News & Updates

Can this 3D printer really make rocket parts?

Enlarge / Can this 3D printer really make rocket parts? (credit: Relativity Space)

No one could argue that a company like SpaceX has one of the most cutting-edge rocket factories in the world, as the company builds some of the most advanced boosters launching today. And yet much of the manufacturing is still done by hand, at various work stations. Humans remain integral to building rockets.

However, a new company called Relativity Space is among those trying to radically automate the process. The California-based company is perhaps best known for its goal to print the entirety of its boosters, from payload fairings to the engines, with additive manufacturing. Equally revolutionary is the company’s goal to automate the production of rockets.

To that end, Relativity recently announced the hiring of Tobias Duschl, who has worked for the last six years as senior director of global business operations for Tesla, the electric vehicle company. He will run operations for Relativity as it transitions from development to commercial spaceflight operations over the next three to four years.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The NATO military command center should be fully operational in 2023, every member states will contribute with its cyber capabilities to the military hub.

The new NATO military command center should be fully operational in 2023, among its tasks the defense of the critical infrastructure of member states and the ability to carry out cyber attacks according to rules of engagement still to be defined.

NATO alliance is aware of growing threats in the cyberspace and the new NATO military command center aims to respond them.

Each member of the alliance will contribute to the offensive cyber capabilities of the new military hub.

“While NATO does not have its own cyber weapons, the U.S.-led alliance established an operations center on Aug. 31 at its military hub in Belgium. The United States, Britain, Estonia and other allies have since offered their cyber capabilities.” reported the Reuters.

“This is an emerging domain and the threat is growing,” said Major General Wolfgang Renner, a German air force commander who oversees the new cyber operations center, or CYOC, in Mons.

“We have to be prepared, to be able to execute operations in cyberspace. We have already gone beyond protection and prevention,” he told Reuters during a NATO cyber conference.

NATO

A team of 70 cyber experts will be the pillar of the new NATO military command center that will gather and share information on various threat actors, including cybercrime syndicates, nation-state attackers, terrorists, and hacktivists.

According to the NATO Communication and Information Agency, the NATO communication and computer networks face hundreds of major attacks every month., China, North Korea, and Russia continuously target the infrastructure of the alliance with cyber espionage purposes.

Recent cyber espionage campaigns attributed to Russia have raised the debate inside the alliance about an urgent response to the aggressive cyber strategy of the Kremlin.

The European Union earlier last week discussed various responses to the attackers, including economic sanctions to countries that mounted the cyber attacks.

“Our ultimate aim is to be completely aware of our cyberspace, to understand minute-by-minute the state of our networks so that commanders can rely on them,” said Ian West, chief of cyber security at the NATO communication agency.

Let’s remind that NATO has recognized cyberspace as the fifth element of warfare, so the alliance could respond with conventional weapons in case of a powerful cyber attack.

NATO has warned that in the future any cyber attack against a member state could trigger a military response according to the alliance’s Article 5, mutual defence clause.

“Our concept of operations, a toolbox for short-notice decisions about how to respond, is not in place yet. This is one of the challenges we face,” Renner said.

“If NATO can agree cyber warfare principles, the alliance hopes to integrate individual nations’ cyber capabilities into alliance operations, coordinated through the Mons cyber operations center and under the command of NATO’s top general, the Supreme Allied Commander Europe, or SACEUR.” continues the Reuters.

“That could allow the top general to take quick decisions on whether to use cyber weapons, similar to existing agreements for NATO’s air defenses and its ballistic missile shield, where a commander has only minutes to decide what action to take.”

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – NATO military command center, Information warfare)


The post NATO military command center should be fully operational in 2023 appeared first on Security Affairs.

Source: Security affairs

Dimly lit tunnel with piping

Enlarge / An image of the Hawthorne test tunnel under construction. (credit: The Boring Company)

On Sunday night, Tesla, SpaceX, and Boring Company CEO Elon Musk tweeted “The first tunnel is almost done,” adding that the tunnel will open December 10. “The first tunnel” refers to the initial tunnel that The Boring Company has been digging under the streets of Hawthorne.

