Space

Europe Is Seriously Considering a Major Investment In Space-Based Solar Power (arstechnica.com) 166

Europe is seriously considering developing space-based solar power to increase its energy independence and reduce greenhouse gas emissions, the leader of the European Space Agency said this week. Ars Technica reports: "It will be up to Europe, ESA and its Member States to push the envelope of technology to solve one of the most pressing problems for people on Earth of this generation," said Josef Aschbacher, director general of the space agency, an intergovernmental organization of 22 member states. Previously the space agency commissioned studies from consulting groups based in the United Kingdom and Germany to assess the costs and benefits of developing space-based solar power. ESA published those studies this week in order to provide technical and programmatic information to policymakers in Europe. Aschbacher has been working to build support within Europe for solar energy from space as a key to energy de-carbonization and will present his Solaris Program to the ESA Council in November. This council sets priorities and funding for ESA. Under Aschbacher's plans, development of the solar power system would begin in 2025.

In concept, space-based solar power is fairly straightforward. Satellites orbiting well above Earth's atmosphere collect solar energy and convert it into current; this energy is then beamed back to Earth via microwaves, where they are captured by photovoltaic cells or antennas and converted into electricity for residential or industrial use. The primary benefits of gathering solar power from space, rather than on the ground, is that there is no night or clouds to interfere with collection; and the solar incidence is much higher than at the northern latitudes of the European continent.

The two consulting reports discuss development of the technologies and funding needed to start to bring a space-based power system online. Europe presently consumes about 3,000 TWh of electricity on an annual basis, and the reports describe massive facilities in geostationary orbit that could meet about one-quarter to one-third of that demand. Development and deployment of these systems would cost hundreds of billions of euros. Why so much? Because facilitating space-based solar power would require a constellation of dozens of huge, sunlight-gathering satellites located 36,000 km from Earth. Each of these satellites would have a mass 10 times larger, or more, than that of the International Space Station, which is 450 metric tons and required more than a decade to assemble in low Earth orbit. Launching the components of these satellites would ultimately require hundreds or, more likely, thousands of launches by heavy lift rockets. "Using projected near-term space lift capability, such as SpaceX's Starship, and current launch constraints, delivering one satellite into orbit would take between 4 and 6 years," a report by British firm Frazer-Nash states. "Providing the number of satellites to satisfy the maximum contribution that SBSP could make to the energy mix in 2050 would require a 200-fold increase over current space-lift capacity."
Critics of the concept include Elon Musk and physicist Casey Handmer, among others, which take issue with the poor photon to electron to photon conversion efficiency and prohibitively expensive transmission losses, thermal losses, and logistics costs.
Crime

Saudi Arabia Sentences Woman To 34 Years In Prison For Tweeting (theverge.com) 258

A Saudi woman has been sentenced to 34 years in prison for retweeting activists through her Twitter account and sharing posts that spoke in favor of the right of women to drive. The Verge reports: Salma al-Shehab was a PhD candidate at the University of Leeds in the UK and was detained in January 2021 after returning to Saudi Arabia for a vacation. Shehab was initially sentenced to six years for using social media to "disturb public order and destabilize the security and stability of the state," based on having reshared tweets from Saudi activists living in exile who called for the release of political prisoners in the kingdom. The incident was reported in an editorial board piece from The Washington Post, which called it "yet another glimpse at the brutal underside of the Saudi dictatorship under its crown prince and de facto head of state, Mohammed bin Salman."

The Post reports that prosecutors in the appeal to Shehab's case argued for a more severe punishment under Saudi cybercrime and anti-terrorism laws, leading to a drastically increased sentence of 34 years, handed down on August 8th. The Freedom Initiative nonprofit, which advocates for the rights of prisoners detained in the Middle East, states that this is the longest known sentence for a women's rights activist in Saudi Arabia.

Security

North Korean Hackers Use Signed macOS Malware To Target IT Job Seekers (bleepingcomputer.com) 14

An anonymous reader quotes a report from Bleeping Computer: North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. The name of the false document was "Coinbase_online_careers_2022_07." When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device. Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems. They said that the malicious file is compiled for Macs with both Intel and Apple silicon, meaning that users of both older and newer models were targeted. In a thread on Twitter, they note that the malware drops three files [...].

ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way. Looking at the macOS malware, the researchers noticed that it was signed on July 21 (as per the timestamp value) with a certificate issued in February to a developer using the name Shankey Nohria and team identifier 264HFWQH63. On August 12, the certificate had not been revoked by Apple. However, the malicious application was not notarized -- an automatic process that Apple uses to check software for malicious components. Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control (C2) server, which was no longer responding at the time of the analysis.

Security

1,900 Signal Users' Phone Numbers Exposed By Twilio Phishing (arstechnica.com) 8

An anonymous reader quotes a report from Ars Technica: A successful phishing attack at SMS services company Twilio may have exposed the phone numbers of roughly 1,900 users of the secure messaging app Signal -- but that's about the extent of the breach, says Signal, noting that no further user data could be accessed. In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. That's "a very small percentage of Signal's total users," Signal writes, and all 1,900 affected users will be notified (via SMS) to re-register their devices. Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.

With momentary access to Twilio's customer support console, attackers could have potentially used the verification codes sent by Twilio to activate Signal on another device and thereby send or receive new Signal messages. Or an attacker could confirm that these 1,900 phone numbers were actually registered to Signal devices. No other data could be accessed, in large part because of Signal's design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access. And Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered. "The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against," Signal's support document reads. The messaging app notes that while Signal doesn't "have the ability to directly fix the issues affecting the telecom ecosystem," it will work with Twilio and other providers "to tighten up their security where it matters for our users."

Businesses

WeWork's Former CEO Has a New Startup, Reportedly Valued At More Than $1 Billion (cnn.com) 64

Nearly three years after Adam Neumann stepped down as CEO of WeWork following a failed attempt to take the company public, he is said to once again be in charge of a billion-dollar real estate startup. CNN Business reports: Andreessen Horowitz, the prominent venture capital firm known for its early investments in Twitter and Airbnb, has pumped about $350 million into Neumann's newest venture, called Flow, according to The New York Times, citing unnamed sources briefed on the deal. The investment valued the startup at more than $1 billion, according to the report. In a blog post Monday, Marc Andreessen, cofounder and general partner at the VC firm, announced the investment, without disclosing financial details. He also explained his thinking for backing Flow, a residential real estate company, and Neumann despite the founder's high-profile fall from grace at WeWork.

"Adam is a visionary leader who revolutionized the second largest asset class in the world -- commercial real estate -- by bringing community and brand to an industry in which neither existed before," Andreessen wrote in his post Monday. "Adam, and the story of WeWork, have been exhaustively chronicled, analyzed, and fictionalized -- sometimes accurately. For all the energy put into covering the story, it's often under appreciated that only one person has fundamentally redesigned the office experience and led a paradigm-changing global company in the process: Adam Neumann." It's not immediately clear how Flow seeks to revolutionize the residential housing industry. Flow currently has a bare bones website, with the slogan "Live life in flow" and two words stating it will launch in 2023.

Andreessen positioned the new company as a long-awaited solution to the nation's "housing crisis." He used a mix of jargon-filled terms -- "community-driven, experience-centric service" -- to explain how the new startup would "create a system where renters receive the benefits of owners." "We think it is natural that for his first venture since WeWork, Adam returns to the theme of connecting people through transforming their physical spaces and building communities where people spend the most time: their homes," Andreessen wrote. "Residential real estate -- the world's largest asset class -- is ready for exactly this change."

Robotics

Russian Army Expo Shows Off Robot Dog Carrying Rocket Launcher (pcmag.com) 56

At a military convention in Russia, a local company is showing off a robot dog that's carrying a rocket launcher. From a report: Russian news agency RIA Novosti today filmed the four-legged bot at the Army 2022 convention, which is taking place near Moscow and sponsored by the country's Ministry of Defense. The robot was recorded trotting along on the convention floor while wielding a rocket-propelled grenade launcher on its back. The robot is also capable of crouching on the floor, making it harder to spot, while it presumably waits to fire off a rocket. It remains unclear if the robot will ever be used on the field when Russia is locked in a war with Ukraine, and already using air-based drones at least for recon and targeting purposes. But according to RIA Novosti, the bot is dubbed the M-81 system and comes from a Russian engineering company called "Intellect Machine." The developers say the robot dog is being designed to both transport weapons and ammunition and fire them during combat missions.
Your Rights Online

Right To Repair Battle Heats Up With Rooting of John Deere Equipment (wired.com) 79

Long-time Slashdot reader drinkypoo writes: John Deere, current and historic American producer of farming equipment, has long been maligned for their DRM-based lockdowns of said equipment which can make it impossible for farmers to perform their own service. Now a new security bypass has been discovered for some of their equipment, which has revealed that it is in general based on outdated versions of Linux and Windows CE.

