An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU, researchers from Lumen Technologies’ Black Lotus Labs said. //

The easiest way for people to know if their router has been compromised in the operation is to review the current DNS settings to see if they list unrecognized servers. Users should also check event logs for any unrecognized changes to DNS server settings. People should also strongly consider replacing end-of-life routers with ones that receive regular security updates. People should never click through browser alerts warning of untrusted TLS certificates.

“Affected devices include Kindle 1st and 2nd Generation, Kindle DX and DX Graphite, Kindle Keyboard, Kindle 4, Kindle Touch, Kindle 5, and Kindle Paperwhite 1st Generation,” reads the message from the Kindle team. Older 2011 and 2012-era Kindle Fire tablets will also lose access to the Kindle Store.

Amazon’s Kindle generational branding is occasionally confusing—that “Kindle Paperwhite 1st Generation” is also referred to as “Kindle Paperwhite (5th Generation)” on Amazon’s support pages because it’s part of the fifth generation of Kindle releases overall. But if you check your Kindle’s software version and see anything older than 5.12.2.2, it means your Kindle is losing access to Amazon’s store and your e-book library.

It’s been a while since any of these devices received active software support from Amazon; only 2024-and-later devices have received the latest 5.19.3.0.1 software update, though 2021 and 2022’s Kindles have been updated as recently as February. Historically, though, Amazon has been willing to allow older, un-updated Kindles to continue to buy and download more books, even if they’re no longer benefitting from new features.

A situation like this is extremely rare, with 74 infants born on 73 commercial flights, of whom 71 survived delivery, between 1929 and 2018, according to a March 2020 study by the National Library of Medicine.

However, the birth brings up some legal questions regarding the baby’s citizenship status.

Most of the out-of-this-world photos being beamed home from Artemis II were taken with an old-model Nikon camera that can be bought for about $1,000.

NASA traded in the legendary Hasselblad model it used on Apollo missions years ago for the Nikon D5 DSLR — a classic digital single-lens-reflex camera first released in 2016.

The Nikon was carefully selected for its proven track record as a workhorse space camera, as well as its extraordinary ability to pick up detail even in extreme darkness, Nikon’s top NASA consultant told The Post on Tuesday.

He said the Nikon D5 has been used successfully in space since 2017 — and “is still producing amazing images for them.”

One of the camera’s top-selling points for Artemis II was its incredible low-light capabilities, Corrado said.

The camera is able to shoot at an ISO — or light-sensitivity rating — of up to 3.2 million. //

“After this mission, it should be Z9. They won’t go back to the D5 after this,” he said. “Once they fully test and continue to test, the Z9 will be the camera going to the moon.”

Artemis II brought a total 32 cameras onboard for their 10-day mission.

Fifteen were mounted on the spacecraft, and 17 were handheld cameras the crew operated while peering out the cabin windows during their historic flyby of the lunar far side.

Don't replace your fleet—revitalize it. Transform your existing PCs and Macs into secure, cloud-first endpoints. Deploy at scale from anywhere, with no complex IT requirements.

To get started and turn your phone into a server-compatible camera, you need it to actually broadcast a signal that your server can catch. There are a few different options when it comes to applications that will do this for you. These include IP Webcam and RTSP Camera Server Pro, and both are available on the Play Store. It's worth keeping in mind that these apps don't store video on the phone; they turn the phone into a network node.

We’ve been pretty excited about the announcement of Chrome OS Flex and what it could mean for scores of aging laptops – Windows and Mac OS included. Though we have a lot of content planned around this new OS from Google, we also realize that we’ve not put up a clear guide on how to actually get this up and running on your own device. With the USB method, you can test drive Chrome OS Flex without breaking anything on your computer and make the decision if it’s the right move for you or not. So why not give it a go?

As the Artemis II crew came close to passing behind the Moon and experiencing a planned loss of signal, they captured this image of a crescent Earth setting on the Moon’s limb.

