News & Updates

Image of Pluto's surface.

Enlarge / Washboard terrain fills the basins in the right of this image. (credit: NASA/JHUAPL/SwRI)

As we’ve gathered more details about the other planets of the Solar System, we’ve largely managed to explain the geography we’ve found by drawing analogies to things we’re familiar with from Earth. Glaciers and wind-driven erosion produce similar results both here and on Mars, for instance. But further out in the Solar System, the materials involved in the geology change—water ice becomes as hard as rock, and methane and nitrogen freeze—which raises the prospect of some entirely unfamiliar processes.

This week, scientists proposed that some weird terrain found on Pluto could be the product of large fields of nitrogen ice sublimating off into the atmosphere. While this explanation could account for some properties of Pluto’s geography, it doesn’t explain why the process resulted in a series of parallel ridges.

On the washboard

The strange terrain lies to the northwest of Sputnik Planitia, the heart-shaped plane that dominates the side of Pluto we have the best images of. Called “washboard” or “fluted,” the area consists of large numbers of roughly parallel ridges with roughly a kilometer or two separating them. Aside from their appearance and general orientation, these ridges don’t seem to have a lot in common. They’re discontiguous and don’t fill the entire region. They run down slopes and spread across valley floors—in some cases a single ridge will run down a slope and then flatten out. And in several cases, they create a starburst-like pattern on along the walls of craters.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Reef is a bright, inviting game with a lot of fun, colorful pieces.

Enlarge / Reef is a bright, inviting game with a lot of fun, colorful pieces. (credit: Aaron Zimmerman)

Welcome to Ars Cardboard, our weekend look at tabletop games! Check out our complete board gaming coverage at cardboard.arstechnica.com.

Abstract, family-style board games are all the rage these days, and for good reason. They tend to occupy that sweetest of sweet spots—accessible to non-gamers while remaining strategic enough to keep veteran players engaged. Their simple rulesets are packaged with quality components, bright colors, and light themes. In short, they’re games that just about anyone can enjoy.

The apotheosis of the form was arguably seen in 2014’s modern classic Splendor, an economic game about collecting satisfyingly hefty gem-styled poker chips. But last year, publisher Next Move Games introduced another contender to the throne: Azul, a puzzle-y abstract game about drafting and laying beautiful bakelite tiles. The game took the board gaming world by storm, eventually earning the prestigious Spiel Des Jahres (“Game of the Year”) award in Germany. So when Next Move announced another abstract spatial puzzle game, Reef (this time by Century: Spice Road designer Emerson Matsuuchi) we were hoping for a second lightning strike. It seems we’ve gotten one.

Read 16 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail.

At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company.

The ransom demand (archive.is link) was posted on Pastebin, the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers.

AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity (SRI) allowing tampering and data collection.

“We hacked Protonmail and have a significant amount of their data from the past few months.  We are offering it back to Protonmail for a small fee, if they decline then we will publish or sell user data to the world.” wrote the hacker.

“While Protonmail’s open-source code can be freely audited on Github, they haven’t configured the mandatory SRI feature (https://www.w3.org/TR/SRI/). This leaves users without any guarantee about their source code integrity, thus allowing tampering and data collection at anytime. This will be totally transparent and unnoticed, because without enabling SRI all the users should inspect the website runtime code and its connections manually in the same moment they’re being tampered with by Protonmail to discover it.”

“Incidentally during this period we noticed that Protonmail sends decrypted user data to American servers frequently.  This may be due to the Swiss MLAT treaty requiring swiss companies reveal all their data to the Americans.  However it also might be possible they are sending this decrypted user data to the American firm that owns them.  This was simply a surprising thing to note but did not significantly influence our operation.” added the hacker.

ProtonMail denied having been hacked that added that this is just a hoax.

Below the ProtonMail reply to a Reddit thread:

“This extortion attempt is a hoax and we have seen zero evidence to suggest otherwise.” states the company.

“A closer reading of some of the claims, e.g. “circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica”, etc, should also cause a reasonable observer to draw the same conclusion.”

ProtonMail confirmed to be aware of a limited number of hacked accounts that have been compromised likely through credential stuffing of phishing attacks, but excluded that its systems have been breached.

“As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.” wrote the company.

“Like any good conspiracy theory, it is impossible to disprove a breach. On the other hand, a breach can be easily proven by providing evidence. The lack of evidence strongly suggests there is no breach, and this is a simple case of online extortion.”

protonmail hacked

The hackers are claiming they have data on Michael Avenatti and CNN employees.

The hacker is also offering $20 USD in bitcoin for spreading info about the alleged hack using the #Protonmail hashtag on Twitter.

This is a very strange and anomalous scam attempt, the hackers used a mix of appealing info and political data. Why mention Avenatti in a scam attempt? Is it a message to someone? Why hackers did not publish a sample of stolen data?

Stay Tuned…

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Protonmail, hacking)


The post Protonmail hacked …. a very strange scam attempt appeared first on Security Affairs.

Source: Security affairs

Julian Assange speaks to the media from the balcony of the Embassy Of Ecuador on May 19, 2017 in London, England.

