Categories
Security

Researchers find new vulnerability with Apple Silicon chips

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Far Cry 6 Supremo Backpack Guide: All Backpack Abilities and Where to Find Them

You can play stealthy, guns blazing, or some combination of the two in Far Cry 6. The open-world nature of the game lets you tackle objectives as you see fit, so long as it involves killing everyone in your path, that is. To facilitate this mass carnage, all in the name of freeing Yara from the clutches of an evil dictator mind you, you will be given many tools of destruction and mayhem. Guns will be your standard, faithful method for dishing out justice, but they’re far from your only option. A new tool that Far Cry 6’s protagonist has access to almost right away is the Supremo Backpack, which can instantly turn the tides of a firefight in your favor.

Supremo Backpacks come in many different forms, seven to be exact, and each has its own ability. Some are more offensive-focused, while others have more support or situational uses, but all are very powerful and worth collecting. Each ability has a meter that must be charged to use it, either by waiting or filling it up faster by getting kills with your traditional weaponry. You will be given one automatically, but the rest have to be unlocked and purchased. The only exception is the final Supremo, which you need to go out of your way to find. If you want to be fully equipped to face the Yaran military forces, follow our guide here on all the Supremo Backpack abilities and how to get them in Far Cry 6.

Further reading

Exterminador

You will automatically be given this Supremo Backpack as your first one during the early main missions of Far Cry 6 called Du or Die. Once you get it, you may be tempted to never even bother looking into getting another because of how cool, and useful, it is. The Exterminador’s ability is called Armageddon Strike and is just as devastating as it sounds. When activated, your backpack will shoot out a flurry of missiles into the air that automatically track nearby hostiles ahead of you and blow them to smithereens. These missiles are great for just about everything, from regular soldiers to land- and air-based vehicles.

Fantasma

Looking at the Fantasma Supremo backpack.

The next available Supremo you can unlock is the Fantasma. As long as you have enough depleted uranium, you can buy this second Supremo as soon as you want from Juan or any of his merchants. This backpack’s unique ability is called Venom Salvo. Can you guess what this one might do? If you thought it would launch a giant gas grenade, you’d be correct. Just like poison bullets, anyone who is in range of this gas’s area of effect will become confused and start attacking their allies. From there, you’re free to waltz on by, or take advantage of the chaos and wipe out a base with ease.

Obviously, the Fantasma is only going to be useful against ground troops, and not so much against vehicles.

Volta

Looking at the Volta Supremo backpack.

The Volta is another Supremo you can purchase as early as you are able to afford it from Juan or his men. Like the Fantasma to some extent, this is a great backpack to equip if you like to play with more of a stealth focus in Far Cry 6. What the Volta can do is called the El Impulso. You could probably guess, even without knowing Spanish, that this is an EMP-type ability. When activated, your Supremo will send out an electronic-busting blast that will instantly shut down all security systems in the area, disable vehicles for an easy hijack, and even knock over foot soldiers.

Furioso

Using a Supremo to jetpack through the air.

The first Supremo Backpack that has a requirement to get, aside from purchasing it with depleted uranium of course, is the Furioso. To open this pack up for purchase, you will need to just hit rank 3, so not too much of a grind. Once equipped, you will get the Fuego Loco ability. This is a very unique skill as it first shoots out a ring of fire ahead of you, incinerating anyone and anything in its path, but it also has a second function. If you jump while activated, you gain something of a double jump or air dash where you will be launched forward to help reposition yourself on the battlefield.

Medico

Looking at the Medico Supremo backpack.

Next up, the Medico will unlock in Juan’s shop as soon as you hit rank 4 in Far Cry 6. Again, the name somewhat gives away what this Supremo has in store. Called Zona Medicina, this pack’s ability is a fully support- and survival-focused skill. It has a few functions to note. First is that it gives you a self-revive, but also gives you and any allies, NPC or co-op, passive health regeneration. This makes it a great addition to mix and match with your co-op partner to keep each other alive in dangerous situations.

Gladiador

Dani injecting herself with her Supremo.

Keeping with the trend, rank up one more time to 5 and you can purchase the Gladiador Supremo Backpack. We’re back to a more combat- and damage-dealing type with this backpack. The ability is called Juice Injector and will give your character buffs to just about every stat you’d want in a fight. Your health and speed are both pushed to the max, and it makes every melee strike a deadly machete attack. You’re not invincible in this state, but you will probably feel like you are.

Triador

Seeing an enemy highlighted through a wall.

Finally, we have the Triador. This is the only Supremo Backpack that isn’t obtained through Juan’s shop or automatically given to you. You’ll need to do a little extra exploring and questing to get your hands on it, but boy is it worth the effort. To find this very powerful pack, you will have to complete the Triada Blessings Yaran Story side quest chain. This is also how you get one of the Amigos and the unique La Varita Rifle, so there’s even more incentive to tackle these optional missions. These quests start at the Oluwa Cave, which will take you all across the entire map of Yara.