“The five experiments all succeeded, but none of them revolutionized our understanding of the corona,” he says in a disarmingly honest way about the flight’s immediate impact. “They all played their role in the normal progression of scientific knowledge, but there were no extraordinary results, it has to be said.” //

Léna doubts their incredible flight will ever be repeated. Today, space-based satellites that can watch the sun 24/7 and create permanent artificial eclipses have revolutionized our understanding of the nearest star to Earth—although observing eclipses on Earth is still useful for astronomy. //

“At the time, our knowledge of the solar corona was very very limited,” explains Léna. “Today we have far less need for eclipse flights from a scientific point of view because we can put missions like SOHO in space, which is doing essentially what we were aboard Concorde. Our observation methods have changed a lot, so I doubt if today we’d redo a mission like that.”

It’s often said that scientific inquiry leads to innovation, but the Concorde experiment is a reminder that sometimes innovation offers wild, unexpected dividends to science. Today, the exact plane that chased the eclipse in 1973 sits as a permanent exhibit at Le Bourget Air and Space Museum, complete with the special roof portholes and the eclipse mission logo on its fuselage. Léna, John Beckman and other engineers and astronomers were present for the 2013 unveiling, along with the late pilot André Turcat

Jet Propulsion Laboratory and California Institute of Technology

Deep Space Network logo
VIEW DATA PANEL

I have a friend who works in the security sector. He always plays Red Team - so let's call him Reddy. His job is to look at systems, understand them, and then dream up ways to exploit and compromise them.

I recently asked for his opinion on the SAVE Act. No surprise, like the overwhelming majority of Americans, he is all for it - but his reasoning was less about preventing individual illegal aliens from voting but about reversing a deliberate systemic compromise of election system integrity by Democrats over the last two decades.

Reddy thinks Blue State voting systems are deliberately designed to enable fraud on an industrial scale, and California's electoral system is the model at or near full maturity.

He contends (and I agree with his analysis) that Democrats in California and their allied NGOs have successfully built up a huge bank of false registrations and jiggered their ballot handling and counting rules so they can always "find" enough votes on election night, or even after, (when they know the margins) to make sure they never lose.

Someday there is going to be a movie made about this rescue mission in Iran.

But man, what a morale booster for our military to know that the Secretary of War and Commander-in-Chief will blow up $300 million worth of our own military aircraft to rescue one US soldier.

No man left behind!

God bless our troops!

Military personnel matter to President Trump. At $300 million a troop the 1.3 million people in uniform means they are worth 390 trillion dollars (a million times a million is a trillion).

To Joe Biden, they were worth nothing.

He left 13 behind to die in Afghanistan and he looked at his watch repeatedly when their bodies came home.

But for a moment, look at our military’s rescue through the eyes of the enemy.

Iran had two men downed inside Iran and somehow its military was unable to find them, while the military from a nation thousands of miles away rescued them. It was like a groundball going through a fielder’s legs and costing his team a World Series game.

The rescue feels like victory because it is.

"Now, these are not routine operations. They were high-risk, high-stakes missions conducted in the heart of enemy territory.

"This was not just barely into Iran. This was deep into Iran, involving coordinated strikes to suppress threats, deception tactics to protect our teams, and full synchronization across air, ground, and special operations.

"The Iranians are still asking themselves right now, how did the Americans do this?"

Of the first mission, Hegseth said:

"The first mission, the first of two, was an audacious daylight thunder run right up the middle.

"It was authorized in less than two hours from that pilot going down, when we knew where he was, and it was authorized in the middle of the night because anybody that’s worked for this man knows he’s up in the middle of the night." //

"I looked up at my screen when the final mission was complete inside our SCIF, our secure facility.

"And we have a running VTC, a running coordination cell, and the top of it read 45 hours and 56 minutes.

"For 45 hours and 56 minutes, we held that call open for coordination.

"From the moment our pilots went down, our mission was unblinking.

"The call never dropped.

"The meeting never stopped.

"The planning never ceased."

The Normandy Invasion consisted of 5,333 Allied ships and landing craft embarking nearly 175,000 men. The British and Canadians put 75,215 troops ashore, and the Americans 57,500, for a total of 132,715, of whom about 3,400 were killed or missing, in contrast to some estimates of ten thousand.