Enlarge / Julian Assange speaks to the media from the balcony of the Embassy Of Ecuador on May 19, 2017 in London, England. (credit: Jack Taylor/Getty Images)

The Reporters Committee for Freedom of the Press has asked a federal court to unseal documents related to the federal government’s pending prosecution of Wikileaks founder Julian Assange.

The existence of that prosecution appears to have been accidentally revealed due to a cut-and-paste error in an unrelated sex crimes case. Now that its existence has been revealed, the Reporters Committee argues, there’s no good reason to continue to withhold other details of the charges against Assange.

“Both the press and the public have a particularly powerful interest in access to sealed court records related to the government’s prosecution of Assange,” the rights group said in its filing.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Richard Baguley

Let’s be honest here: modern processors aren’t exciting. Speed bumps no longer thrill us, and we’ve become blasé about adding more cores. But we are living in a time when computers casually offer amounts of processing power that would have made previous generations swoon.

It’s also a competitive time, primarily with two companies fighting for your silicon spending and giving you great computing bang for your buck. On one side we have Intel, the 800-pound gorilla of the processor world. On the other side, we have AMD, the upstart that occasionally steals the crown by doing something unexpected that changes the rules.

Read 30 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Holding candles and photos, friends and family gathered at the Lincoln Memorial to remember Bijan Ghaisar, on December 8, 2017. He was killed by US Park Police, and his family still does not know exactly why.

Enlarge / Holding candles and photos, friends and family gathered at the Lincoln Memorial to remember Bijan Ghaisar, on December 8, 2017. He was killed by US Park Police, and his family still does not know exactly why. (credit: Michael S. Williamson/The Washington Post via Getty Images)

Two Democratic members of Congress have introduced a new bill that would mandate body cameras and dashboard-mounted cameras for uniformed federal law enforcement.

The law is meant to prevent situations like the November 2017 death of an unarmed Virginia man, Bijan Ghaisar, who died at the hands of United States Park Police officers in Fairfax County, Virginia. The 25-year-old had fled a car crash, but it remains unclear exactly why federal officers opened fire.

The House members, Rep. Eleanor Holmes Norton (D-DC) and Rep. Don Beyer (D-VA), said in a Friday statement that absent dashboard camera footage, Ghaisar’s parents would know even less than they currently do as the FBI has yet to release any public information about the case.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach.

Group-IB experts discovered another large set of compromised payment cards details that was put on sale on Joker’s Stash, one of the most popular underground hubs of stolen card data, on Nov. 13. The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,878 cards from Pakistani and the other international banks.

On November 13, Group-IB Threat Intelligence system detected an abnormal spike in Pakistani banks’ data offered for sale on one of the card shops: a new set of dumps was uploaded to Joker’s Stash. The file was initially put on sale under the name PAKISTAN-WORLD-EU-MIX-03 (fresh skimmeD EU base): PAKISTAN/WORLD/EU TR1+TR2, uploaded 2018.11.13 (NON-REFUNDABLE BASE). Slightly later the name of the database with dumps was changed to «PAKISTAN-WORLD-EU-MIX-03 (fresh skimmeD EU base): PAKISTAN/WORLD/EU TR1+TR2, uploaded 2018.11.13 (time for refunds: 3 hours)».

Presumably, originally, the seller did not want to allow refunding purchased cards, but he later decided to give its potential buyers some time to test the reliability and value of data on sale.

“Card dumps are usually obtained by using skimming devices and through Trojans infecting workstations connected to POS terminals. The large part of compromised card data is sold in specialized card shops, such as Joker’s Stash. Group-IB Threat Intelligence continuously detects and analyses data uploaded to card shops all over the world,” – said Dmitry Shestakov, Head of Group-IB сybercrime research unit.

According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, 1.8 million were uploaded to card shops monthly. Group-IB’s records indicate that card dumps account for 62% of total sets of card data sold, which means that POS Trojans represent the major method of compromising credit cards and might have caused this particular leak.

The total amount of dumps that went on sale on Nov. 13 was amounted to 177,878:  there were 150,632dumps of Pakistani banks, 16,227 cards of other regions’ banks and 11,019 dumps of undefined banks.

Pakistani banks

The banks affected by this breach included major Pakistani financial organizations such as, Habib Bank, MCB Bank Limited, Allied Bank Limited and many others. Habib Bank was affected most by the breach: roughly 20% of cards (30,034) in the uploaded database was issued by this bank. It is also worth noting, that there were no card dumps of BankIslami up for sale this time.

“What is interesting about this particular leak is that the database that went on sale hadn’t been announced prior either in the news, on card shop or even on forums on the dark net – comments Dmitry Shestakov.  The market value of this database is estimated at $19.9 million.  The sale price for these card dumps ranges from $17 to $160. However, it is very rare, that Pakistani banks’ cards come on sale on the dark net card shops. In the past six months it was the only big sale of Pakistani banks’ data.”