Work began on that project around the start of 2017, when Musk moved excavation equipment into what was then SpaceX’s tiny employee parking lot and began digging. Since then, Musk has purchased a boring machine to tunnel under the Los Angeles neighborhood with the hope of making modifications to the machinery that will allow tunnels to be dug more quickly.

According to The Boring Company website, the Hawthorne tunnel “leaves SpaceX property (parking lot east of Crenshaw Boulevard and south of 120th Street), turns west under 120th Street, and remains under 120th Street for up to 2-miles.” Musk tweeted last night that pods in the tunnel will achieve a top speed of 155mph (250km/h). The CEO added that there will be an opening event on the evening of December 10 and free rides for the public on the following day.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Ron Amadeo

The latest entry to the Google Home ecosystem is called the Google Home Hub. The Home Hub marries a screen with the Google Assistant-powered voice command system, allowing users to call up recipes, utilize smart home controls, or watch YouTube videos.

We’ve seen this software before—there’s presently a whole device category out there known as “Google Smart Displays.” Just like with Android, Google makes the software, and a number of OEMs then load the software onto their devices. Google Smart Display devices have thus far been made by LG and JBL, and we did a full review of the Lenovo Smart Display. Unlike Android, Google currently has full control of the Smart Display software no matter who manufactures the hardware. This means every device pretty much has the exact same UI and capabilities, aside from the usual technology treadmill of new features exclusive to new devices.

Read 52 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.

Researchers at Zimperium’s zLabs team have found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.

The researcher Ori Karliner and his team analyzed some of the most popular operating systems in the IoT market, including the FreeRTOS. FreeRTOS is an open-source operating system that runs on most of the small microprocessors and microcontrollers in IoT devices.

Karliner discovered 13 vulnerabilities in FreeRTOS that could be exploited by an attacker to conduct several malicious activities, including remote code execution, information leak and DoS attacks.

FreeRTOS IoT botnet

The OS supports more than 40 hardware architectures, it is used in a broad range of products, including appliances, sensors, electricity meters, fitness trackers, industrial automation systems, cars, electricity meters, and any microcontroller-based devices.

The vulnerabilities reside in the implementation of the TCP/IP stack and affect a FreeRTOS branch maintained by Amazon and the OpenRTOS and SafeRTOS maintained by WITTENSTEIN high integrity systems (WHIS).

The flaws affect the FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components).

Amazon has been notified of the situation and the company responded by releasing patches to mitigate the problems.

“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOSSafeRTOS.” reads the analysis published by Zimperium.

“These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.

Zimperium will wait for 30 days before releasing technical details about its findings, to allow smaller vendors to patch the vulnerabilities.

Below the full list of the vulnerabilities discovered by the experts.

CVE-2018-16522 Remote Code Execution
CVE-2018-16525 Remote Code Execution
CVE-2018-16526 Remote Code Eexecution
CVE-2018-16528 Remote Code Execution
CVE-2018-16523 Denial of Service
CVE-2018-16524 Information Leak
CVE-2018-16527 Information Leak
CVE-2018-16599 Information Leak
CVE-2018-16600 Information Leak
CVE-2018-16601 Information Leak
CVE-2018-16602 Information Leak
CVE-2018-16603 Information Leak
CVE-2018-16598 Other

 

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – IoT, hacking)


The post FreeRTOS flaws expose millions of IoT devices to cyber attacks appeared first on Security Affairs.

Source: Security affairs

The Israel Defense Forces has bid to obtain spying systems that will allow monitoring of the private messages of social media users.

Monitoring of social media platforms is a crucial activity for intelligence agencies, almost any government is working to gather intelligence for these systems.

According to the Haaretz, the Israel Defense Forces has bid to obtain spying systems that will allow monitoring of the private messages of social media users.

