ArduinoMania

Despite our intrinsic distrust of AI in space taught to us by movies like 2001: A Space Odyssey ("I'm afraid I can't do that, Dave"), it offers large advantages to both manned and unmanned missions. To that end, NASA is developing a system that will allow astronauts to perform maneuvers, conduct experiments and more using a natural-language ChatGPT-like interface, The Guardian reported. 

"The idea is to get to a point where we have conversational interactions with space vehicles and they [are] also talking back to us on alerts, interesting findings they see in the solar system and beyond," said Dr. Larissa Suzuki, speaking at an IEEE meeting on next-gen space communication. "It's really not like science fiction anymore." 

NASA aims to deploy the system on its Lunar Gateway, a space station that will orbit the Moon and provide support for NASA's Artemis mission. It would use a natural language interface that allows astronauts to seek advice on experiments or conduct maneuvers without diving into complex manuals. 

On a dedicated page soliciting small business support for Lunar Gateway, NASA wrote that it would require AI and machine learning technologies to manage various systems when it's unoccupied as well. Those include autonomous operations of science payloads, data transmission prioritization, autonomous operations, health management of Gateway and more.

For instance, Suzuki outlined a scenario in which the system would automatically fix data transmission glitches and inefficiencies, along with other types of digital outages. "We cannot send an engineer up in space whenever a space vehicle goes offline or its software breaks somehow," she said. 

The New York City Department of Education has become the latest organization to disclose it had private data stolen as part of the far-reaching MOVEit file transfer software hack. In an email sent to parents on Sunday, the agency said the personal information of approximately 45,000 students, including in some cases social security numbers and birth dates, had recently been compromised. The Education Department said the personal information of staff was also accessed but did not share how many teachers and other personnel were affected.

“The safety and security of our students and staff, including their personal information and data, is of the utmost importance for the New York City Department of Education. Our top priority is determining exactly which confidential information was exposed, and the specific impact for each affected individual,” the department said Sunday. “When that determination is made, we will begin preparing notifications to individuals whose confidential information was compromised. Along with the notification, individuals will be offered access to an identity monitoring service.”

The Education Department is one of many organizations affected by the MOVEit hack. Clop, a ransomware gang with suspected pro-Russian ties, claimed responsibility for the cyberattack in early June. The group took advantage of a zero-day vulnerability in the enterprise file transfer software to breach the servers of “hundreds of companies,” including the largest US pension fund. The scale of the New York City Department of Education breach is small compared to some of the other victims caught up in the hack but is notable for including the personal information of minors. In an interview with Bleeping Computer, the Clop gang claimed it would erase any data it obtained from governments, the military and children’s hospitals. It’s unclear if the group includes student data in that final category.

NASA has achieved a technological milestone that could one day play an important role in missions to the Moon and beyond. This week, the space agency revealed (via Space.com) that the International Space Station’s Environmental Control and Life Support System (ECLSS) is recycling 98 percent of all water astronauts bring onboard the station. Functionally, you can imagine the system operating in a way similar to the Stillsuits described in Frank Herbert’s Dune. One part of the ECLSS uses “advanced dehumidifiers” to capture moisture the station’s crew breaths and sweat out as they go about their daily tasks.

Another subsystem, the imaginatively named “Urine Processor Assembly,” recovers what astronauts pee with the help of vacuum distillation. According to NASA, the distillation process produces water and a urine brine that still contains reclaimable H20. The agency recently began testing a new device that can extract what water remains in the brine, and it’s thanks to that system that NASA observed a 98 percent water recovery rate on the ISS, where previously the station was recycling about 93 to 94 percent of the water astronauts were bringing aboard.

“This is a very important step forward in the evolution of life support systems,” said NASA’s Christopher Brown, who is part of the team that manages the International Space Station’s life support systems. “Let’s say you collect 100 pounds of water on the station. You lose two pounds of that and the other 98 percent just keeps going around and around. Keeping that running is a pretty awesome achievement.”

If the thought of someone else drinking their urine is causing you to gag, fret not. “The processing is fundamentally similar to some terrestrial water distribution systems, just done in microgravity,” said Jill Williamson, NASA’s ECLSS water subsystems manager. “The crew is not drinking urine; they are drinking water that has been reclaimed, filtered, and cleaned such that it is cleaner than what we drink here on Earth.”

According to Williamson, systems like the ECLSS will be critical as NASA conducts more missions beyond Earth's orbit. “The less water and oxygen we have to ship up, the more science that can be added to the launch vehicle,” Williamson said. “Reliable, robust regenerative systems mean the crew doesn’t have to worry about it and can focus on the true intent of their mission.”

If you had hoped to play Diablo IV this weekend, it appears someone is intent on ruining those plans. Since at least the early hours of Sunday morning, Blizzard's Battle.net online service has been the target of an apparent DDoS attack, making it difficult, if not impossible, to play Diablo IV,World of Warcraft and other Blizzard titles. "We continue to actively monitor an ongoing DDoS attack which is affecting latency/connections to our games," Blizzard's customer support account tweeted at 10:24AM after it originally said it was investigating an authentication issue.    

As of 12:30PM ET, the issue appears to be unresolved. "We are currently experiencing a DDoS attack, which may result in high latency and disconnections for some players," states a notification that appears when you launch Battle.net on PC. "We are actively working to mitigate this issue." When I tried to log into Diablo IV, I was briefly able to play the game before I was disconnected. Over on Reddit, some players report they haven't been able to play Blizzard's latest for at least 10 to 12 hours. At the very least, you can bet this incident will likely renew calls for Blizzard to add an offline mode to Diablo IV. 