Manage to grab this final Supremo Backpack and you will get access to the Truesight ability. Switch this bad boy on and it will highlight all enemy outlines, even if they’re behind walls or cover. And, while it’s at it, they’ll become marked as well. Whether you want to be stealthy or go full-on assault mode, being able to see every enemy in a base, regardless of if they’re actually visible or not, is an amazing advantage.

One final little bonus for getting all seven Supremo Backpacks is that you will unlock the Backpacking trophy or achievement.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Death’s Door: How to Find All Shrine Locations

As what is essentially the grim reaper, your little crow is going to be facing a lot of resistance in trying to escort the souls of the dead for the Ministry of Death when you’re sent to the land where not even death has power. This world of Death’s Door is full of strange and bizarre characters. A few are friendly, but most are looking to make sure you never collect another soul again. Your little crow is a fragile creature, with only a handful of weapons, some magic, and your own skill in dodging and attacking to keep them alive.

Thankfully, Death’s Door is a light RPG, which, in this case, means you can improve your base stats to help overcome the intense boss battles that await you. Instead of just getting stronger by earning XP by killing normal foes, you can only improve certain attributes by exploring the world and encountering special Crystal Shrines. There are a total of 16 shrines spread across the world, and they are split into two categories depending on what they do. The more of them you’re able to discover, the better chance you’ll have at surviving this deathly ordeal. Here are all the shrine locations in Death’s Door.

Further reading

What are the Crystal Shrines, and what do they do?

The two types of Crystal Shrines have similar appearances. These are giant, stone bird faces or something resembling a bird’s face with glowing eyes. As we mentioned, the 16 shrines you can find are broken up into two types: Green and pink shrines. Green shrines are the Vitality Crystal shrines, which will increase your health bar once you’ve collected four. Pink Crystals, again, once you have four, will increase your soul power, which is, of course, used for your bow, magic, and bombs as well. Doing some quick math, you can get an extra two notches to your HP and magic bars by finding every shrine hidden in the game.

All Vitality Crystal Shrines

Here’s the location for every Vitality Crystal Shrine.

Lost Cemetery shrines

There are two vitality shrines you can find in the Lost Cemetery zone. The first one you can get to from the Lost Cemetery door. Head south from the door, and use the ladders that take you up along the east side of the castle. Follow this path to the south until you hit an elevator you can ride, at which point, go left around the building and jump down the ledge. Enter the door to find your first shrine.

The second shrine in the Lost Cemetery can’t be reached until you’ve unlocked the Hookshot item. Once you’ve obtained it, head through the Grove of Spirits to the door that leads into the Lost Cemetery and use the Hookshot to traverse a pit to the north. Simply continue on this road until you hit the next shrine.

Estate of the Urn Witch shrine

Before going for this shrine, make sure you’ve unlocked the Fireball spell. From the Ceramic Manor, go southeast to the area where you had to fight a bunch of waves of mobs after the battle with the Black Iron Knight. Notice the four pots in the area, and hit each one with a fireball to light them. This will make a bridge appear that you can cross to an island with a hole you can drop down to find this next shrine.

Urn Witch’s Laboratory shrine

You’ll need your trusty bow for this next shrine. Start at the Inner Furnace Door and backtrack into the laboratory. Find the square platform with the docking points for the Bull Platform and shoot an arrow northeast to make the bull come in. Ride it back in the same direction it came from, and you can reach this shrine.

Overgrown Ruins shrine

Make your way to the Village in Overgrown Ruins and travel to the northeast and then turn west to find a grate you can go through. Simply follow this path right to this easy shrine.

Mushroom Dungeon shrine

Get your bombs ready for this shrine. In the Mushroom Dungeon, return to the flooded room where you were ambushed by waves of enemies. If you noticed the bomb-able wall here the first time, great. If not, it’s on the north side of this room. Blast it open, and use your fireball to light the torches inside to reveal the shrine.

Stranded Sailor shrine

This is another shrine you’ll need to have the Hookshot for. Go northwest from the Stranded Sailor Door to reach the docks. Use your Hookshot to cross over them, dealing with the enemies on the way to unlock a door to the north. Inside is this shrine.

Village of the Crows shrine

The final Vitality Crystal Shrine is in the Village of the Crows, which you should enter via the Old Watchtower Door. After exiting the elevator, you will see the sign pointing you toward the Frozen Canyon. Follow the sign, and you will encounter a timed platforming challenge. Manage to beat it, and the last shrine is yours.

All Magic Crystal Shrines

The crow standing outside a small house.

Next up, we’ll cover all eight Magical Crystal Shrines to give you more magic and ranged ammo.