“The Israel Defense Forces asked cybersecurity companies in 2016 to present proposals for creating a system that would monitor social media users’ personal correspondence.” states the Haaretz.

The newspaper had obtained a document that shows that in 2016 the Israel Defense Forces asked the cyber companies to propose their solutions for the spying on users of the social networks.

Haaretz revealed that the Israeli Defence Forces want to use the system to trace and monitor the activity of social media users, including all information posted or exchanged through the most popular platforms, including Facebook, Twitter, Instagram and YouTube.

The monitoring system would also monitor posts and information exchanged in several languages, including Hebrew, Arabic and English.

“The system in question would have to scan and store both private and public information from users of Facebook, Twitter, Instagram, Google Plus, YouTube and so on.” continues the newspaper.

It does not specify who would be monitored; or Jewish citizens of Israel, or Palestinian residents of the Jerusalem – who for the most part do not hold Israeli citizenship – would be targeted; or any restrictions set by any outside entity would be imposed on the surveillance activities.

The surveillance system have to allow government operators to spy on users by searching for targeted keywords, such as terror, resistance, nationality and religion.

Of course, the IDF declared that the document obtained by the Haaretz was a draft of an invitation to submit bids that did not come to fruition.

The Israeli Defense explained added that the bidding process was not carried out for both operational and technological reasons

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – social media, surveillance)


The post Israel Defense Forces were searching systems to spy on private social media messages appeared first on Security Affairs.

Source: Security affairs

Cisco Talos expert discovered a code execution vulnerability (CVE-2018-4013) that has been identified in Live Networks LIVE555 streaming media RTSPServer.

Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability  (CVE-2018-4013) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer.

LIVE555 Streaming Media is a set of open-source C++ libraries maintained by Live Networks Inc. for multimedia streaming, it supports open standards such as RTP/RTCP and RTSP for streaming.
LIVE555 Streaming Media is able to process video RTP payload formats such as H.264, H.265, MPEG, VP8, and DV, and audio RTP payload formats such as MPEG, AAC, AMR, AC-3 and Vorbis.
An attacker can exploit the vulnerability by sending a specially crafted packet  containing multiple “Accept:” or “x-sessioncookie” strings that triggers a stack-based buffer overflow, resulting in code execution.

The vulnerability affects the HTTP packet parsing functionality that analyzes HTTP headers for RTSP tunneling over HTTP.

“An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.” reads the advisory published by Talos.

The CVE-2018-4013  flaw potentially exposes millions of users of media players to cyber attacks.

The flaw affects Live Networks LIVE555 Media Server, version 0.92 and likely the earlier version of the product, a security update has already been issued to address the vulnerability.

Users of vulnerable media players are recommended to update their installs to the latest version.

Experts released the following SNORT rules to detect attempts to exploit these vulnerabilities:

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – CVE-2018-4013 VLC RCE, hacking)


The post MPlayer and VLC media player affected by critical flaw CVE-2018-4013 appeared first on Security Affairs.

Source: Security affairs

Salt flats in South America

Enlarge / A general view of Laguna Colorada located near the border with Chile, in the Uyuni Salt Flats, Bolivia. The Uyuni Salt Flats are estimated to contain 100 million tons of lithium, making it one of the largest global reserves of this mineral, according to state officials at the Bolivian Mining Corporation. (credit: MARTIN BERNETTI/AFP/Getty Images)

Two of the world’s biggest lithium producers, Albemarle Corporation and Sociedad Quimica y Minera de Chile (otherwise known as SQM), are tangled in two disputes: the first over water rights in Chile’s Atacama desert and the second over ownership of SQM.

Both Albemarle and SQM have significant operations in the Atacama desert, where some of the world’s best lithium resources exist. As electric vehicles with lithium-ion batteries become more popular, lithium resources are becoming more valuable. That has created some conflict in an industry that has long remained relatively quiet.

Who’s drinking whose milkshake?

