Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Category: Tech

Critical Apache Traffic Control Vulnerability Allows Malicious SQL Injection

2024-12-30
Critical Apache Traffic Control Vulnerability Allows Malicious SQL Injection

A critical vulnerability (CVE-2024-45387) has been discovered in Apache Traffic Control versions 8.0.0 and 8.0.1. This flaw allows attackers with privileged roles like "admin" or "operations" to inject malicious SQL commands via crafted PUT requests. By manipulating database interaction input fields, attackers can execute SQL queries compromising the entire database, leading to unauthorized data access, modification, or deletion. This severely impacts the integrity and availability of CDN services. Security experts urge immediate updates to protect against SQL injection attacks.

(www.scworld.com)
Tech SQL Injection

Belgium Bans Disposable E-cigarettes, a First for the EU

2024-12-30
Belgium Bans Disposable E-cigarettes, a First for the EU

Belgium will ban the sale of disposable e-cigarettes starting January 1st, 2025, a groundbreaking move within the European Union. Driven by health and environmental concerns, the ban aims to curb teen vaping and reduce the waste generated by discarded devices. Health Minister Frank Vandenbroucke highlighted the ease with which disposable vapes hook teenagers on nicotine, emphasizing the addictive and harmful nature of the substance. While the ban may impact the industry financially, some vendors believe a shift to reusable alternatives will mitigate the losses. Belgium is urging the European Commission to strengthen tobacco legislation.

(www.npr.org)
Tech e-cigarettes ban environment

The Amazing Evolution of Stents: A Personal Journey

2024-12-29
The Amazing Evolution of Stents: A Personal Journey

Seventeen years after a heart attack led to the implantation of a stent, the author reflects on the remarkable advancements in stent technology. He draws parallels between the evolution of stents—from basic metal scaffolds to sophisticated drug-eluting and bioabsorbable devices—and the development of smartphones. The author explores the impact of GLP-1 drugs on the future of stent procedures and underscores the profound effect this life-saving technology has had on cardiovascular care, culminating in a personal story of resilience and gratitude.

(om.co)
Tech medical technology stents cardiovascular health

Critical Flaw Discovered: NATO Radio Encryption Algorithm Broken

2024-12-29
Critical Flaw Discovered: NATO Radio Encryption Algorithm Broken

Researchers from the Chaos Computer Club have uncovered a critical vulnerability in HALFLOOP-24, the encryption algorithm used by the US military and NATO. This algorithm protects the automatic link establishment protocol in high-frequency radio, but researchers demonstrated that just two hours of intercepted radio traffic are sufficient to recover the secret key. The attack exploits a flaw in HALFLOOP-24's handling of the 'tweak' parameter, using differential cryptanalysis to bypass significant portions of the encryption process and extract the key. This vulnerability compromises communication confidentiality and enables denial-of-service attacks. The research, published in two papers, highlights a serious security risk and underscores the importance of robust encryption algorithms.

(media.ccc.de)
Tech encryption algorithm

Mastodon Discussion on Melbourne Train Control System Glitch

2024-12-29

A Mastodon user, Dervishe the Grey, posted about a glitch in the Melbourne Train Control System. The post highlights the system's issues and suggests users enable JavaScript or use native Mastodon apps. This sparked a conversation about system stability and user experience, showcasing the impact of public transport technology failures and social media's role in information dissemination.

(mastodon.sdf.org)
Tech Melbourne Trains System Glitch

New 'OtterCookie' Malware Targets Developers in Fake Job Offers

2024-12-29
New 'OtterCookie' Malware Targets Developers in Fake Job Offers

Cybersecurity firms have uncovered a new malware, OtterCookie, used in the 'Contagious Interview' campaign by North Korean threat actors. This campaign lures software developers with fake job offers containing malware, including OtterCookie and previously seen malware like BeaverTail. OtterCookie is delivered through Node.js projects or npm packages, establishing communication with a command and control server via Socket.IO. It steals sensitive data, such as cryptocurrency wallet keys, documents, and images, and performs reconnaissance on the infected system. Experts warn developers to carefully vet job offers and avoid running untrusted code.