Carried out by Sick Codes, the complete attack involves attaching hardware to the PCB inside a touchscreen controller, and ultimately produces a root terminal.

In the bargain and as a result, the question is being raised about JD's GPL compliance.

Sick Codes isn't sure how John Deere can eliminate this vulnerability (beyond overhauling designs to add full disk encryption to future models). But Wired also notes that "At the same time, though, vulnerabilities like the ones that Sick Codes found help farmers do what they need to do with their own equipment."

Although the first thing Sick Codes did was get the tractor running a farm-themed version of Doom.
Iphone

Cellphone at Third Base: Baseball Player Mistakenly Runs the Bases with His iPhone (apnews.com) 38

Last year Rodolfo Castro made baseball history. Called up to the Major Leagues in April, the 22-year-old eventually recorded his first hit — a home run. But his next four recorded hits were all also home runs, something no player had done since 1901.

CBS News reports that this week, finally called back up to the Major Leagues, Castro again made history — of another sort: Modern technology has allowed people to take their phones, as well as the power of the internet, with them anywhere they go. Pittsburgh Pirates second baseman Rodolfo Castro took his around the bases against the Arizona Diamondbacks on Tuesday night.
Yep — an iPhone made a bizarre cameo in the 4th inning, reports the Associated Press: Castro and third base coach Mike Rabelo stood and stared, mortified.... Even third base umpire Adam Hamari had the perfect reaction, pointing at the phone that came flying out of Castro's back pocket during a head-first slide, trying not to giggle at the absurdity of the situation.

Those around the sport cringed along with them. "That's obviously not something that should happen," Yankees manager Aaron Boone said.... This faux pas just happened to be at a televised big league game, creating a video clip seen by millions.

"I just remember getting dressed, putting my pants on, getting something to eat, using the restroom," the 23-year-old Castro said through a translator Tuesday night after the Pirates lost 6-4 to Arizona. "Never did it ever cross my mind that I still had my cellphone on me...."

It's far from the first time a phone has made a cameo on a pro sports field. One of the most famous examples came nearly 20 years ago when New Orleans Saints receiver Joe Horn pulled out a flip phone — remember those? — that he had hidden in the padding around the goalpost and then acted like he was taking a call after scoring a touchdown.

Facebook

Gen Z is Over Facebook, Finds Pew Research. But YouTube Dominates Among Teens (nbcnews.com) 57

NBC News reports: Facebook, once the go-to social media platform for many, has plummeted in popularity among younger users, according to a new Pew Research Center survey.... The share of 13- to 17-year-olds who said they use Facebook dropped from 71% in the 2015 study to 32% today, Pew found.

As Facebook's popularity sinks, YouTube has become the dominating platform among teens, who are also using social media apps like TikTok, Snapchat and [Meta-owned] Instagram... While Facebook still beats out Twitter among Gen Z teens, Snapchat and Instagram have dwarfed its popularity. Sixty-two percent of teens use Instagram and 59% use Snapchat, according to Pew. TikTok also beats Facebook in popularity, with 67% of respondents saying they use the short-form video app, Pew reported....

The most popular platform among 13- to 17-year-olds is YouTube, which is used by 95% of teens, the research found.

There's an interesting graph showing trends in Pew's announcement. It's handy way to visualize that over the last seven years usage has dropped for Facebook, Twitter, and Tumbler — while usage increased for Instagram and Snapchat.

But YouTube hovers above them all with 95% usage.
Movies

Are Things 'Looking Grim' For Movies Based on DC Superheroes? (theverge.com) 117

"The fate of Warner Bros. DC Comics movies is looking grim," writes the Verge.

