ars-rss
Yearlong supply-chain attack targeting security pros steals 390K credentials
Multifaceted, high-precision campaign targets malicious and benevolent hackers alike.
A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.
The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.
Unusual longevity
The objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.
Werner Herzog muses on mysteries of the brain in Theater of Thought
Auteur director’s latest documentary runs the gamut from BCIs and how we construct reality to whether fish can dream.
Werner Herzog has made more than 60 films over his illustrious career. His documentaries alone span an impressive topical range, from the life and death of bear enthusiast Timothy Treadwell (Grizzly Man) to people who choose to live and work in Antarctica (the Oscar-nominated Encounters at the End of the World) or a haunting exploration of the oldest human paintings in France’s Chauvet Cave (Cave of Forgotten Dreams). His latest offering, Theater of Thought, tackles what might be his most ambitious subject yet: the mysterious inner workings of the brain.
Theater of Thought premiered in 2022 at the Telluride Film Festival in Colorado and is now getting a theatrical release. Herzog’s inspiration grew out of his conversations with Rafael Yuste, a Columbia University neurobiologist who also served as scientific advisor on the film. “How can we read thoughts?” he writes in his director’s statement. “Can you implant a chip in your brain and in my brain, and see my new film without a camera? Why is it that some young people immerse themselves in video games and become addicted to completely artificial worlds? Sometimes mice even prefer invented cartoon worlds, so who is the ghost writer of our mind, of our reality?”
The topic might be scientific in nature, but Theater of Thought is not really a science documentary, despite Herzog’s use of the classic talking head format. It’s more of a personal, almost quixotic quest, with plenty of random branching digressions along the way. “It was like a road movie, one Monument Valley and one Grand Canyon, then one Mount Everest after the other,” Herzog told Ars. “You just couldn’t stop wondering and enjoying.” For the viewer, it’s as much a journey through the eccentric workings of Herzog’s endlessly curious, nimble mind.
Elon Musk slams SEC as agency threatens charges in Twitter stock probe
SEC offered settlement in stock probe and is investigating Neuralink, Musk says.
Elon Musk has at least one more battle to wage against Securities and Exchange Commission Chair Gary Gensler, who will be leaving the agency when President-elect Trump takes over in January.
Musk yesterday posted a copy of a letter sent to Gensler by Musk’s attorney, Alex Spiro. The letter dated December 12 says the SEC issued a settlement demand in its investigation into whether Musk violated federal securities laws in connection with 2022 purchases of Twitter stock, and that the SEC is investigating Neuralink. The Spiro letter said:
Yesterday the Commission Staff issued a settlement demand that required Mr. Musk agree within 48 hours to either accept a monetary payment or face charges on numerous counts. They indicated that this demand was the result of a directive from their superiors and that charges would be brought imminently unless Mr. Musk acquiesced. This demand follows a multi-year investigation and more than six years of harassment of Mr. Musk by the Commission and its Staff. More recently, the Staff subpoenaed me, Mr. Musk’s attorney, for testimony and threatened to send a process server if I did not immediately cooperate. I categorically refused. This week, the Commission has also reopened an investigation into Neuralink.
Spiro accused the SEC of “an improperly motivated campaign” against Musk, his companies, and people associated with him. “We demand to know who directed these actions—whether it was you or the White House,” Spiro wrote. “These tactics and misguided scheme will not intimidate us. We reserve all rights.”
Don’t use crypto to cheat on taxes: Bitcoin bro gets 2 years
Early bitcoin investor first to get prison time for crypto-related tax evasion.
A bitcoin investor who went to increasingly great lengths to hide $1 million in cryptocurrency gains on his tax returns was sentenced to two years in prison on Thursday.
It seems that not even his most “sophisticated” tactics—including using mixers, managing multiple wallets, and setting up in-person meetings to swap bitcoins for cash—kept the feds from tracing crypto trades that he believed were untraceable.
The Austin, Texas, man, Frank Richard Ahlgren III, started buying up bitcoins in 2011. In 2015, he upped his trading, purchasing approximately 1,366 using Coinbase accounts. He waited until 2017 before cashing in, earning $3.7 million after selling about 640 at a price more than 10 times his initial costs. Celebrating his gains, he bought a house in Utah in 2017, mostly funded by bitcoins he purchased in 2015.
F1 Arcade trip report: Great sims make for a compelling experience
It’s like Top Golf, but with F1 simulators instead.