Lost Cemetery shrine

Take your bombs to the northwest area of the Lost Cemetery, just before the caves that would take you to the Stranded Sailor. Take the smaller path to the left to a wall you can blow open. Enter the cave, and you’ll get your first magic shrine.

Estate of the Urn Witch shrine

Starting out at the Ceramic Manor’s front door, head west to a lone tree with some bushes to the north. Squeeze through a passage in the bushes to the hidden area with this shrine in it.

Ceramic Manor shrine

Again at the manor, only this time inside, go to the north side and find the bathroom where there are two invisible pots you can spot based on the reflections on the floor. Break them to reveal a door that will take your right to the shrine.

Overgrown Ruin shrines

Make your way to the village area, go west as far as you can, and find a small gap in the wall. It’s hidden, but once you squeeze through, you can drop down a small gap right to this shrine.

Flooded Fortress shrine

Have your bow and arrows ready at the entrance to the Flooded Fortress, where you encounter the moving platforms. Look for the doorway to the northeast from here and fire an arrow into it. This will cause new platforms to appear you can use to access a new area with this shrine.

Stranded Sailor shrine

After going through the Stranded Sailor door, head west up some stairs to the stone tower and break some icicles in your path to continue around the backside. Go down the ladder, then use your drop attack to break through a sewer cap. Head into the open hole, follow the pipe and hit up this shrine.

Castle Lockstone shrine

The final shrine is in Castle Lockstone. From the door, go west to the room with a ladder in it. You will have to smash some ice with your sword to access the ladder. Continue west, dropping down, to the room with a series of Hookshot targets, but look for the hole in the wall that is key-shaped and make your way over to it. Pull the lever beside it to open a gate on the other side of the room. Now, use your Hookshot to get over there and access your final magic shrine.

If you’ve gotten them all up to this point, your crow will be as powerful as they can get in Death’s Door. 

Editors’ Choice




Repost: Original Source and Author Link

Categories
AI

How NASA is using knowledge graphs to find talent

All the sessions from Transform 2021 are available on-demand now. Watch now.


One of NASA’s biggest challenges is identifying where data science skills reside within the organization. Not only is data science a new discipline – it’s also a fast-evolving one. Knowledge for each role is constantly shifting due to technological and business demands.

That’s where David Meza, acting branch chief of people analytics and senior data scientist at NASA, believes graph technology can help. His team is building a talent mapping database using Neo4j technology to build a knowledge graph to show the relationships between people, skills, and projects.

Meza and his team are currently working on the implementation phase of the project. They eventually plan to formalize the end user application and create an interface to help people in NASA search for talent and job opportunities. Meza told VentureBeat more about the project.

VentureBeat: What’s the broad aim of this data led project?

David Meza: It’s about taking a look at how we can identify the skills, knowledge and abilities, tasks, and technology within an occupation or a work role. How do we translate that to an employee? How do we connect it to their training? And how do we connect that back to projects and programs? All of that work is a relationship issue that can be connected via certain elements that associate all of them together – and that’s where the graph comes in.

VentureBeat: Why did you decide to go with Neo4j rather than develop internally?

Meza: I think there was really nothing out there that provided what we were looking for, so that’s part of it. The other part of the process is that we have specific information that we’re looking for. It’s not very general. And so we needed to build something that was more geared towards our concepts, our thoughts, and our needs for very specific things that we do at NASA around spaceflights, operations, and things like that.

VentureBeat: What’s the timeline for the introduction of Neo4j?

Meza: We’re still in the implementation phase. The first six to eight months was about research and development and making sure we had the right access to the data. Like any other project, that’s probably our most difficult task – making sure we have the right access, the right information and thinking about how everything is related. While we were looking at that, we also worked in parallel on other issues: what’s the model going to look like, what algorithms are we going to use, and how are we going to train these models? We’ve got the data in the graph system now and we’re starting to produce a beta phase of an application. This summer through the end of the year, we’re looking towards formalizing that application to make it more of an interface that an end user can use.

VentureBeat: What’s been the technical process behind the implementation of Neo4j?

Meza: The first part was trying to think about what’s going to be our occupational taxonomy. We looked at: “How do we identify an occupation? What is the DNA of an occupation?” And similarly, we looked at that from an employee perspective, from a training perspective, and from a program or project perspective. So simply put, we broke everything down into three different categories for each occupation: a piece of knowledge, a skill, and a task.

VentureBeat: How are you using those categories to build a data model?

Meza: If you can start identifying people that have great knowledge in natural language processing, for example, and the skills they need to do a task, then from an occupation standpoint you can say that specific workers need particular skills and abilities. Fortunately, there’s a database from the Department of Labor called O*NET, which has details on hundreds of occupations and their elements. Those elements consist of knowledge, skills, abilities, tasks, workforce characteristics, licensing, and education. So that was the basis for our Neo4j graph database. We then did the same thing with training. Within training, you’re going to learn a piece of knowledge; to learn that piece of knowledge, you’re going to get a skill; and to get that skill, you’re going to do exercises or tasks to get proficient in those skills. And it’s similar for programs: we can connect back to what knowledge, skills, and tasks a person needs for each project.

