This Week In Security: .zip Domains, Zip Scanning

The world may not be ready, but the .zip Top Level Domain (TLD) is here. It’s a part of the generic TLD category, which was expanded to allow applications for custom TLDs. Google has led the charge, applying for 101 such new TLDs, with .zip being one of the interesting ones. Public registration for .zip domains has been open for a couple weeks, and some interesting domains have been registered, like update.zip, installer.zip, and officeupdate.zip.

The obvious question to ask is whether this new TLD can be abused for scamming and phishing purposes. And the answer is yes, sure it can. One of the trickiest ways is to use the AT symbol @ in a URL, which denotes user info at the beginning of the URL. It usually is used to include a username and password, like http://username:password@192.168.1.1/. That is pretty obvious, but what about https://google.com@bing.com? Still looks weird. The catch that really prevents this technique being abused is that slashes are disallowed in user data, so a abusive URL like https://google.com∕gmail∕inbox@bing.com is right out.

Except, take a look at that last link. Looks like it has slashes in it, so it should take you to google, and ignore the AT symbol. But it doesn’t, it goes to Bing. You may have guessed, it’s Unicode shenanigans again. Those aren’t slashes, they’re U2215, the division slash. And that means that a .zip TLD could be really sneaky, if the apparent domain is one you trust. Continue reading “This Week In Security: .zip Domains, Zip Scanning”

Revisiting Folk Wisdom For Modern Chronic Wound Care

In the constant pursuit of innovation, it’s easy to overlook the wisdom of the past. The scientific method and modern research techniques have brought us much innovation, which can often lead us to dismiss traditional cultural beliefs.

However, sometimes, there are still valuable kernels of truth in the folklore of yesteryear. This holds true in a medical study from Finland, which focused on the traditional use of spruce resin to treat chronic wounds, breathing new life into an age-old therapy.

Continue reading “Revisiting Folk Wisdom For Modern Chronic Wound Care”

Two Factor Authentication Apps: Mistakes To Malware

Everyone in security will tell you need two-factor authentication (2FA), and we agree. End of article? Nope. The devil, as always with security, is in the details. Case in point: in the last few weeks, none less than Google messed up with their Google Authenticator app. The security community screamed out loud, and while it’s not over yet, it looks like Google is on the way to fixing the issue.

Since 2FA has become a part of all of our lives – or at least it should – let’s take a quick dip into how it works, the many challenges of implementing 2FA correctly, what happened with Google Authenticator, and what options you’ve got to keep yourself safe online.

Continue reading “Two Factor Authentication Apps: Mistakes To Malware”

Microbubbles And Ultrasound: Getting Drugs Through The Blood-Brain Barrier

The brain is a rather important organ, and as such, nature has gone to great lengths to protect it. The skull provides physical protection against knocks and bumps, but there’s a lesser-known defense mechanism at work too: the blood-brain barrier. It’s responsible for keeping all the nasty stuff – like bacteria, viruses, and weird chemicals – from messing up your head.

The blood-brain barrier effectively acts as a filter between the body’s circulatory system and the brain. However, it also frustrates efforts to deliver drugs directly to the brain for treating conditions like brain tumors. Now, scientists have developed a new technique that may allow critical life saving drugs to get through the barrier with the help of ultrasound technology. 

Continue reading “Microbubbles And Ultrasound: Getting Drugs Through The Blood-Brain Barrier”

Astronaut Tracy Caldwell in the International Space Station. (Credit: NASA)

Making The Case For All-Female Exploration Missions To Mars And Beyond

A recent study in Nature Scientific Reports by Jonathan P. R. Scott and colleagues makes the case for sending exclusively all-female crews on long-duration missions. The reasoning here is simple: women have significant less body mass, with in the US the 50th percentile for women being 59.2 kg and 81.8 kg for men. This directly translates into a low total energy expenditure (TEE), along with a lower need for everything from food to water to oxygen. On a long-duration mission, this could conceivably save a lot of resources, thus increasing the likelihood of success.

With this in mind, it does raise the question of why female astronauts aren’t more commonly seen throughout Western space history, with Sally Ride being the first US astronaut to fly in 1983. This happened decades after the first female Soviet cosmonaut, when Valentina Tereshkova made history in 1963 on Vostok 6, followed by Svetlana Savitskaya in 1982 and again in 1984, when she became the first woman to perform a spacewalk.

With women becoming an increasingly more common sight in space, it does bear looking at what blocked Western women for so long, despite efforts to change this. It all starts with the unofficial parallel female astronaut selection program of the 1950s.

Continue reading “Making The Case For All-Female Exploration Missions To Mars And Beyond”

Space Shuttle Atlantis connected to Russia's Mir Space Station as photographed by the Mir-19 crew on July 4, 1995. (Credit: NASA)

The Soviet Space Station Program: From Military Satellites To The ISS

When the Space Race kicked off in earnest in the 1950s, in some ways it was hard to pin down where sci-fi began and reality ended. As the first artificial satellites began zipping around the Earth, this was soon followed by manned spaceflight, first in low Earth orbit, then to the Moon with manned spaceflights to Mars and Venus already in the planning. The first space stations were being launched following or alongside Kubrick’s 2001: A Space Odyssey, and countless other books and movies during the 1960s and 1970s such as Moonraker which portrayed people living (and fighting) out in space.

Perhaps ironically, considering the portrayal of space stations in Western media, virtually all of the space stations launched during the 20th century were Soviet, leaving Skylab as the sole US space station to this day. The Soviet Union established a near-permanent presence of cosmonauts in Earth orbit since the 1970s as part of the Salyut program. These Salyut space stations also served as cover for the military Almaz space stations that were intended to be used for reconnaissance as well as weapon platforms.

Although the US unquestionably won out on racing the USSR to the Moon, the latter nation’s achievements granted us invaluable knowledge on how to make space stations work, which benefits us all to this very day.

Continue reading “The Soviet Space Station Program: From Military Satellites To The ISS”

Hackaday Links Column Banner

Hackaday Links: May 14, 2023

It’s been a while since we heard from Dmitry Rogozin, the always-entertaining former director of Roscosmos, the Russian space agency. Not content with sending mixed messages about the future of the ISS amid the ongoing war in Ukraine, or attempting to hack a mothballed German space telescope back into action, Rogozin is now spouting off that the Apollo moon landings never happened. His doubts about NASA’s seminal accomplishment apparently started while he was still head of Roscosmos when he tasked a group with looking into the Apollo landings. Rogozin’s conclusion from the data his team came back with isn’t especially creative; whereas some Apollo deniers go to great lengths to find “scientific proof” that we were never there, Rogozin just concluded that because NASA hasn’t ever repeated the feat, it must never have happened.

Continue reading “Hackaday Links: May 14, 2023”