(www.bleepingcomputer.com)
Tech Malware

Boeing 737-800 Suffers Twin Disasters on Same Day, Ending 2024 on a Grim Note

2024-12-29
Boeing 737-800 Suffers Twin Disasters on Same Day, Ending 2024 on a Grim Note

Two Boeing 737-800 airliners were involved in separate accidents on the same day, casting a pall over Boeing's year-end. One plane skidded off the runway in Norway during an emergency landing, miraculously leaving all 182 passengers and crew unharmed. However, another 737-800 crashed in South Korea, resulting in 47 fatalities. The twin disasters, occurring on the same day, have raised serious safety concerns and will undoubtedly trigger thorough investigations into Boeing's aircraft.

(telanganatoday.com)
Tech Boeing 737-800 aviation safety

Life After the Newag DRM Disclosure: A 38C3 Report

2024-12-29
Life After the Newag DRM Disclosure: A 38C3 Report

Following the disclosure at 37C3 of remote failure simulation code in Newag trains, security researchers faced a backlash. This update details the aftermath, including legal battles with Newag and train operators, media interactions, and multiple official investigations. The report also reveals new cases from different train operators, illustrating the challenges faced by security researchers when confronting powerful adversaries.

(media.ccc.de)
Tech security research legal battles

38C3: Illegal Instructions - Chaos Communication Congress Explores Tech and Society

2024-12-29

The 38th Chaos Communication Congress (38C3), themed "Illegal Instructions," will take place in Hamburg from December 27th to 30th, 2024. This four-day conference, organized by the Chaos Computer Club (CCC), will feature talks and workshops on technology, society, and utopia. Topics range from hardware hacking and security to ethical and political discussions surrounding technological advancements. From liberating Wi-Fi on ESP32 to breaking Apple's new iPhone remote control feature and examining the EU's digital identity systems, 38C3 promises a diverse program sparking debate about technological ethics and societal responsibility.

(media.ccc.de)
Tech Society

Intel 8080: The Microprocessor That Changed the World

2024-12-29
Intel 8080: The Microprocessor That Changed the World

Fifty years ago, the Intel 8080 microprocessor launched, marking a pivotal moment in computing history. Unlike its predecessors designed for specific clients, the 8080 was the first truly general-purpose microprocessor. Its efficiency, power, and flexible 40-pin configuration made it easier to connect to other components and integrated functions previously requiring multiple chips. Priced at just $360, the 8080 democratized computing, making it accessible to businesses and individuals alike. This spurred the mass adoption of personal computers, created new categories of silicon-powered devices, and boosted programming as a crucial skill. Its legacy continues today; the 8080 directly inspired the x86 architecture, now the world's most widely used computing architecture.

(www.intel.com)
Tech Microprocessor x86 architecture

Unique Visual Challenges for Astronauts at the Lunar South Pole

2024-12-29
Unique Visual Challenges for Astronauts at the Lunar South Pole

NASA's Artemis program, aiming for a permanent lunar base at the South Pole, faces a unique challenge: the harsh lighting environment. The low solar elevation angle creates extreme variations in light and shadow, severely impacting astronaut vision and task performance. Unlike previous missions where helmet design alone sufficed, Artemis requires innovative vision support systems. These systems, encompassing helmets, windows, and lighting, must ensure clear vision in diverse lighting conditions, protecting astronauts' eyes from injury. NASA is developing various simulation techniques to address this challenge, paving the way for successful lunar exploration.

(phys.org)
Tech Lunar South Pole Vision Challenges Artemis Program

Hackers Reveal Vulnerability in Europe's Remotely Controlled Power Grid

2024-12-29
Hackers Reveal Vulnerability in Europe's Remotely Controlled Power Grid

A significant portion of Europe's renewable energy production is remotely controlled via longwave radio. While designed to stabilize the grid, this system, using unencrypted and unauthenticated Versacom and Semagyr protocols, is vulnerable to abuse. Researchers analyzed these protocols and demonstrated how vulnerabilities could be exploited to remotely control streetlights, power plants, and potentially cause large-scale blackouts. They also showcased the possibility of using this vulnerability to create a city-wide light art installation.