VentureBeat: How will you train the model over time?

Meza: We’ve started looking at NASA-specific competencies and work roles to assign those to employees. Our next phase is to have employees validate and verify that the associated case — around knowledge, skills, abilities, tasks, and technologies — that what we infer based on the model is either correct or incorrect. Then, we’ll use that feedback to train the model so it can do a little bit better. That’s what we’re hoping to do over the next few months.

VentureBeat: What will this approach mean for identifying talent at NASA?

Meza: I think it will give the employees an opportunity to see what’s out there that may interest them to further their career. If they want to do a career change, for example, they can see where they are in that process. But I also think it will help us align our people better across our organization, and we will help track and maybe predict where we might be losing skills, where we maybe need to modify skills based on the shifting of our programs and the shifting of our mission due to administration changes. So I think it’ll make us a little bit more agile and it will be easier to move our workforce.

VentureBeat: Do you have any other best practice lessons for implementing Neo4j?

Meza: I guess the biggest lesson that I’ve learned over this time is to identify as many data sources that can help you provide some of the information. Start small – you don’t need to know everything right away. When I look at knowledge graphs and graph databases, the beauty is that you can add and remove information fairly easily compared to a relational database system, where you have to know the schema upfront. Within a graph database or knowledge graph, you can easily add information as you get it without messing up your schema or your data model. Adding more information just enhances your model. So start small, but think big in terms of what you’re trying to do. Look at how you can develop relationships, and try to identify even latent relationships across your graphs based on the information you have about those data sources.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Game

Find Every Empty Bottle in Legend of Zelda: Skyward Sword HD

In most games, an empty bottle isn’t an item worth getting excited over. In fact, most games don’t even qualify them as items and just have them scattered around as decorations or things to break. The Zelda franchise, however, has always put a strange level of importance on these simple objects. They are always found in limited numbers and can do things no other items in the game can. As powerful a tool as they are, especially in The Legend of Zelda: Skyward Sword HD, collecting them all isn’t an easy task.

There are a mere five empty bottles you can obtain throughout the world of The Legend of Zelda: Skyward Sword HDThey will take up a slot in your Adventure Pouch, but that is a slot well worth sacrificing for all these bottles can do. From holding a spare fairy and all the various potion types to quest items, you’ll never regret packing an extra bottle. Some will require you to meet certain requirements, such as obtaining other items or completing quests. If you’re stuck trying to locate any of the empty bottles on your adventures, here’s where you can find them all in The Legend of Zelda: Skyward Sword HD.

Note: Slight spoilers ahead on plot points that trigger when some bottles become available.

Further reading

Empty bottle 1

The first empty bottle you can get is right at home in Skyloft, but only after Zelda has gone missing. Once this happens, take a detour to the Bazaar potion shop and talk to the owner, Luv. She will remark that you don’t have a bottle to hold any potions in and give you your first empty bottle for free.

Empty bottle 2

Later on in the game, once you’re exploring the Sealed Temple, you will come across an old woman in a room with some pots and a treasure chest. Obviously, you don’t need us to tell you that opening the chest is a good idea. Inside, you’ll get a revitalizing potion. Once you’ve used the potion, you’ll hang on to the empty bottle.

Empty bottle 3

From here on, getting the rest of the empty bottles will be a little more complicated. First, head to the Plaza in Skyloft where the Light Tower is, and look for Parrow roaming around the area. Speak to him, and he’ll tell you he’s looking for his lost sister, Orielle, who was supposedly going toward a colorful island to the southwest. This will begin the Orielle side quest.

First, take to the sky on your Loftwing and head southwest. On your map, you can spot the colorful island that Orielle was apparently going to, called Fun Fun Island. However, this isn’t where you’ll find her. Instead, look just to the east of Fun Fun Island for a much smaller island and head there. This is where you can find Orielle, who is stuck here because her Loftwing has been injured and is unable to fly. She’ll ask you to bring her some medicine to heal her Loftwing so she can get back home.

Fly back to Skyloft and to the Plaza to let Parrow know you found his sister. He’ll provide you with some Mushroom Spores to heal her Loftwing. Once you’ve used the spores, the bottle will be yours to keep!

Empty bottle 4

Link fighting two Bokoblins in a temple.

This bottle is inside the Fire Sanctuary and will require the Mogma Mitts to uncover. With this item, go back to the first room where you fought Magmanos, the enemies that look like hands made of fire and lava, and use the mitts to dig through into an area with a water plant. Use this water plant to deal with the Magmanos, which will open up a new passageway that leads right to a chest holding the fourth empty bottle.

