As with many decades-old institutions, that knowledge was largely trapped in documents and brains.
With the model, ad hoc queries such as “could someone in the JPL cafeteria access mission-critical servers?” can be asked, and the reasoning engine will search out pathways, and itemize their services and configurations. Similarly, researchers can work backwards from attackers’ goals to construct “attack trees,” paths which attackers could use to conceivably reach their goal, and map those against the model, to identify mitigations to apply.
His other major project is to increase the JPL’s “cyber situational awareness” — in other words, instrumenting their systems to collect and analyze data, in real time, to detect attacks and other anomalous behavior. For instance, a spike in CPU usage might indicate a compromised server being used for cryptocurrency mining.
In the bad old days, security was reactive: if someone had a problem and couldn’t access their machine, they’d call, but that was the extent of their observability. Nowadays, they can watch for malicious and anomalous patterns which range from the simple, such as a brute-force attack indicated by many failed logins followed by a successful one, to the much more complex, e.g. machine-learning based detection of a command system operating outside its usual baseline parameters.
Of course, sometimes it’s just an anomaly, not an attack. Conversely, this new observability is also helping to identify system inefficiencies, memory leakage, etcetera, proactively rather than reactively.
This may all seem fairly basic if you’re accustomed to, say, your Digital Ocean dashboard and its panoply of server analygics. But re-engineering an installed base of heterogeneous complex legacy systems for observability at scale is another story entirely. Looking at the borders and interfaces isn’t enough; you have to observe all the behavior inside the perimeter too, especially in light of partners with privileged access, who might abuse that access if compromised. (This was the root cause of the infamous 2018 attack on the JPL.)
While the JPL’s threat model is fairly unique, Viswanathan’s work is quite representative of our brave new world of cyberwarfare. Whether you’re a space agency, a big company, or a growing startup, your information security nowadays needs to be proactive. Ongoing monitoring of anomalous behavior is key, as is thinking like an attacker; reacting after you find out something bad happened is not enough. May your organization learn this the easy way, rather than joining the seemingly endless of headlines telling us all of breach after breach.
Corp.com domain put up for sale for $1.7M; testing shows it could give access to proprietary data of companies that adopted default "corp" Active Directory path (Brian Krebs/Krebs on Security)
Corp.com domain put up for sale for $1.7M; testing shows it could give access to proprietary data of companies that adopted default “corp” Active Directory path — As an early domain name investor, Mike O'Connor had by 1994 snatched up several choice online destinations …
Why is the healthcare industry still so bad at cybersecurity?
A medical (cyber)simulation from the 2018 CyberMed Summit (credit:University of Arizona / CyberMed Summit)
Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what they’re walking into triaging two patients: one in need of a hospital cardiac catheterization lab after an irregular electrocardiogram (EKG) reading, the other suffering from a stroke and needing a CT scan. All systems are down due to ransomware, so the physician working through the scenario can’t access electronic health records or use any of the assessment methods modern medicine is so reliant on. So, what to do?
There are all kinds of scary scenarios like this that become possible when a hospital or other healthcare provider gets pwned. And the health industry has consistently been getting pwned as of late. In 2019, health organizations continued to get hit with data breaches and ransomware attacks, costing the sector an estimated $4 billion. Five US healthcare organizations reported ransomware attacks in a single week last June. A Michigan medical practice closed last spring after refusing to pay ransomware to attackers. And in 2018, healthcare entities reported 41 percent of incidents—the highest number of any sector. The attacks are even becoming more severe and more sophisticated, too.
It’s not hard to imagine other modern nightmares like the EKG swap above. For example, malfunctioning pacemakers could lead to patients experiencing shocks they don’t need, or blood type databases could get switched and cause chaos due to an integrity attack. All four of these scenarios were in fact conducted during the two latest CyberMed Summits, a conference founded in the aftermath of 2017’s WannaCry attacks. “The world’s only clinically-oriented health-care cybersecurity conference” now annually brings together physicians, security researchers, medical device manufacturers, healthcare administrators, and policymakers in order to highlight and hopefully address vulnerabilities in medical technology.