This week, Reuters reported that both Albemarle and SQM have accused each other of overdrawing brine from the Atacama’s underground aquifers. Both companies have operations in the Atacama’s Salar, and their operations are just three miles apart from each other. The brine water that has been accumulating for millennia under the Atacama is lithium-rich, and companies pump it out and send the brine to evaporation ponds where heat extracts the water and leaves the reactive alkali metal behind.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group.

The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries.

According to experts from Kaspersky Lab, threat actors leverage NSA tools DarkPulsar, DanderSpritz and Fuzzbunch to infect Windows Server 2003 and 2008 systems in 50 organizations in Russia, Iran, and Egypt.

The infected vulnerable servers are used in some 50 organizations within industries including aerospace and nuclear energy, particularly those with large IT and R&D departments.

“DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical windows interface similar to botnets administrative panels as well as a Metasploit-like console interface. It also includes its own backdoors and plugins for not-FuzzBunch-controlled victims.” Kaspersky Lab experts Andrey Dolgushev, Dmitry Tarakanov, and Vasily Berdnikov wrote.

“Fuzzbunch on the other hand provides a framework for different utilities to interact and work together. It contains various types of plugins designed to analyze victims, exploit vulnerabilities, schedule tasks, etc.”

DarkPulsar is a backdoor that could be used by attackers in conjunction with the Fuzzbunch exploit kit to gain remote access to the targeted server.

Once the backdoor is established the attackers could use the plugins of DanderSpritz to monitor and exfiltrate data from the compromised machines.

DarkPulsar ShadowBrokers

Each hacking tool supports a set of plugins designed for different tasks, the FuzzBunch plugins are used for reconnaissance and hacking the target system, DanderSpritz plugins are used for the management of already infected victims.

The discovery of the last wave of attacks is very important, it demonstrates that threat actors could chain nation-state hacking tools and exploit to create a powerful attack package. It shows how hackers combined the tool to carry out high sophisticated hacking operations.

“The discovery of the DarkPulsar backdoor helped in understanding its role as a bridge between the two leaked frameworks, and how they are part of the same attacking platform designed for long-term compromise, based on DarkPulsar’s advanced abilities for persistence and stealthiness,” Kaspersky Lab said.

“The implementation of these capabilities, such as encapsulating its traffic into legitimate protocols and bypassing entering credentials to pass authentication, are highly professional.”

The expert from Kaspersky also provided technical details and IoCs for the attacks leveraging the NSA tools.

It is important to remind that security patches are available for the vulnerabilities targeted by the leaked NSA exploits.

“The FuzzBunch and DanderSpritz frameworks are designed to be flexible and to extend functionality and compatibility with other tools,” concludes the experts.

“Each of them consists of a set of plugins designed for different tasks: while FuzzBunch plugins are responsible for reconnaissance and attacking a victim, plugins in the DanderSpritz framework are developed for managing already infected victims.”

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – NSA hacking tools, DarkPulsar)


The post DarkPulsar and other NSA hacking tools used in hacking operations in the wild appeared first on Security Affairs.

Source: Security affairs

Ars chats up The Guilty writer/director Gustav Möller in a particularly Ars-y (and dark) karaoke room at Fantastic Fest 2018 (produced/edited by Nathan Mattise; transcript available). (video link)

AUSTIN, Texas—Browsing through written descriptions (whether in this year’s Fantastic Fest brochure or this weekend’s movie listings), The Guilty might sound remarkably unremarkable: a cop on desk duty takes a panicked 9-1-1 call and has to figure out what’s happening. It sounds like a classic high-stakes, detective-against-time story, but what makes its intriguing is that the entire film never leaves the detective’s office—the cinematic equivalent of a bottle episode.

Danish writer/director Gustav Möller has created something special with those constraints, and anyone lucky enough to find The Guilty playing nearby during its limited US theatrical release should take advantage of it. The film feels like a masterclass in minimalism in all aspects, from the way it doles out information to the performance of its lead to the so-good-you-can’t-help-but-notice-it sound design. The Guilty is a film you can’t look away from despite the visuals being its least interesting part.

Read 14 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/