Empty bottle 5

This final empty bottle is found via accessing a specific Goddess Cube and then opening the chest it reveals. You will need to be able to access the Thunderhead area of the map as well. The Goddess Cube is also inside the Fire Sanctuary, or rather the cave you pass through leading to it, in the room that takes you to the Fire Dragon. During the part of the quest where you need to reach the Fire Dragon, a platform will appear in the air. Make your way up, and use a Skyward Strike to activate the cube.

Now head to the western side of Thunderhead and find the chest on an island protected by some bars. You can use your Mogma Mitts to dig down through a dig spot above the chest, which you can reach via some vines that you can climb up to the chest itself. Open up the chest, and claim your fifth and final empty bottle.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Fortnite Inflate-A-Bull: Where to find and how to use the disguise

More than two weeks after we first learned about the new consumable, Epic has officially updated Fortnite with a new item called Inflate-A-Bull. The consumable item looks the way we expected based on past leaks: like an inflatable bull costume. Beyond that, Epic has finally confirmed the purpose of this new item.

Inflate-A-Bull is, Epic says, a cow disguise made by the game’s fictional Imagined Order in order to “surprise attack” the alien invaders. The IO decided to make this disguise “knowing that cattle are an alien abduction favorite,” at least according to a Hot Saucers mailing list message from the game character Mari.

The Inflate-A-Bull indeed resides on the player’s back and, once deployed, enables them to bounce and roll out of harm’s way. This is particularly useful when you need to get down a hill quickly, as rolling downhill happens much faster than running. Inflating the disguise will also immediately get rid of an unwanted alien parasite.

Of course, one must question how effective a cow disguise is when aliens are, according to the lore, actively drawn toward cattle. Epic notes this little issue, warning that Saucers may be more prone to eyeing players when they’re wearing the inflatable, but that ultimately the benefits it offers outweighs the abduction risk.

The disguise will also protect you from getting shot, but only once because the same shot will pop the suit, leaving you exposed and vulnerable. There is a waiting period after getting shot before you can deploy the disguise again, but if you manually deflate it instead, it’ll deploy much more rapidly the second time.

Unlike a previous leak that claimed you’d have to get the disguise from the Rick Sanchez AI characters, Epic notes that you’ll be able to get them from chests — both the small normal chests and the large IO crates.

Repost: Original Source and Author Link

Categories
Tech News

We’ll never find dark matter… without quantum tech

Almost a century ago, Dutch astronomer Jacobus Kapteyn first proposed the existence of dark matter. He’d been studying the motion of stars in galaxies — a galaxy can be described, in rough terms, as a heap of stars, gas and dust rotating around a common center — and noticed that something was off. The stars in the outer layers of the galaxy were rotating much too fast to conform with the laws of gravity. Kapteyn’s hypothesis was that some invisible, massive stuff might be in and around the galaxy, making the outer stars reach the observed velocities.

From the 1960s to the ’80s, Vera Rubin, Kent Ford and Ken Freeman gathered more evidence in support of this hypothesis. They ultimately showed that most galaxies must contain six times as much invisible mass as they do visible stars, gas and dust.

Other observations in favor of dark matter followed, such as gravitational lensing and anisotropies in the cosmic microwave background. Gravitational lensing is a phenomenon in which light beams get bent around massive objects; the cosmic microwave background is an outer layer of the universe that would be quite homogeneous without dark matter but is rather lumpy in reality.

In the meantime, uncountable masterminds have devised theories and designed experiments to track down dark matter. Nevertheless, nobody has actually seen a dark matter particle as of now. That’s why, even today, senior scientists, as well as doctoral students like myself, are still conducting research on dark matter. And it still seems as though discovering dark matter is many centuries — maybe even millennia — away.

With recent advances in quantum computing, however, dark matter physics might experience a massive boost. The search for two types of dark matter — scientists don’t actually know whether they both exist but they’re trying to figure that out — might profit from quantum technology. The first type is the axion, whose existence might explain why the strong nuclear force doesn’t change if you flip a particle’s electric charge and parity. The other type is the dark photon. These particles would behave similarly to photons, the particles of light, except that dark photons aren’t light at all, of course.

Searching for axions

According to theory, axions should be wobbling through space and time at a particular frequency. The only problem is that theorists are unable to predict what that frequency might be. So, researchers are left to scan an enormous range of frequencies, one small band at a time.

Like an old radio receiver converts radio waves into sound, axion detectors convert axion waves into electromagnetic signals. This process gets more complicated, though, because axions oscillate at two different frequencies simultaneously.

You can picture this looking a little like a drunk person trying to get home from a party: They might take three steps to the right, then three steps to the left, then back to the right again. That’s one frequency, on the “left-right” spectrum. Because they also have massive hiccups, though, they might jump into the air at each HIC!, which occurs every four steps. That’s the second frequency, on the “up-down” spectrum.