Formula 1’s recent popularity still feels a little strange to longtime fans of the sport, particularly in the US, where it had been so niche for so long. But the past five years have seen F1 rise meteorically, and a new, much younger fanbase infused with enthusiasm for the cutting-edge race cars and the athletes who pilot them has emerged. F1 Arcade capitalizes on that popularity, combining food and drinks—including Lewis Hamilton’s agave tipple—with dozens and dozens of race simulators that let you race against friends or compete in teams against others.
With Washington, DC, chosen for F1 Arcade’s second US location, I obviously had to go check it out.
My first visit to the arcade in DC’s Union Market district was several weeks ago at the launch party, an affair that was packed with influencers and loud music. But I returned earlier this week, having booked a 45-minute, five-race session playing head-to-head against a friend. Prices vary depending on the number of races and whether you’re that at peak time, starting at $22/player for three races off-peak and going up to $42/player for five races at peak time. There’s no charge for people who are just spectating (or eating and drinking), not racing.
The US military is now talking openly about going on the attack in space
“We have to build capabilities that provide our leadership offensive and defensive options.”
ORLANDO, Florida—Earlier this year, officials at US Space Command released a list of priorities and needs, and among the routine recitation of things like cyber defense, communications, and surveillance was a relatively new term: “integrated space fires.”
This is a new phrase in the esoteric terminology the military uses to describe its activities. Essentially, “fires” are offensive or defensive actions against an adversary. The Army defines fires as “the use of weapon systems to create specific lethal and nonlethal effects on a target.”
The inclusion of this term in a Space Command planning document was another signal that Pentagon leaders, long hesitant to even mention the possibility of putting offensive weapons in space for fear of stirring up a cosmic arms race, see the taboo of talking about space warfare as a thing of the past.
Twirling body horror in gymnastics video exposes AI’s flaws
Nonsensical movements created by OpenAI’s Sora are typical for current AI-generated video, and here’s why.
On Wednesday, a video from OpenAI’s newly launched Sora AI video generator went viral on social media, featuring a gymnast who sprouts extra limbs and briefly loses her head during what appears to be an Olympic-style floor routine.
As it turns out, the nonsensical synthesis errors in the video—what we like to call “jabberwockies”—hint at technical details about how AI video generators work and how they might get better in the future.
But before we dig into the details, let’s take a look at the video itself.
Americans are living longer—but most of the extra time is spent being sick
The gap between US lifespan and healthspan was 12.4 years, the world’s largest.
The gap of time between how long Americans live and how much of that time is spent in good health only grew wider in the last two decades, according to a new study published in JAMA Network Open.
The study, which looked at global health data between 2000 and 2019—prior to the COVID-19 pandemic—found the US stood out for its years of suffering. By 2019, Americans had a gap between their lifespan and their healthspan of 12.4 years, the largest gap of any of the 183 countries included in the study. The second largest gap was Australia’s, at 12.1 years, followed by New Zealand at 11.8 years and the UK at 11.3 years.
America also stood out for having the largest burden of noncommunicable diseases in the world, as calculated by the years lived with disease or disability per 100,000 people.
Americans spend more years being unhealthy than people in any other country
The gap between US lifespan and healthspan was 12.4 years, the world’s largest.
The gap of time between how long Americans live and how much of that time is spent in good health only grew wider in the last two decades, according to a new study published in JAMA Network Open.
The study, which looked at global health data between 2000 and 2019—prior to the COVID-19 pandemic—found the US stood out for its years of suffering. By 2019, Americans had a gap between their lifespan and their healthspan of 12.4 years, the largest gap of any of the 183 countries included in the study. The second largest gap was Australia’s, at 12.1 years, followed by New Zealand at 11.8 years and the UK at 11.3 years.
America also stood out for having the largest burden of noncommunicable diseases in the world, as calculated by the years lived with disease or disability per 100,000 people.
Rocket Report: Chinese national flies drone near Falcon 9, Trouble down under
“I am convinced that a collaboration between Avio and MaiaSpace could be established.”
Welcome to Edition 7.23 of the Rocket Report! We’re closing in on the end of the year, with a little less than three weeks remaining in 2024. Can you believe it? I hardly can. The biggest question left in launch is whether Blue Origin will make its deadline for launching New Glenn by the end of this year. It’s been a long-time goal of founder Jeff Bezos, but the clock is ticking. We wish them luck!
As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.
Virgin Galactic studies Italian spaceport. The US-based suborbital space tourism company said Thursday it has signed an “agreement of cooperation” with Italy’s civil aviation authority to study the feasibility of Virgin Galactic conducting spaceflight operations from Grottaglie Spaceport in the Puglia region of Southern Italy. Phase one of the study, anticipated to be completed in 2025, will examine Grottaglie’s airspace compatibility with Virgin Galactic’s requirements and unique flight profile.