(media.ccc.de)
Tech grid security remote control

NASA and Axiom Space Alter Commercial Space Station Assembly Order

2024-12-29
NASA and Axiom Space Alter Commercial Space Station Assembly Order

NASA and Axiom Space have revised the assembly sequence for Axiom Space's commercial space station. The new plan prioritizes launching the Payload, Power, and Thermal Module first, enabling Axiom Station to become a free-flying destination as early as 2028, independent of the International Space Station (ISS). This accelerates Axiom Station's operational capabilities, reduces reliance on the ISS, and prepares for the ISS's decommissioning no earlier than 2030. NASA continues to support the R&D of multiple commercial space stations to maintain US leadership in microgravity research and to serve future space exploration goals.

(www.nasa.gov)
Tech Commercial Space Station

EU Mandates Universal Charger, Apple Concedes

2024-12-28
EU Mandates Universal Charger, Apple Concedes

A new EU law came into effect on December 28, 2024, mandating USB-C charging ports for all new smartphones, tablets, and cameras sold within the bloc. The regulation aims to reduce electronic waste and lower costs for consumers. Apple, after initial resistance, has adopted the USB-C standard. The EU estimates the law will save at least €200 million annually and cut over 1000 tons of e-waste.

(www.france24.com)
Tech Universal Charger

Apple Photos' 'Enhanced Visual Search' Raises Privacy Concerns in iOS 18 and macOS 15

2024-12-28

Apple's iOS 18 and macOS 15 updates include a default-enabled 'Enhanced Visual Search' feature in the Photos app. While Apple claims to use homomorphic encryption and differential privacy to protect user data sent to its servers for processing, this has sparked privacy concerns. The author argues that Apple's decision to enable this feature by default without explicit user consent disregards user privacy expectations, especially given the history of security vulnerabilities in Apple software. The author strongly recommends disabling the feature, as the potential risks significantly outweigh any perceived benefits.

(lapcatsoftware.com)
Tech Apple Privacy

Hospital Workers' Dexterity Assessed: Surgeons Show Superior Skill, But Also More Swearing

2024-12-28
Hospital Workers' Dexterity Assessed: Surgeons Show Superior Skill, But Also More Swearing

A prospective study of 254 hospital staff members found that surgeons significantly outperformed other roles in a manual dexterity test using a 'buzz wire' game, achieving an 84% success rate. However, surgeons also displayed a higher rate of swearing during the task. Nurses and non-clinical staff showed lower success rates but expressed audible frustration more frequently. The findings highlight the diverse skill sets across hospital roles and suggest incorporating similar dexterity games into future training to improve both skill and stress management.

(www.bmj.com)
Tech manual dexterity hospital staff surgeons

Ancient Genomes Solve Indo-European Language Origins Mystery

2024-12-28
Ancient Genomes Solve Indo-European Language Origins Mystery

A groundbreaking study involving 91 researchers analyzed 314 ancient genomes, finally unraveling the mystery of Indo-European language origins. The research revealed a significant genetic divergence between eastern and western Mediterranean Indo-European populations during the Bronze Age, consistent with Italo-Celtic and Graeco-Armenian linguistic models. Spanish, French, and Italian populations received steppe ancestry from Bell Beaker groups, while Greek and Armenian groups acquired ancestry directly from Yamnaya populations. Strontium isotope analysis further confirmed active mobility patterns during the Bronze Age. This study provides compelling genetic and linguistic evidence for the origins of Indo-European languages and challenges alternative linguistic hypotheses.

(phys.org)
Tech genomics Indo-European languages

Top 10 Tech Joys of 2024: A Tech Writer's Retrospective

2024-12-28
Top 10 Tech Joys of 2024: A Tech Writer's Retrospective

In a year-end reflection, a tech writer shares his ten biggest tech-related joys of 2024. These include the fun of learning Python, inspiration from online creatives, the thrill of modernizing retrocomputers, the enduring usefulness of XML, the positive experience of Mastodon, the simplicity of NetBSD and Alpine Linux, the resurgence of boutique hosting, the satisfaction of hardware repair, and the clean elegance of plain HTML. The post concludes with heartfelt gratitude for reader feedback.