Axions may be a little more sophisticated than drunk people, but they also have two frequencies, just like partygoers who have enjoyed a glass too many.

Mathematically, one can put these two frequencies together by quadratically adding them. That is, one multiplies the first frequency by itself, adds the second frequency multiplied by itself and then takes the square root.

In our drunkard’s example, three steps times themselves equal nine steps squared for the first frequency, four steps times themselves equal 16 steps squared for the second frequency, and together we get that the square root of nine steps squared plus 16 steps squared is five steps. This — in our example, five steps — is called electromagnetic field quadrature.

Credit: Author provided
Categories
Security

Unplug your WD My Book Live, or you might find your drive’s data wiped

If you own a WD My Book Live NAS, you should immediately disconnect it from your network — users have discovered that their data has seemingly been deleted off the device, with no action on their part (via Ars Technica). In a post on its community forum, WD says that the data loss appears to be the result of “malicious software,” and advises any My Book Live or My Book Live Duo owners to disconnect their devices from the internet to protect their data.

Some users on WD’s forum report that their devices appear to have been factory reset, while others report seeing a page requesting a password they don’t know.

In most cases, those who have been affected say that all of the data on the device appears to be gone, with their file structure either remaining intact, but with empty folders, or no folders at all except the ones that come by default on the device.

We’ve reached out to WD to ask for comment, and we’ve explicitly asked whether the company will offer data recovery services to affected users, but we haven’t yet gotten a response. The company sent statements to both BleepingComputer and Ars Technica, which largely mirrored its community post, saying that WD is investigating the incident, and doesn’t believe its servers were compromised.

Repost: Original Source and Author Link

Categories
Tech News

Google Find My Device might also crowdsource locating lost devices

As always, Apple was able to take an existing technology or feature and make it sound like the most innovating thing that its rivals will then start copying. Although the ability to locate trackers using other people’s devices nearby has long been used by the likes of Tile, Apple’s AirTags and upgraded Find My network has unsurprisingly garnered much more attention, both good and bad. Regardless of that context, it seems that Google will also follow in Apple’s footsteps and upgrade its Find My Device network to turn every Android device nearby into a homing beacon for your lost phone.

Find My Device isn’t actually new, but, just like Apple’s earlier version, it has very limited scope and functionality. Specifically, it can only find devices signed into Google accounts, which limits it to phones, tablets, and Chromebooks, among other things. It also only works if the lost device has an Internet connection; otherwise, its location information may go stale.

XDA discovered that the latest Google Play Services APK hides text that suggests an important upgrade to the framework. It refers to an option to allow your phone to help locate other people’s devices, which is pretty much the same crowdsourced system that Tile and Apple are using.

Although it’s not exactly new technology, this crowdsourced Find My Device might take on a different spin when it is Google that’s doing it. The company hasn’t exactly been famous for its privacy practices, and this location-based system will most likely raise not a few red flags among privacy advocates. Recent exposés accuse Google of continuing to track users’ location even after they have opted out of it.

It is too early to judge such a feature that hasn’t even been acknowledged yet, but privacy-minded users might want to keep an eye out for its arrival. This discovery also raises the possibility that Google will launch its own trackers, which will probably stir the privacy hornet’s nest all the more.

Repost: Original Source and Author Link

Categories
Security

10 steps to make your data harder to find online

There are two key concepts in information security: threat model and attack surface.

“Threat model” is another way of asking, “Who’s out to get you?” If your threat model includes the curiosity of nation-state intelligence services, you have many more things to worry about than J. Random User. It’s more likely that voicing a contrary opinion on social media might make you yet another unwitting main character of Twitter, or that a stray mention by someone else could bring you to the attention of the internet’s malcontents.

“Attack surface,” meanwhile, describes a target’s vulnerable access points that an attacker will seek to exploit. When it comes to the internet, it’s nearly impossible to collapse your attack surface to zero — you’ll never achieve that without going into witness protection. Our goal in this article is to help you condense your attack surface as much as possible.

Admittedly, trying to scrub your offline coordinates from the online world can feel like counting cicadas during the every-17-years emergence of those sex-starved insects: you can start, but you will never finish.

But that doesn’t mean that giving up is the right answer. With some effort, you can make data points like your street address, phone number, and birthday less visible online — and therefore less easily available for harassment or identity theft.

This exercise will also renew your awareness — as unpleasant as the consequences might be — of just how much data about you sloshes around the web. And it may get you to think anew about how you want to craft the picture that emerges of you online in a stranger’s search.

1. Dox yourself before other people do

“I can tell you the cheapness and the availability of information you can get about anyone online would shock you,” says Brianna Wu, a Massachusetts game developer who was among the more public targets of the Gamergate harassment campaign and has since become an advocate for better online privacy.