Prior to this data leak, Group-IB experts detected two consecutive Pakistani banks’ compromised cards uploads to Joker’s Stash. The first one occurred on Oct. 26, when new dump identified as “PAKISTAN-WORLD-EU-MIX-01” went on sale on Joker’s Stash card shop. This dump database had 10,467 payment cards details, 8,704 of which belonged to Pakistani banks, including BankIslami. The breach might have caused the compromise of BankIslami account holders that took place on Oct. 27. The set of dumps was valued at $1.1 million with sale price ranging from $35 to $150. Another set under the name «PAKISTAN-WORLD-EU-MIX-02 (fresh skimmeD EU base) : PAKISTAN/WORLD/EU TR1+TR2» was published on Joker’s Stash on Oct. 31. This time, the database had data on 11,795 cards issued by the leading Pakistani and other regions’ banks: 710 dumps from undefined banks and 1,031 dumps from the banks outside of Pakistan. No BankIslami cards dumps were published in the set.

About the author Group-IB

Group-IB is one the world’s leading providers of solutions aimed at detection and prevention of cyber attacks, fraud exposure and protection of intellectual property on the Internet. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on company’s fifteen years of hands-on experience in cybercrime investigations all over the world and 55 000 hours of cyber security incident response accumulated in the largest forensic laboratory in Eastern Europe and a round-the-clock centre providing a rapid response to cyber incidents—CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Dark Web,  Pakistani banks)


The post New set of Pakistani banks’ card dumps goes on sale on the dark web appeared first on Security Affairs.

Source: Security affairs

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability.

Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government, assigned to the politician the responsibility for cybersecurity of the 2020 Tokyo Olympics.

Sakurada was only appointed as cyber minister in October after Japanese Prime Minister Shinzo Abe was re-elected as head of the Liberal Democratic Party.

When the independent lawmaker Masato Imai in a lower house session questioned Sakurada about its cyber capabilities, the Japanese politician confirmed that he never user a computer since he was 25 years old.

“Since I was 25 years old and independent I have instructed my staff and secretaries. I have never used a computer.”  said Yoshitaka Sakurada.

Of course, the response shocked the audience, including Imai.

“I find it unbelievable that someone who is responsible for cybersecurity measures has never used a computer.” said Imai.

“It’s a matter that should be dealt with by the government as a whole. I am confident that I am not at fault.” replied Sakurada. 

This isn’t the first time Sakurada was in the middle of a controversy, in 2016 he was admonished for saying that women forced into wartime Japanese military brothels were “prostitutes by occupation.”

At the time, South Korean Government rebuked the Japanese Government and Sakurada was obliged to retract the remarks. Into wartime, many Koreans women were forced into sexual slavery by Japan’s Imperial Army.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Japanese cybersecurity strategy chief, politics)


The post Japanese government’s cybersecurity strategy chief has never used a computer appeared first on Security Affairs.

Source: Security affairs

This image, taken Wednesday, shows the OSIRIS-REx Touch-and-Go Sample Acquisition Mechanism sampling head extended from the spacecraft at the end of the robotic arm.

Enlarge / This image, taken Wednesday, shows the OSIRIS-REx Touch-and-Go Sample Acquisition Mechanism sampling head extended from the spacecraft at the end of the robotic arm. (credit: NASA)

NASA officials confirmed Friday that a test of a key component of the space agency’s mission to sample an asteroid was completed successfully. On Wednesday, for the first time in more than two years, the OSIRIS-REx spacecraft unfurled its robotic arm and put it through a series of maneuvers to ensure its space-worthiness after being packed away for launch and a long flight to the asteroid Bennu.

The asteroid sampling mission launched in September 2016, and the spacecraft has since been traveling through space to catch up to an asteroid known as Bennu, which has a diameter of about 500 meters. The spacecraft will officially “arrive” at Bennu in about two weeks, on December 3, so mission scientists wanted to make sure the robotic arm was functional after being stowed for so long.

This arm and its sampler head, known as the Touch-and-Go Sample Acquisition Mechanism or TAGSAM, is critical to the mission’s goal of retrieving at least 60 grams of material from the surface of Bennu and returning this sample to Earth by 2023. The collection device will act something like a reverse vacuum cleaner.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Psht, who needs 'em?

Psht, who needs ’em? (credit: Squirmelia)

Microsoft is planning to release a disc-free version of the Xbox One as early as next spring, according to an unsourced report from author Brad Sams of Thurrott.com (who has been reliable with early Xbox-related information in the past).

The report suggests the disc-free version of the system would not replace the existing Xbox One hardware, and it would instead represent “the lowest possible price for the Xbox One S console.” Sams says that price could come in at $199 “or lower,” a significant reduction from the system’s current $299 starting price (but not as compelling compared to $199 deals for the Xbox One and PS4 planned for Black Friday this year). Buyers will also be able to add a subscription to the Xbox Games Pass program for as little as $1, according to Sams.

For players who already have games on disc, Sams says Microsoft will offer a “disc to digital” program in association with participating publishers. Players will be able to take their discs into participating retailers (including Microsoft Stores) and trade them in for a “digital entitlement” that can be applied to their Xbox Live account.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/