Since April's merger between Warner Brothers and Discovery, they call it "fairly obvious" that "the new guard at Warner Bros. Discovery wants to jettison or at the very least put some distance between itself and the DC Extended Universe's current iteration (along with all the baggage associated with the endeavor.)" The DC Extended Universe was plagued by a number of issues long... like a general lack of cohesion, subpar storytelling, and an association with a toxic fandom whose obsession eventually devolved into harassment campaigns against studio executives. Looking back, Justice League as it was released in 2017 was a haphazard attempt to catch up to the Marvel Cinematic Universe that put far too much faith in the power of people's general familiarity with characters like Wonder Woman, Cyborg, and Aquaman who didn't really have presences in the DC Extended Universe at the time.
Screen Rant calls Justice League "a movie that polarized audiences and was less successful than Man of Steel at the box office" — then explains what happened next: The DC Extended Universe had been struggling with highly divisive or critically panned movies, such as Batman v Superman: Dawn of Justice and Suicide Squad, but it was not until Justice League that the franchise really took a significant financial hit. In addition, Justice League was also the start of a series of behind-the-scenes controversies, and at this point, it is difficult to picture the Justice League cast all returning for a sequel....

With Ben Affleck seemly done with Batman and the studio wanting to move away from everything Justice League-related, DC needed a way to combine what had been working, such as Jason Momoa's Aquaman and Gal Gadot's Wonder Woman, with new strategies, such as Michael Keaton's [appearing in the upcoming Flash movie as] Batman. The answer seemed simple — the multiverse....

The fact that Batgirl, a movie that would have shown the aftermath of The Flash's multiverse journey, was canceled [last week] proves that the multiverse is no longer a priority for DC. Not only that but right before Batgirl's cancelation was announced, it was reported that Ben Affleck would replace Michael Keaton's rumored cameo in Aquaman and the Lost Kingdom.... During Warner Bros. Discovery's earning calls on August 5, CEO David Zaslav mentioned that the new management will make upcoming DC Extended Universe movies like Black Adam and The Flash "even better", suggesting that reshoots could be on the way.

Media

VLC Media Player Banned In India (indiatoday.in) 40

One of the most popular media player software and streaming media server VLC media player, developed by VideoLAN project, is no longer working in India. India Today reports: As per a report by MediaNama, VLC Media Player has been blocked in India nearly 2 months ago. Neither the company nor the Indian government has revealed any details about the ban. Some reports suggest that VLC Media Player has been blocked in the country because the platform was China-backed hacking group Cicada was using it for cyber attacks. Just a few months ago, security experts discovered that Cicada was using VLC Media Player to deploy a malicious malware loader as part of a long-running cyber attack campaign.

Since it was a soft ban, neither the company, nor the Indian government officially announced the banning of the media platform. Some users on Twitter are still discovering the restrictions of the platform. One of the Twitter users by the name Gagandeep Sapra tweeted a screenshot of the VLC website that shows âoethe website has been blocked as per order Ministry of Electronics and Information Technology under IT Act, 2000." Currently, the VLC Media Player website and download link are blocked in the country. In simple words, this means that no one in the country can access the platform for any work. This is seemingly the case for users who have the software installed on their device. It is said that VLC Media Player is blocked on all major ISPs including ACTFibernet, Jio, Vodafone-idea and others.

Printer

Bricked Epson Printers Make a Strong Case For User Repairability (theverge.com) 101

Epson has gained some scrutiny in recent weeks after the company disabled a printer that was otherwise working fine, leading to accusations of planned obsolescence. Epson knows its printers will stop working without simple maintenance at a predictable point in the future, and it knows that it won't be cost-effective for many owners to send their home printers in for service. So why not build them to be user serviceable in the first place? The Verge: The inciting post from @marktavern mentions that his wife was unable to use her "very expensive Epson printer" after an end-of-service error message appeared. This isn't anything new for Epson printers, sadly. Reports going back several years mention an infamous error message that reads "parts inside the printer have reached the end of their service life." Epson confirmed to The Verge that the error is related to the printer's ink pads, which had likely become saturated through extended use and were now at risk of spilling into the rest of the printer mechanism.