(rubenerd.com)
Tech Programming Online Community

Chronotrains Launches Interactive European Train Map

2024-12-28
Chronotrains Launches Interactive European Train Map

Chronotrains has launched an interactive map for planning train journeys across Europe. The map visualizes the area reachable within 8 hours from any European train station. Users can hover to see isochrones, search for stations, or click example cities. Powered by Deutsche Bahn data, the map also facilitates multi-city trip planning and links directly to major train ticket providers, offering a convenient, comfortable, and sustainable way to explore Europe by rail.

(www.chronotrains.com)
Tech European trains travel map journey planning

Spotify Shuts Down Artist Royalty Calculator Amidst Executive Stock Sell-Off

2024-12-28
Spotify Shuts Down Artist Royalty Calculator Amidst Executive Stock Sell-Off

Spotify CEO Daniel Ek's wealth soared this year after significant stock sales, while a calculator exposing Spotify's low artist payouts—Spotify Unwrapped—was shut down due to legal threats. The calculator highlighted the stark contrast between exorbitant executive compensation and meager artist earnings. Although the calculator is gone, its formula remains public, fueling debate about streaming service payment models. Meanwhile, multiple Spotify executives cashed out over $1.25 billion in 2024, following widespread layoffs and premium price hikes.

(www.digitalmusicnews.com)
Tech Music Streaming Artist Royalties

Netflix: The Rise of a Streaming Giant and the Decline of Cinema

2024-12-28
Netflix: The Rise of a Streaming Giant and the Decline of Cinema

Starting as a DVD rental service, Netflix disrupted Blockbuster, conquered the television industry with its streaming platform, and ultimately extended its influence to cinema. Its unique subscription model freed it from traditional film profitability norms, leading to a flood of low-quality content. While initially supporting independent films, Netflix shifted towards scale and low-cost production, resulting in a decline in overall film quality and sparking a profound reflection on the balance between art and commerce in the film industry.

(www.nplusonemag.com)
Tech film industry

Nvidia's Ascent: A Thirty-Year Journey to AI Dominance

2024-12-28
Nvidia's Ascent: A Thirty-Year Journey to AI Dominance

Tae Kim's new book, 'The Nvidia Way,' chronicles Nvidia's remarkable journey from a small company founded in a Denny's to one of the world's most valuable. From early graphics card designs to leading the AI revolution, Nvidia's success wasn't accidental. The book details early failures, highlighting CEO Jensen Huang's relentless innovation and risk-taking, culminating in breakthroughs like the RIVA 128. A unique strategy combining hardware and software, coupled with a distinctive corporate culture, propelled Nvidia to AI leadership. However, future challenges remain.

(thechipletter.substack.com)
Tech Jensen Huang

TSMC's Arizona Plant Starts Producing Advanced Chips

2024-12-28
TSMC's Arizona Plant Starts Producing Advanced Chips

TSMC's advanced chip manufacturing facility in Arizona is set to begin mass production in 2025, marking a significant return of advanced chipmaking to the US. The plant, utilizing 4-nanometer technology, boasts higher yields than its Taiwanese counterparts. This development serves as a crucial test of the 2022 CHIPS and Science Act's effectiveness in stabilizing the semiconductor supply chain. While government funding plays a role, geopolitical concerns and customer demand have also driven TSMC's decision to diversify its manufacturing base and mitigate risks associated with relying solely on Taiwan. However, challenges such as cultural clashes and workforce shortages remain.

(spectrum.ieee.org)
Tech USA

Kwai Leverages OceanBase's 400TB Single Cluster to Handle Massive Data

2024-12-28

Kwai, a short-video app with over 10 million daily active users, faced challenges with its existing MySQL sharding solution as data volume and concurrent requests grew. Storage bottlenecks and complex operations became major issues. Migrating to OceanBase distributed database, Kwai built a 400TB single cluster successfully supporting transaction verification and payment services. OceanBase's high performance, scalability, and ease of use solved Kwai's data storage and query problems, significantly improving system stability and efficiency while reducing operational costs.