The foregoing figures exclude approximately 20,000 Allied airborne troopers. Extensive planning was required to move all these troops.

The U.S. VII Corps sustained 22,119 casualties from 6 June to 1 July, including 2,811 killed, 13,564 wounded, 5,665 missing, and seventy-nine captured.

American personnel in Britain included 1,931,885 land, 659,554 air, and 285,000 naval—a total of 2,876,439 officers and men. While in Britain they were housed in 1,108 bases and camps.

These are just individuals, they just use computers, and they just want to steal your data and make money. They're not mythical. They don't have superpowers. //

And thus, the Dark Web Roast was born. It's a regular blog complete with memes, mockery, and a Ricky Gervais' "they're just jokes" inspired disclaimer: "While these incidents are genuinely amusing, they represent real criminal activities causing significant harm. This content is for threat intelligence and educational purposes only."

The most recent edition features a ransomware gang that bulk-drafted and scheduled their extortion attempts like a content calendar: "Considering the sheer, numbing volume of their posts, it's a solid bet that their 'victims' are probably just fake sites they spun up themselves for content, because nothing screams legitimacy like inflating your stats with phantom compromises," the researchers wrote. //

But public mockery (as with LockBit), and infiltration like the FBI did with Hive's ransomware network, can fracture trust among cyberthieves. And this fragmentation can help defenders dismantle criminal operations and keep people and data safe. //

The video shows an administrator skimming the most valuable secrets and cryptocurrency keys for personal gain, while passing only less lucrative data to customers. Trellix learned about this incident during a briefing with Dutch police.

"They said to us, 'We found out that this admin is also stealing from his own customers,'" Fokker remembers. After the Europol press release came out, Trellix unleashed the snark in a Dark Web Roast.

"We basically said you're stupid if you work with him, because he's just getting rich, and we just make fun of him," Fokker said. "We don't know if the impact was measurable, but still, we had an opportunity to run with that story and make a complete fool out of this admin. So that's something." ®

The cost of high-performance GPUs, typically $8,000 or more, means they are frequently shared among dozens of users in cloud environments. Three new attacks demonstrate how a malicious user can gain full root control of a host machine by performing novel Rowhammer attacks on high-performance GPU cards made by Nvidia.

The attacks exploit memory hardware’s increasing susceptibility to bit flips, in which 0s stored in memory switch to 1s and vice versa. In 2014, researchers first demonstrated that repeated, rapid access—or “hammering”—of memory hardware known as DRAM creates electrical disturbances that flip bits. A year later, a different research team showed that by targeting specific DRAM rows storing sensitive data, an attacker could exploit the phenomenon to escalate an unprivileged user to root or evade security sandbox protections. Both attacks targeted DDR3 generations of DRAM. //

On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new—and potentially much more consequential—territory: GDDR bitflips that give adversaries full control of CPU memory, resulting in full system compromise of the host machine. For the attack to work, IOMMU memory management must be disabled, as is the default in BIOS settings. //

A separate mitigation is to enable Error Correcting Codes (ECC) on the GPU, something Nvidia allows to be done using a command line. //

Kevin G
Ars Scholae Palatinae
21y
1,483
Thursday at 2:54 PM
#12
New
The ECC functionality on nVidia cards can take a pretty big performance hit as they do not include extra DRAM for ECC. Thus on a 32 GB workstation GPU, the amount of usable memory is reduced down to a 28 GB. Thus if you were using that extra memory and flipped on ECC, performance tanks as the remaining 4 GB gets paged out to host CPU memory. Beyond that, the ECC algorithm itself as the where the parity data for ECC resides is some what configurable. If itis on the same memory controller (which generally means the same memory chip as often there is only one chip per memory channel), then the calculation is done inside the memory controller relatively quickly. This of course comes at the higher integrity risk of losing data if a memory chip fails but this does protect against random bit flips. The other ECC algorithm is more akin to software RAID5 which rotates where the parity data resides across the chip and across the various internal memory controllers. Thus to compute ECC, one memory controller has to wait for another control to read that information and pass it down which is big performance penalty.