In a recently updated support document, Epson offers several solutions to resolve the problem. These include sending the printer into Epson to replace the ink pads or having a local certified technician do it. Previously (via Wayback Machine), just before the issue gained notoriety, Epson conceded that "repair may not be a good investment for lower cost printers because the printer's other components also may be near the end of usable life." It then added that "most consumers who are out of warranty elect to replace a lower-cost printer when they receive an end of life service message." Now, Epson suggests the feel-good option of sending the bricked unit in for recycling.

IT

Email Marketing Firm Mailchimp Suspends Several Crypto-Related Accounts (coindesk.com) 29

Mailchimp appears to have suspended the accounts of several crypto-related firms, according to the affected outlets. Crypto firms on the chopping board include intelligence platform Messari. From a report: Founder Ryan Selkis posted on Twitter revealing the suspension and expressing his disappointment. Crypto wallet provider Edge, NFT artist Ocarina, and Jesse Friedland -- the founder of NFT collection Cryptoon Goonz -- are among prominent names that appear to have had their accounts suspended in the last several weeks, according to the Decrypt report.
Security

Cisco Hacked By Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen (bleepingcomputer.com) 21

An anonymous reader quotes a report from BleepingComputer: Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account. "Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors," a Cisco spokesperson told BleepingComputer. "Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community."

The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company's corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.

"They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers," Cisco Talos said. After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor. Ultimately, Cisco detected and evicted them from its environment, but they continued trying to regain access over the following weeks. [...] Last week, the threat actor behind the Cisco hack emailed BleepingComputer a directory listing of files allegedly stolen during the attack. The threat actor claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings.

Bitcoin

Iran Cheerfully Admits Using Cryptocurrency To Pay For Imports (theregister.com) 65

Iran has announced it used cryptocurrency to pay for imports, raising the prospect that the nation is using digital assets to evade sanctions. The Register reports: Trade minister Alireza Peyman Pak revealed the transaction with the tweet [here], which translates as "This week, the first official import order was successfully placed with cryptocurrency worth ten million dollars. By the end of September, the use of cryptocurrencies and smart contracts will be widespread in foreign trade with target countries."

It is unclear what Peman Pak referred to with his mention of widespread use of crypto for foreign trade, and the identity of the foreign countries he mentioned is also obscure. But the intent of the announcement appears clear: Iran will use cryptocurrency to settle cross-border trades.

Social Networks

A Fifth of US Teens Use YouTube 'Almost Constantly,' With TikTok Not Far Behind (engadget.com) 50

Pew Research has published a new report that examines social media usage trends among US teens. The organization found that a whopping 95 percent of them use YouTube, while 19 percent are on the platform "almost constantly." Engadget reports: Perhaps unsurprisingly, two-thirds (67 percent) said they used TikTok, with 16 percent claiming they are on the app "almost constantly." The third most-popular social media platform among teens is Instagram, per Pew, with 62 percent using it. A tenth say they use it almost all the time -- despite the app occasionally telling them to take a break. A previous poll conducted in 2014-15 found that 52 percent were using Instagram (Pew didn't ask about YouTube usage for that survey and TikTok didn't exist at the time).

Snapchat also rose among teens, with 59 percent using it in 2022, compared with 41 percent in the previous poll. Facebook was the top social media app among teens seven years ago, with 71 percent of them using it, but that figure has dropped to 32 percent. Teen adoption of Twitter (down from 33 percent to 23 percent) and Tumblr (14 percent to five percent) has fallen over the same period too. The 2014-15 poll didn't ask about Twitch, WhatsApp or Reddit. These days, a fifth of teens use Twitch, 17 percent are on WhatsApp and 14 percent are accessing Reddit.

Nintendo

28 Years Later, Super Punch-Out!!'s 2-Player Mode Has Been Discovered (arstechnica.com) 25

Hmmmmmm shares a report from Ars Technica: While Punch-Out!! has been one of Nintendo's most beloved "fighting" series since its 1984 debut in arcades, it has rarely featured something common in the genre: a two-player mode. On Monday, however, that changed. The resulting discovery has been hiding in plain sight on the series' Super Nintendo edition for nearly 30 years. Should you own 1994's Super Punch-Out!! in any capacity -- an original SNES cartridge, a dumped ROM parsed by an emulator, on the Super Nintendo Classic Edition, or even as part of the paid Nintendo Switch Online collection of retro games -- you can immediately access the feature, no hacking or ROM editing required. All you need is a pair of gamepads.