(oceanbase.github.io)
Tech distributed database high concurrency

Global Contest: Name Earth's Quasi-Moon!

2024-12-28

Radiolab and the International Astronomical Union (IAU) have launched a global naming contest for Earth's quasi-moon, (164207) 2004 GU9. Running until January 1, 2025, the contest invites votes for a name that will be officially certified by the IAU. Finalists include names drawn from mythology, such as Bakunawa (Philippine dragon), Cardea (Roman goddess), and Ehaema (Estonian Mother Twilight), each offering a unique cultural perspective. This contest transcends mere naming; it's a celebration of cross-cultural exchange, merging ancient mythology with modern astronomy.

(radiolab.org)
Tech quasi-moon naming contest International Astronomical Union

Phugoid Oscillation: A Pilot's Nightmare

2024-12-27

A phugoid is an aircraft motion characterized by a repetitive cycle of climbing and descending, accompanied by changes in airspeed. Caused by variations in pitch and a nearly constant angle of attack, it can be triggered by factors like elevator input or control surface malfunctions. While sometimes a manageable nuisance, uncontrolled phugoids have been implicated in numerous aviation accidents, including the devastating Japan Airlines Flight 123 crash. Understanding phugoid dynamics is crucial for flight safety.

(en.wikipedia.org)
Tech flight safety aviation accidents flight dynamics

Security Flaws in Apple's New iPhone Mirroring Feature Revealed

2024-12-27
Security Flaws in Apple's New iPhone Mirroring Feature Revealed

At the 38C3 Chaos Communication Congress, Aaron Schlitt's presentation exposed security vulnerabilities in Apple's new iPhone Mirroring feature. This feature allows users to remotely control their locked iPhones from their Macs, blurring the security boundaries of the iOS ecosystem. The talk demonstrated bypasses found in early iOS 18 beta versions, explaining how they work and the security risks involved, raising concerns about the security of Apple devices.

(media.ccc.de)
Tech security vulnerabilities iPhone Mirroring

PlasticList Report: A Platform for Circular Economy in Plastics Recycling

2024-12-27
PlasticList Report: A Platform for Circular Economy in Plastics Recycling

The PlasticList platform released a report highlighting the challenges and opportunities in plastic recycling. The report notes the growing problem of plastic pollution and the low rates of effective recycling. PlasticList aims to connect producers, recyclers, and repurposers of plastic waste, creating a transparent and efficient recycling system to drive a circular economy for plastics. Through data and technological support, PlasticList helps companies improve recycling efficiency and reduce environmental costs, ultimately aiming to build a sustainable plastic management model.

(www.plasticlist.org)
Tech plastic recycling circular economy environmental technology

Chile Air Quality Map: Real-time Monitoring, Protecting Health

2024-12-27

The Chile Air Quality Map is a real-time air quality monitoring platform providing accurate and reliable air pollution information to Chilean citizens. Users can visually see Air Quality Index (AQI) levels for different regions via the map interface and take appropriate precautions based on pollutant concentrations. This platform enhances public environmental awareness and provides data to support government policies on air pollution control, ultimately aiming to protect public health and create cleaner air.

(calidaddelairecl.vercel.app)
Tech air quality environmental monitoring

Hackers Face Lawsuit After Exposing Polish Train Manufacturer's Manipulation

2024-12-27

The Chaos Computer Club (CCC) is raising funds for three hackers who revealed at the 37C3 conference how Polish rail vehicle manufacturer Newag manipulated its trains to be repairable only in its own workshops. Newag reacted with a 90s-style aggressive lawsuit, pursuing both criminal and civil charges. The legal costs have already reached €30,000. The CCC is calling for donations to cover legal and other expenses. The hackers' research did not involve any illegal replacement of train components. The CCC believes Newag's lawsuit aims to prevent future publications about these 'illegal instructions,' emphasizing that only the content teams decide who speaks at the congress. The 38C3 congress will continue reporting on this case.

(www.ccc.de)
Tech hackers railways
1 2 173 174 175 177 179 180 181 182 183