For example, in some states, you can look up someone’s voter registration by providing their name and birthday. That will yield their home address; if they own a home, you can then plug the address into their county or city’s property-tax assessments page to see what they paid for it and what it’s worth now.

Other sources include social media such as Facebook and LinkedIn, your WHOIS profile, and any other information that may be floating around. Once this information is available, data brokers can then mine and combine public and private records, with the results on sale at low, low prices — sometimes, for free.

What you can do:

  • This first step may be the most unsavory: open an incognito window in your browser (so Google or any other search engine shows what a stranger would see) and search for your name and street address, name and phone number, name and birthday, and name and last four digits of your Social Security number.
  • Note that, individually, each data point may not look like a huge privacy risk — but combining them can unlock various other databases.

Sites like Intelius aggregate info on individuals and make that info available.

Sites like Intelius aggregate info on individuals and make that info available.

2. Opt out where you can

The results of your search will probably include a list of people-finder sites such as Spokeo, Intelius, and Whitepages that serve up the output of data brokers that themselves collect and fuse information from private and public records.

As you look through the search results, most will be somewhere in the “not great, but not terrible” range. Note which sites claim to have your information and get as far as you can (without paying) to see how much data they claim to have.

What you can do

  • First, you have to find all the sites you need to check — and how to contact them if they have your data. Data-removal service DeleteMe maintains a list of opt-out instructions for dozens of data brokers; in one I tested, DeleteMe provided more accurate help on how to remove your data than the actual third-party service in question.
  • Reputable people-finder sites offer free opt-outs of varying usability. At Spokeo and BeenVerified, I had to do little more than identify my listing, enter my email address, and click a link in the message sent to me. At the data broker Intelius, the back end of multiple people-locator sites, I had to input a code sent to my email instead of just clicking a link.
  • Others make it a lot harder. For example, at Whitepages, the “suppression request” protocol requires you to provide a phone number for an automated call. MyLife tells non-California residents to call or email; citizens of the Golden State, however, can use the opt-out required by the California Consumer Privacy Act.

Whitepages makes you supply your phone number if you want to remove a listing.

Whitepages makes you supply your phone number if you want to remove a listing.

  • Some of your data may actually be defunct or incorrect. In that case, it’s up to you whether you want to go through the trouble of deleting it.

3. Watch out for repeat offenders

Be aware that opting out once doesn’t mean you will stay opted out. I opted out of a Spokeo listing back in 2014, only to have to do that all over again for this story. Because data brokers and people-finder sites continually ingest data from public and private sources, this industry operates as a self-licking ice cream cone.

“A game of whack-a-mole,” summed up Soraya Chemaly, a writer and activist who has both studied and been a target of online harassment.

Rob Shavell, CEO of Abine, the Somerville, Massachusetts, company behind DeleteMe, said in an email that 43 percent of DeleteMe customers saw some of their data resurface at one or more data brokers six months after having their info expunged.

What you can do

  • If you have the time and inclination, go back to the major data brokers about every six months and check to make sure your information is still off their sites.
  • If you don’t have the time, but you do have the funds, DeleteMe will remove your data from the sites and monitor any changes. It charges $129 per year for that service (but often posts coupon codes for 20 percent off). That business model requires customers to trust DeleteMe with the same personal info they want to make vanish from the public web. The company’s site says the right things about it needing customer trust to survive but doesn’t get into details about its security measures. (Shavell provided more context in email, saying, “All data in DeleteMe is encrypted at rest,” after noting that the company requires all employees to secure their accounts with two-step verification and is subjecting itself to an “SOC 2” outside security audit.)

4. Try Google’s information-removal feature

Some sites may go beyond offering your basic contact info. If you encounter sites that include sensitive financial or medical data points, expose personal information in order to dox you, or demand payment in order to remove personal info, you can avail yourself of Google’s information-removal policy.

Note that this is not as sweeping as the results-removal options Google provides in the European Union to comply with the EU’s “right to be forgotten” — which as of June 1st had led to more than 1.7 million pages being delisted. Google did not say how many pages had been delisted in the US under the narrower American policy.

In an April 19th blog post, Danny Sullivan, Google’s public liaison for search, noted that while Google will let people request to be de-linked from pages with their data on sites with “exploitative removal policies,” it will not de-index those sites completely in case “people may want to access these sites to find potentially useful information or understand their policies and practices.”

Microsoft’s Bing provides a similar results-removal option.

Only some of the data wellsprings that flow into data-broker databases — or are otherwise open for the inspection of strangers — allow any sort of feasible oversight. But a great deal of information about you can be gleaned from your social media profiles, and you have some degree of control over your privacy there.