What this article doesn't cover is HBM which can both have extra stacks of memory in a channel as well as extra bits of parity on each die in the stack. Most ECC leverage the extra memory on the die plus rotating where the parity data resides. The end result is effectively the same as having an extra DRAM chip on a DIMM. (For those who don't know, an 8 GB ECC DIMM will contain ten 1 GB memory chips but the extra 2 GB is used exclusively for ECC and does not alter the usable capacity.)

HBM controllers are rather complex and the reason why capacities like 141 GB exist is due to a single die failure in one of the many stacks. Instead of disabling a wholes stack and reducing the memory capacity down to 120 GB, only the explicitly broken die is disabled.

Earlier this week, Bloomberg reported that “almost half of the US data centers planned for this year are expected to be delayed or canceled” because developers can’t import enough transformers, switchgear, and batteries to build out the power infrastructure that every data center needs.

These parts, which China has primarily manufactured for US manufacturers “for decades,” used to take between 24 and 30 months to get delivered prior to 2020. Now, they can require wait times up to five years, Bloomberg reported. That lag could matter, since China is reportedly about five years behind the US in the AI race.

Rather than rely on China, Trump would prefer that the US manufacture its own equipment. However, currently, “US manufacturing capacity for these devices cannot keep up with demand,” Bloomberg reported.

At Friday’s hearing of the Colorado Senate Business, Labor, and Technology committee, lawmakers voted unanimously to move Colorado state bill SB26-090—titled Exempt Critical Infrastructure from Right to Repair—out of committee and into the state senate and house for a vote.

The bill modifies Colorado’s Consumer Right to Repair Digital Electronic Equipment act, which was passed in 2024 and went into effect in January 2026. While the protections secured by that act are wide, the new SB26-090 bill aims to “exempt information technology equipment that is intended for use in critical infrastructure from Colorado’s consumer right to repair laws.” //

“I can point out at least five problems with the bill as drafted,” Gay Gordon-Byrne, the executive director at the Repair Association, said during the hearing. “The definition of critical infrastructure is completely inadequate. The definition that has been proposed in this bill is not even a definition.” //

Repair advocates also say that limiting this kind of repairability is the exact opposite of keeping devices secure. If something goes wrong with a critical piece of technology, the people using it need to fix it and not have to wait for manufacturer approval.

“There’s a general principle in cybersecurity that obscurity is not security,” iFixit CEO Kyle Wiens said in the hearing. “The money that’s behind the scenes, that’s what’s driving the bill.” //

DarthSlack Ars Legatus Legionis
12y
23,110
Subscriptor++
So critical infrastructure is, well, critical, right? Like you need it to keep working because if it stops you're in a world of hurt? So isn't that the stuff you really, really, really want to be able to repair when it breaks and not sitting on your ass waiting for some clownshoes to show up and charge you a small fortune to turn a screw or apply a patch?

Into the woods my Master went,
Clean forspent, forspent.
Into the woods my Master came,
Forspent with love and shame.
But the olives they were not blind to Him,
The little gray leaves were kind to Him:
The thorn-tree had a mind to Him
When into the woods He came.

Out of the woods my Master went,
And He was well content.
Out of the woods my Master came,
Content with death and shame.
When Death and Shame would woo Him last,
From under the trees they drew Him last:
'Twas on a tree they slew Him -- last
When out of the woods He came.

Excors Ars Centurion
12y
365
Subscriptor++
Resistance said:
I thought the current trajectory has the spacecraft and everything near it returning to Earth?
Yes - NASA says the translunar injection burn was also the deorbit burn. It's a very long deorbit trajectory, and there's six opportunities for correction burns to ensure a safe reentry angle and splashdown location, but they're already on their way to Earth. And they've skipped the first two correction burns because the trajectory is close enough to optimal.

If I'm interpreting this paper right, the requirement is to reach the entry interface with a max downrange error of 25.6km (figure 4), with up to 20 m/s delta-v of corrections, so this is just about fine-tuning. I presume that means anything that's still floating near the spacecraft, and not flying off at many m/s, is close enough to the optimal trajectory that it's still going to impact the Earth.