News

3621 Articles

Diagram of the Sun. (Credit: Kelvinsong)

Parker Solar Probe’s Confirmation Of Interchange Reconnection Being The Source Of Fast Solar Wind

June 14, 2023 by 4 Comments

Although experimental verification is at the heart of the scientific method, there is quite a difficulty range when it comes to setting up such an experiment. Testing what underlies the formation of the fast solar winds that are ejected from coronal holes in the Sun’s corona is one of these tricky experimental setups. Yet it would seem that we now have our answer, with a newly published paper in Nature by S. D. Bale and colleagues detailing what we learned courtesy of the Parker Solar Probe (PSP), which has been on its way to the Sun since it was launched in August of 2018 from Earth.

Artist rendition of the Parker Solar Probe. (Credit: NASA)
Artist rendition of the Parker Solar Probe. (Credit: NASA)

The Sun’s solar wind is the name for a stream of charged particles which are ejected from the Sun’s corona, with generally two types being distinguished: slow and fast solar winds. The former type appears to originate from the Sun’s equatorial belt and gently saunters away from the Sun at a mere 300 – 500 km/s with a balmy temperature of 100 MK.

The fast solar wind originates from coronal holes, which are temporary regions of cooler, less dense plasma within the corona. These coronal holes are notable for being regions where the Sun’s magnetic field extends into interplanetary space as an open field, along which the charged particles of the corona can escape the Sun’s gravitational field.

These properties of coronal holes allow the resulting stream to travel at speeds around 750 km/s and a blistering 800 MK. What was unclear up till this point was exactly what powers the acceleration of the plasma. It was postulated that the source could be wave heating, as well as interchange reconnection, but with the PSP now close enough to perform the relevant measurements, the evidence points to the latter.

Essentially, interchange reconnection is the reestablishing of a coronal hole’s field lines after interaction with convection cells on the Sun’s photosphere. These convection cells draw the magnetic field into a kind of funnel after which the field lines reestablish themselves, which results in the ejection of hotter plasma than with the slow solar wind. Courtesy of the PSP’s measurements, measured fast solar winds could be matched with coronal holes, along with the magnetic fields. This gives us the clearest picture yet of how this phenomenon works, and how we might be able to predict it.

(Heading image: Diagram of the Sun. (Credit: Kelvinsong) )

Google Home Scripting

June 14, 2023 by 14 Comments

It is always controversial to have home assistants like the ones from Google or Amazon. There are privacy concerns, of course. Plus they maddeningly don’t always do what you intend for them to do. However, if you do have one, you’ve probably thought about something you wanted to do that would require programming. Sure, you can usually do a simple list, but really writing code wasn’t on the menu. But now, Google Home will allow you to write code. Well, at least script using a YAML file.

The script language is available in the web app and if you opt in on the mobile app as well. There’s a variety of ways you can trigger scripts and many examples you can start with.

Continue reading “Google Home Scripting”

TeraByte InfraRed Delivery (TBIRD)

NASA Team Sets New Space-to-Ground Laser Communication Record

June 9, 2023 by 13 Comments

[NASA] and a team of partners has demonstrated a space-to-ground laser communication system operating at a record breaking 200 gigabit per second (Gbps) data rate. The TeraByte InfraRed Delivery (TBIRD) satellite payload was designed and built by [MIT Lincoln Laboratory]. The record of the highest data rate ever achieved by a space-to-Earth optical communication link surpasses the 100 Gbps record set by the same team in June 2022.

TBIRD makes passes over an ground station having a duration of about six-minutes. During that period, multiple terabytes of data can be downlinked. Each terabyte contains the equivalent of about 500 hours of high-definition video. The TBIRD communication system transmits information using modulated laser light waves. Traditionally, radio waves have been the medium of choice for space communications. Radio waves transmit data through space using similar circuits and systems to those employed by terrestrial radio systems such as WiFi, broadcast radio, and cellular telephony. Optical communication systems can generally achieve higher data rates, lower loses, and operate with higher efficiency than radio frequency systems. Continue reading “NASA Team Sets New Space-to-Ground Laser Communication Record”

This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation

June 9, 2023 by 2 Comments

Modded Minecraft is having a security moment, to match what we’ve seen in the Python and JavaScript repositories over the last few months. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. After the test didn’t pan out, he removed the mod, but the malicious code had already run.

Where this gets ugly is in how much damage that one infection caused. The virus, now named fractureiser, installs itself into every other Minecraft-related .jar on the compromised system. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once the malware hit a popular developer, it began to really take off.

It looks like the first of the malicious .jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs).

Continue reading “This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation”

They Used To Be A Big Shot, Now Eagle Is No More

June 9, 2023 by 246 Comments

There once was a time when to make a PCB in our community was to use CadSoft EAGLE, a PCB design package which neatly filled the entry level of that category with a free version for non-commercial designs. Upgrading it to the commercial version was fairly inexpensive, and indeed that was a path which quite a few designers making the step from hobby project to small production would take.

Then back in 2017, CadSoft were bought by Autodesk, and their new version 8 of the software changed its licensing model from purchase to rental. It became a product with a monthly subscription and an online side, and there began an exodus of users for whom pay-to-play meant too much risk of losing access to their designs. Now six years later the end has come, as the software behemoth has announced EAGLE’s final demise after a long and slow decline. Continue reading “They Used To Be A Big Shot, Now Eagle Is No More”

Overall design of retina-inspired NB perovskite PD for panchromatic imaging. (Credit: Yuchen Hou et al., 2023)

Perovskite Sensor Array Emulates Human Retina For Panchromatic Imaging

June 2, 2023 by 13 Comments

The mammalian retina is a complex system consisting out of cones (for color) and rods (for peripheral monochrome) that provide the raw image data which is then processed into successive layers of neurons before this preprocessed data is sent via the optical nerve to the brain’s visual cortex. In order to emulate this system as closely as possible, researchers at Penn State University have created a system that uses perovskite (methylammonium lead bromide, MAPbX3) RGB photodetectors and a neuromorphic processing algorithm that performs similar processing as the biological retina.

Panchromatic imaging is defined as being ‘sensitive to light of all colors in the visible spectrum’, which in imaging means enhancing the monochromatic (e.g. RGB) channels using panchromatic (intensity, not frequency) data. For the retina this means that the incoming light is not merely used to determine the separate colors, but also the intensity, which is what underlies the wide dynamic range of the Mark I eyeball. In this experiment, layers of these MAPbX3 (X being Cl, Br, I or combination thereof) perovskites formed stacked RGB sensors.

The output of these sensor layers was then processed in a pretrained convolutional neural network, to generate the final, panchromatic image which could then be used for a wide range of purposes. Some applications noted by the researchers include new types of digital cameras, as well as artificial retinas, limited mostly by how well the perovskite layers scale in resolution, and their longevity, which is a long-standing issue with perovskites. Another possibility raised is that of powering at least part of the system using the energy collected by the perovskite layers, akin to proposed perovskite-based solar panels.

(Heading: Overall design of retina-inspired NB perovskite PD for panchromatic imaging. (Credit: Yuchen Hou et al., 2023) )

This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”