Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 59

Of their yearly balance of about €3 million, nearly the entirely is spent on the main congress and other events and conferences. Over the last few years, addressing geography, generation, and gender equities (3G), the International Astronautical Federation established itself as the youngest and most diverse space organization in the world. Over the same period, the IAF President Pascale Ehrenfreund, has pushed her excellent Global Innovation Agenda which “has brought emerging countries to our space family through conferences, expanded work with partner organizations, and created innovative systems for sharing information among members” [1].In his first newsletter [2] the incumbent President, Clay Mowry, communicated the IAF agenda for next 3 years: “Sustainability, Investment and Security”. According to Mowry, “the IAF should seek to influence conversations around the sustainability of the space environment. Securing orbits, spacecraft, frequencies, and physical resources is critical to the future viability of space exploration.” And: “The coming three years will see a shift towards the commercial development of low Earth orbit and major push to field systems in lunar orbits and on the surface of the Moon. We must be prepared to tackle the challenges of growing investment in the space sector head-on. Security refers to the freedom to operate safely in the space domain. Without it, investors and nation states can hardly be expected to pour the continued resources and attention required to secure humanity’s future beyond Earth.”

An agenda oriented to civilian space development? We may say yes, moderately. We want to encourage and further develop this orientation, and we’ll do our best to move IAF more on the side of human expansion into the Geo-Lunar space and the Solar System.

As we said in all of our presentations at IAC 73, “Space for All” is an excellent motto, yet today it is still not yet a reality. We have to work for the realization of that goal, that all Earthers wishing to emigrate into outer space can do it safely, as soon as possible. Such a goal is in perfect continuity with the fully inclusive spirit of IAF! Prominent among the concepts we presented in various symposia and discussions in Paris is that of a modern Eutopia [3] for our time: a fully sustainable inclusive society, one which allows for the healthy and continued growth of 8 billion people. Such an idea cannot be realized within the boundaries of our closed world; but it could be realized through expansion into our celestial frontier.

Read more | >

Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead.

The attack relies on a small time difference in the return of a “404 Not Found” error when searching for a private compared to a non-existent package in the repository.

While the response time difference is only a few hundred milliseconds, it is enough to determine whether a private package exists to perform package impersonation attacks.

Read more | >

Signal says it will start to phase out SMS and MMS message support from its Android app to streamline the user experience and prioritize security and privacy.

While this announcement may surprise those who don’t know Signal can also be used to manage this type of text message, the Signal for Android app could be configured as the default SMS/MMS app since its beginning as TextSecure, an app that used the Axolotl Ratchet protocol.

“We have now reached the point where SMS support no longer makes sense. In order to enable a more streamlined Signal experience, we are starting to phase out SMS support from the Android app,” the company said in a blog post published today.

Read more | >

Providing “impeccable” security at the intersection of innovation, technology, and adventure sports.

Adrenaline junkies, thrill seekers, and newbies, you might want to add experiencing a first-of-its-kind giant swing backed by Artificial Intelligence (AI) to your bucket list.

IStock/Adventure_Photo.

Come 2023, tourists in Manali, a gorgeous high-altitude Himalayan town in Himachal Pradesh, a northern state in India. Manali is famed for its jaw-dropping sights and adventure tourism and is popular with backpackers and honeymooners. Founded by four childhood adventure enthusiast friends who are engineers, certified rock climbers, and mountaineers, the start-up, called ‘ManaliSwing,’ could be an additional feature in Manali’s cap.

Read more | >

Learn how your company can create applications to automate tasks and generate further efficiencies through low-code/no-code tools on November 9 at the virtual Low-Code/No-Code Summit. Register here.

With the increasing digitization of services across multiple industries, large corporations are pushing for new security measures to keep their customers’ documents and sensitive information secure. Among these measures are passwordless logins, with new authentication methods adding an extra layer of data protection.

The transition to passwordless logins is undeniable, with approximately 60% of large and global enterprises and 90% of midsize enterprises predicted to adopt passwordless methods in at least 50% of use cases, according to a recent Gartner study. This comes as no surprise, as security problems associated with password-only authentication are among the digital world’s biggest vulnerabilities. Consumers are often tempted to reuse passwords across different services due to the difficulty of managing so many passwords.

Read more | >

Twelve new security flaws impacting various chipsets were disclosed in this month’s security advisory for Qualcomm’s devices, two of which have been given a critical severity rating. Two significant flaws in Qualcomm chipsets have been identified that might allow malicious payloads to installed remotely on the Android devices.

The first vulnerability, identified as CVE-2022–25748 (CVSS score 9.8), affects Qualcomm’s WLAN component and is described as a “Integer Overflow to Buffer Overflow during parsing GTK frames”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

The second vulnerability, identified as CVE-2022–25718 (CVSS score 9.1), also affects Qualcomm’s WLAN component and is described as a “Cryptographic issue in WLAN due to improper check on return value while authentication handshake”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

Read more | >

A security investigator has discovered three new code execution flaws in the Linux kernel that might be exploited by a local or external adversary to take control of the vulnerable computers and run arbitrary code. The roccat_report_event function in drivers/hid/hid-roccat.c has a use-after-free vulnerability identified as CVE-2022–41850 (CVSS score: 8.4). A local attacker might exploit this flaw to run malicious script on the system by submitting a report while copying a report->value. Patch has be released to addresses the Linux Kernel 5.19.12 vulnerability CVE-2022–41850.

The second flaw tracked as CVE-2022–41848 (CVSS score: 6.8), is also a use-after-free flaw due to a race condition between mgslpc_ioctl and mgslpc_detach in drivers/char/pcmcia/synclink_cs.c. By removing a PCMCIA device while calling ioctl, an attacker could exploit this vulnerability to execute arbitrary code on the system. The bug affects Linux Kernel 5.19.12 and was fixed via this patch.

Due to a compatibility issues between mgslpc ioctl and mgslpc detach in drivers/char/pcmcia/synclink cs.c, the second vulnerability, tagged as CVE-2022–41848 (CVSS score: 6.8), is likewise a use-after-free vulnerability. An adversary might use this flaw to run malicious script on the computer by deleting a PCMCIA device while executing ioctl. There is a patch that corrects this flaw that was present in the Linux Kernel 5.19.12.

Read more | >

Tiny particles are interconnected despite sometimes being thousands of kilometers apart—Albert Einstein called this “spooky action at a distance.” Something that would be inexplicable by the laws of classical physics is a fundamental part of quantum physics. Entanglement like this can occur between multiple quantum particles, meaning that certain properties of the particles are intimately linked with each other.

Entangled systems containing multiple offer significant benefits in implementing quantum algorithms, which have the potential to be used in communications, or quantum computing. Researchers from Paderborn University have been working with colleagues from Ulm University to develop the first programmable optical quantum memory. The study was published as an “Editor’s suggestion” in the Physical Review Letters journal.

Read more | >

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

The open-source Linux operating system is an essential component of the cloud and enterprise application delivery. In fact, every cloud service, even Microsoft, offers Linux-based compute resources and Linux is often the default choice for embedded and internet of things (IoT) devices. Among the major Linux distribution vendors today are IBM’s Red Hat business unit, German vendor SUSE and Canonical, which develops the Ubuntu Linux distribution.

The market for Linux is forecast to grow to $22.15 billion by 2029, according to Fortune Business Insights, up from $6.27 billion in 2022.

Read more | >