What you can do

  • Facebook’s option to view your profile as a stranger yields valuable insights about your attack surface. (To do that: go to your profile page, click on the three dots to the right of “Edit Profile,” and select “View As.”) However, the most important data-minimization steps to take on the social network are more basic. First, don’t include your street address or your phone number. Second, while you may want to list your birthday to soak in those “HBD!” messages from friends, you don’t need to add the year of your birth. (If Facebook insists that you enter a year, make sure it’s restricted so only you can see it.)
  • The same goes for LinkedIn and Twitter. That said, since those networks often function more as outward-facing ads for people’s personal brands, you may want to think more about which publicity-safe details you’d like to list there. Neither needs your birthday, and whatever email address you post in your profile on either network had better be one you would be comfortable seeing splashed on TV.
  • Having a separate “work” or “public” email address will let you reserve a safer one for friends and family, at the cost of a little more complexity in your communications. (More about that later.)

6. Check your WHOIS profile

If you’ve registered a personal domain name, you should do a WHOIS lookup to see if your home address or phone number appear in the record for your domain.

What you can do

7. Voter rolls are different

A different kind of registration, however, requires your home address and offers no custom privacy options: your voter registration.

Voter rolls are available to political parties and, in many cases, to the general public.

Voter rolls are available to political parties and, in many cases, to the general public.

Voter rolls are available to political parties and, in many cases, to the general public — and foreign hackers have helped themselves to this data too. You can also usually look up an individual’s voter registration status on a state’s website if you provide additional personal data. For some states, you may only need to enter a birth date, while others require a partial Social Security number, driver’s license, or other government ID number.

Wonder where all those candidates get your phone number from? That’s where. And this can lead to situations like the one where an automated Twitter account regularly released data on people who donated to Trump using Federal Election Commission records. (The account, @EveryTrumpDonor, has since been suspended.)

A list maintained by the National Conference of State Legislatures spells out what information is included and what is kept out of the voter file, as well as which states maintain “address confidentiality programs” that let threatened voters keep their contact details private. The catch here is that if this option is available at all, it requires you to have been a victim of threats first — see, for instance, the criteria for California’s Safe at Home program.

What you can do

  • Work to reduce the visibility of whatever metadata your state requires from someone looking up your voting information. One point that privacy advocates repeatedly make is that things won’t get better without stronger privacy rules, and those won’t happen if privacy-conscious people opt out of democracy.

8. Put safe-for-publicity data out there

To a certain extent, managing your privacy online is not so much a matter of starving search sites, but of giving them the diet of your choice. As I mentioned above, it’s not a bad idea to get a separate address and / or phone number for sites where this information is more likely to be collected.

What you can do

  • In addition to having a safe-for-inadvertent-publicity email address, getting a separate virtual phone number — with call forwarding that you can disable if necessary — will allow you to post those digits without worrying that your personal cellphone will get besieged by harassing texts or emails. Google Voice is helpful for setting up your virtual digits (even if its software could use an update) because it’s simple to add to an existing Gmail account.
  • A US Postal Service PO box remains a simple, affordable way to generate a mailing address independent of where you live. Rates vary by box size and the location and hours of the post office. For example, even the smaller boxes at USPS locations in Washington, DC, can run from $92 to $176 a year. (You can also find PO boxes in shipping stores for possibly better rates.) You don’t need to make a habit of checking that box if you set up the USPS’ Informed Delivery service to tip you off when mail arrives at your box.
  • When you register for a less-than-trustworthy site, you may want to provide incorrect information, like a false birthdate. Wu’s advice: “Any chance you get, pollute the information out there about you if it’s not useful, if it’s not relevant, to you getting what you want.”

9. Use two-factor authentication

The single most valuable data point out there may be your mobile phone number. Aside from the risk of abusive texts or calls, texting has become a common verification method for online accounts when their systems notice an unusual login. That’s led to a plague of SIM swap attacks, in which crooks fool or bribe wireless carrier employees into transferring mobile numbers to their control — and then use that to complete password resets and account takeovers.

So your last item on this privacy checklist involves going through the two-factor authentication settings on any accounts you value — starting with your email and social-media accounts — to replace texting with a verification method that can’t be socially engineered out of your hands.

What you can do

  • The single safest form of 2FA is a USB security key, a special USB dongle that you cryptographically associate with an account and then plug into a computer (or, with newer models, pair to a phone via NFC wireless) to confirm a new login there. Because it’s already been digitally paired with that site address, it can’t be fooled by a lookalike phishing site. They aren’t free — basic, USB-only models start at $20 or so — but you can use one with multiple accounts.
  • Using an app that generates one-time codes, like Google Authenticator or Authy, is your next-best option, now available at pretty much every email and social service of any value.
  • If you must use a phone number, make it a virtual one because the companies that provide them, Google included, generally don’t have in-person customer service that crooks can con.

10. Remember: this is an ongoing process

Can you hoist a “Mission Accomplished” banner at this point? Absolutely not. The reality here, online privacy advocates agree, is that this work never ends. This is basically an operating cost of having an online life.

Repost: Original Source and Author Link