[T]oday's Super Punch-Out!! discovery revolves around a simple series of button combinations, which require nothing more than a second controller. The two-player mode is hidden behind an additional, previously undiscovered menu, which lets solo players skip directly to any of the game's boxing combatants. It's essentially a "level select" menu, which many classic games featured for internal testing, and speedrunners could arguably use it to practice against specific opponents more quickly.

This menu can be accessed by holding the R and Y buttons on player two's controller at the "press start" screen, then pressing Start or A with player one's controller. Do this, and a new menu appears, displaying all 16 boxers' profile icons. Pick any of these icons to engage in a one-off fight; once it's over, you're dumped back to the same boxer-select menu. In this menu, friends can access a two-player fight if player two holds their B and Y buttons down until the match starts. You won't hear a sound effect or any other indication that it worked. Instead, the match will begin with the second player controlling the "boss" boxer at the top of the screen. Combine the "ABXY" array of buttons with "up" and "down" on the D-pad to pull off every single basic and advanced attack.
All credit goes to the coder responsible for the new @new_cheats_news account on Twitter, notes Ars.
The Internet

Burger King Blank Email Orders Confuse Thousands of Customers (theverge.com) 38

Burger King has just emailed thousands of customers with a blank order email receipt. The Verge reports: The blank emails started appearing at around 12:15AM ET, leaving Burger King customers confused whether the company has been breached by a hungry hacker attempting a midnight feast, or if the emails are simply a giant whopper of a mistake. Twitter users were quick to turn to the social network in a state of confusion over the blank emails, with some even receiving two Burger King emails in an apparent double whopper of a mistake. The order emails are totally blank, and were sent by Burger King's main promotional marketing email address.

After this story was published, an email from "BK PR Team" responded to our request for more information, claiming the issue was "the result of an internal processing error." We have asked for a specific individual to attribute the information to.

Bitcoin

Curve Finance Front End UI Compromised In DNS Hack (cointelegraph.com) 12

According to researcher samczsun at Paradigm, Curve Finance has had its front end compromised, with over $500K stolen within a matter of minutes. The automated market maker is warning users to exercise caution when interacting with the site. Binance CEO Changpeng Zhao also shared the news and is monitoring the situation. CoinTelegraph reports: Curve stated via Twitter that its exchange -- which is a separate product -- appeared to be unaffected by the attack, as it uses a different DNS provider. Twitter user LefterisJP speculated that the alleged attacker had likely utilized DNS spoofing to execute the exploit on the service: "It's DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract."

Other participants in the DeFi space quickly took to Twitter to spread the warning to their own followers, with some noting that the alleged thief appears to have stolen more than $573K USD at time of publication: "Alert to all @CurveFinance users, their frontend has been compromised! Do not interact with it until further notice! It appears around $570k stolen so far."

The Internet

How Russia Took Over Ukraine's Internet in Occupied Territories (nytimes.com) 54

Several weeks after taking over Ukraine's southern port city of Kherson, Russian soldiers arrived at the offices of local internet service providers and ordered them to give up control of their networks. From a report: "They came to them and put guns to their head and just said, 'Do this,'" said Maxim Smelyanets, who owns an internet provider that operates in the area and is based in Kyiv. "They did that step by step for each company." Russian authorities then rerouted mobile and internet data from Kherson through Russian networks, government and industry officials said. They blocked access to Facebook, Instagram and Twitter, as well as to Ukrainian news websites and other sources of independent information. Then they shut off Ukrainian cellular networks, forcing Kherson's residents to use Russian mobile service providers instead.

What happened in Kherson is playing out in other parts of Russian-occupied Ukraine. After more than five months of war, Russia controls large sections of eastern and southern Ukraine. Bombings have leveled cities and villages; civilians have been detained, tortured and killed; and supplies of food and medicine are running low, according to witnesses interviewed by The New York Times and human rights groups. Ukrainians in those regions have access only to Russian state television and radio. To cap off that control, Russia has also begun occupying the cyberspace of parts of those areas. That has cleaved off Ukrainians in Russia-occupied Kherson, Melitopol and Mariupol from the rest of the country, limiting access to news about the war and communication with loved ones. In some territories, the internet and cellular networks have been shut down altogether.

Slashdot Top Deals