Read 46 remaining paragraphs | Comments
Vodafone will remove Huawei systems from its EU core network at a cost of €200M over the next five years, following new UK rules and EU guidelines last month (Nic Fildes/Financial Times)
Vodafone will remove Huawei systems from its EU core network at a cost of €200M over the next five years, following new UK rules and EU guidelines last month — Vodafone is to strip Huawei systems out of the core of its European network at a cost of €200m as the European telecoms sector moves …
Europe’s solar orbiter begins its journey to the Sun tonight
Enlarge / ESA's Solar Orbiter mission will face the Sun from within the orbit of Mercury at its closest approach. (credit: ESA/ATG medialab)
Just before midnight on Sunday, a spacecraft will depart from Cape Canaveral, Florida, on a mission to the sun. Known as Solar Orbiter, this spacecraft will spend the next seven years dipping in and out of the extremely inhospitable environment around the sun. In the process, it will provide us with our first glimpse of the sun’s poles, which will be critical to understanding its topsy-turvy magnetic field. It will also help uncover the origin of violent solar storms that send plasma hurtling toward Earth, where it can knock out satellites and disrupt our power grids.
The Solar Orbiter mission is spearheaded by the European Space Agency and has been almost two decades in the making. It complements NASA’s Parker Solar Probe, launched in 2018, which will pass closer to the sun than any spacecraft in history. Only a year into its mission, Parker is providing scientists with four times more data about the solar environment than expected, says Nour Raouafi, a heliophysicist at Johns Hopkins University Applied Physics Laboratory and Parker project scientist. “We are venturing into regions of space that we never explored before,” says Raouafi. “Every observation is a potential discovery.”
Read 9 remaining paragraphs | Comments
Facebook, Messenger social media accounts hacked, company admits
Facebook became the butt of a laugh riot when a number of its corporate social media accounts were hacked by an online attacker named OurMine in the early hours of February 8. The Twitter and Instagram feeds of Facebook and Messenger were repeatedly populated with what appears to be the hacker’s calling card. Facebook eventually put out an official statement on Twitter to assure its followers that it had regained control over its accounts. In the meantime, users shared screenshots of the attack on Twitter.
While the Twitter timeline of Facebook and Messenger was repeatedly populated with a message from the attacker in the form of a text post, the Instagram feed of both accounts was flooded with images of the attacker’s logo. According to users on Twitter, this attack was the result of a security breach in Khoros, an American community and social media management software. The attacker, who called themselves OurMine in the posts, reportedly hacked the Twitter accounts of the NFL and ESPN late last month.
Despite these recent attempts at cybervandalism on social media that can prove to be a nuisance for big brands like Facebook and ESPN, OurMine call themselves a group of “professional” white hat hackers with “no bad intentions”. Their earliest attacks go as far back as 2016, when they hacked into the Twitter accounts of Wikipedia co-founder Jimmy Wales, Twitter co-founder Jack Dorsey, and Google CEO Sundar Pichai.
Popular Hong Kong-based app researcher Jane Manchun Wong was one of the many who captured the attack on Facebook’s corporate social media accounts on video. “It was fun watching this battle between Facebook and hackers where hackers keep posting tweets and Facebook keeps deleting them,” she wrote in her tweet. Her video shows Facebook making frantic efforts to delete the hacker’s offending tweets. You can see more such videos here.
It was fun watching this battle between Facebook and hackers where hackers keep posting tweets and Facebook keeps deleting them pic.twitter.com/c7APEJn38I
— Jane Manchun Wong (@wongmjane) February 8, 2020
https://ift.tt/39goZHe
Poco X2 Launched in India, Realme C3 Unveiled, and More News This Week
Ofo, the bike-sharing startup once valued at $2B, gets a makeover to become a shopping app, after over a year of struggles to refund users' deposits (Masha Borak/South China Morning Post)
Ofo, the bike-sharing startup once valued at $2B, gets a makeover to become a shopping app, after over a year of struggles to refund users' deposits — The Alibaba-backed company is pivoting to ecommerce and offering rebates in lieu of returning deposit moneyThe Alibaba-backed company …
Xiaomi confirmed to launch Mi 10 on February 13 online
Smartphone launch events often happen at exotic locations with a lot of fanfare. Media from around the globe are invited to cover them in live broadcasts. But that will not be the case with the launch of Xiaomi’s upcoming flagship, the Mi 10. Owing presumably to the growing concerns of the spread of a novel coronavirus (2019-nCoV) from China, Xiaomi will launch the Mi 10 at an online-only event on February 13. Xiaomi co-founder Lei Jun confirmed the official launch date on Weibo yesterday.
At the annual Qualcomm Tech Summit last year, Xiaomi President Lin Bin announced that the Xiaomi Mi 10 would be one of the first few smartphones to be powered by the Qualcomm Snapdragon 865 Mobile Platform. If things go according to plan, we can expect to see the upcoming Mi 10 powered by the recently developed Snapdragon 865 chip. We can also expect to see 16GB of RAM and 512GB of internal storage space on the smartphone. One variant of the Mi 10—the Mi 10 Pro 5G—is expected to have 5G connectivity.
Going by previously leaked information, we expect the Xiaomi Mi 10 to feature a 6.4-inch screen with a Full HD+ resolution. We also expect it to pack a 4800mAh battery, and the Mi 10 Pro 5G, a slightly smaller 4500mAh battery. According to a Weibo user named Technology B, the Xiaomi Mi 10 will have support for 48W fast charging. In the optics department, we expect the handset to have as many as four cameras on the back panel with the primary sensor being either a 64MP unit or a 108MP unit.
When it is launched next week, the Mi 10 will succeed the outgoing Mi 9. Launched a year ago, the Mi 9 features a 6.39-inch Super AMOLED screen with a resolution of 1080 x 2340 pixels. Powered by a Qualcomm Snapdragon 855 chip with up to 8GB of RAM and 256GB of internal storage space, it runs the proprietary MIUI 11 software that is based on Android 10. The handset has a 3300mAh battery with support for 27W fast charging. On its back panel, there’s a triple camera setup with the primary sensor having a resolution of 48MP. You can see our first impressions of the Mi 9 below:
Note: Cover image represents outgoing Xiaomi Mi 9
https://ift.tt/2SeQo77
Saturday, February 8, 2020
Chainalysis: cryptocurrency scams involving Ponzi schemes and other frauds took in over $4B in 2019, which was more than the combined $3B haul in 2017 and 2018 (Wall Street Journal)
Chainalysis: cryptocurrency scams involving Ponzi schemes and other frauds took in over $4B in 2019, which was more than the combined $3B haul in 2017 and 2018 — Ponzi schemes are the latest form of bitcoin fraud, with big platforms like one called PlusToken drawing the most money
Cherre, which is using AI to index and analyze real estate data from disparate public and private sources, raises $16M Series A led by Intel Capital (Kyle Wiggers/VentureBeat)
Cherre, which is using AI to index and analyze real estate data from disparate public and private sources, raises $16M Series A led by Intel Capital — Real estate data collection and analytics costs can total in the millions of dollars. That's why in 2016, L.D. Salmanson founded Cherre …
ClearMetal, which uses data analytics to optimize logistics and supply chain operations, raises a $15M round, bringing its total raised to more than $31M (Benzinga)
ClearMetal, which uses data analytics to optimize logistics and supply chain operations, raises a $15M round, bringing its total raised to more than $31M — San Francisco-based logistics data analytics startup ClearMetal announced it has raised $15 million in a fresh round of funding led …
Automox raises $30M Series B for developing a platform to automate configuration, patching, management, and inventory of enterprise endpoints (Kyle Wiggers/VentureBeat)
Automox raises $30M Series B for developing a platform to automate configuration, patching, management, and inventory of enterprise endpoints — The average cost of a data breach is nearly $4 million, and yet 74% of companies say they can't patch vulnerabilities quickly enough because they lack the necessary staff.
PitchBook: US startups raised $209B in 2024, up ~33% from 2023; AI startups raised $97B, the largest portion on record; VCs raised $76.1B, the lowest since 2019 (Sarah McBride/Bloomberg)
Sarah McBride / Bloomberg : PitchBook: US startups raised $209B in 2024, up ~33% from 2023; AI startups raised $97B, the largest portion ...
-
Jake Offenhartz / Gothamist : Since October, the NYPD has deployed a quadruped robot called Spot to a handful of crime scenes and hostage...
-
Lorena O'Neil / Rolling Stone : A look at the years of warnings about AI from researchers, including several women of color, who say ...