When Engadget Senior Editor Devindra Hardawar previewed the Vision Pro in early June, the prototype unit he tried featured an extra velcro strap not seen in any of Apple’s promotional material. At the time, a company spokesperson told him that the handset would support additional straps if necessary.

According to Bloomberg’s Mark Gurman, Apple created the strap, which goes over the wearer’s head, after some employees complained the Vision Pro felt “too heavy” after a couple of hours of use. In a move that feels reminiscent of the company’s decision to sell the Pro Display XDR’s stand as a separate $999 purchase, Apple is reportedly considering selling the strap as an optional accessory rather than including it in the box.

Perhaps that shouldn’t come as a surprise seeing as Apple said Vision Pro would “start” at $3,499 when it arrives in 2024, but considering most previews mentioned the headset's weight as a potential concern, it feels strange to hear the company won't go out of its way to ensure consumers have a comfortable experience out of the box. 

Given the Vision Pro’s hefty price, you might think the company will market the device only to developers, but Apple seems intent on selling it to consumers as well. Gurman reports the company plans to create dedicated areas within its retail stores where people will have the chance to demo the device. He adds Apple has developed an iPhone app that its retail workers will use to scan a customer’s face so that they can ensure the person leaves the store with the correctly sized bands and light seal for their headset.

With the Vision Pro not slated to go on sale until early next year, the headset could arrive as late as May 2024, giving Apple almost a year to alter its plans. In the meantime, Gurman says the company has already reassigned some employees to work on a more affordable headset and a second-generation Vision Pro.

As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet. Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers are able to swamp game servers and prevent players from logging on for hours or days at a time. The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any Tom, Dick, and Script-kiddie rental access to the same power. 

It's a big internet out there, and bad actors are plentiful. There are worse things than spammers and scammers swimming in the depths of the Dark Web. In his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks, Dr. Scott J Shapiro, Professor of Law and Philosophy at Yale Law School traces the internet's illicit history through five of the biggest attacks on digital infrastructure ever recorded.

Farrar Straus Giraux

FANCY BEAR GOES PHISHING: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro. Published by Farrar, Straus and Giroux. Copyright © 2023 by Scott J. Shapiro. All rights reserved. 

Crime as a Service

Not all Denial of Service attacks use botnets. In 2013, the Syrian Electronic Army (SEA)—the online propaganda arm of the brutal Bashar al-Assad regime—hacked into Melbourne IT, the registrar that sold the nytimes.com domain name to The New York Times. The SEA altered the DNS records so that nytimes.com pointed to SEA’s website instead. Because Melbourne IT contained the authoritative records for the Times’ website, the unauthorized changes quickly propagated around the world. When users typed in the normal New York Times domain name, they ended up at a murderous organization’s website.

Conversely, not all botnets launch Denial of Service attacks. Botnets are, after all, a collection of many hacked devices governed by the attacker remotely, and those bots can be used for many purposes. Originally, botnets were used for spam. The Viagra and Nigerian Prince emails that used to clutter inboxes were sent from thousands of geographically distributed zombie computers. In these cases, the attacker reaches out to their army of bots, commanding them to send tens of thousands of emails a day. In 2012, for example, the Russian Grum botnet sent over 18 billion spam emails a day from 120,000 infected computers, netting its botmaster $2.7 million over three years. Botnets are excellent spam infrastructure because it’s hard to defend against them. Networks usually use “block lists”: lists of addresses that they will not let in. To block a botnet, however, one would have to add the addresses of thousands of geographically disbursed servers to the list. That takes time and money.

Because the malware we have seen up till now — worms, viruses, vorms, and wiruses.— could not work together, it was not useful for financially motivated crime. Botnet malware, on the other hand, is because the botnets it creates are controllable. Botmasters are capable of issuing orders to each bot, enabling them to collaborate. Indeed, botnet malware is the Swiss Army knife of cybercrime because botmasters can tell bots in their thrall to implant malware on vulnerable machines, send phishing emails, or engage in click fraud allowing botnets to profit from directing bots to click pay-per-click ads. Click fraud is especially lucrative, as Paras Jha would later discover. In 2018, the ZeroAccess botnet could earn $100,000 a day in click fraud. It commanded a million infected PCs spanning 198 countries, including the island nation of Kiribati and the Himalayan Kingdom of Bhutan. 

Botnets are great DDoS weapons because they can be trained on a target. One day in February 2000, the hacker MafiaBoy knocked out Fifa.com, Amazon.com, Dell, E*TRADE, eBay, CNN, as well as Yahoo!, then the largest search engine on the internet. He overpowered these web servers by commandeering computers in forty-eight different universities and joining them together into a primitive botnet. When each sent requests to the same IP address at the same time, the collective weight of the requests crashed the website. 

After taking so many major websites off-line, MafiaBoy was deemed a national security threat. President Clinton ordered a countrywide manhunt to find him. In April 2000, MafiaBoy was arrested and charged, and in January 2001 he pled guilty to fifty-eight charges of Denial of Service attacks. Law enforcement did not reveal MafiaBoy’s real name, as this national security threat was only fifteen years old. MafiaBoy later revealed himself to be Michael Calce. “You know I’m a pretty calm, collected, cool person,” Calce reported. “But when you have the president of the United States and attorney general basically calling you out and saying, ‘We’re going to find you’ . . . at that point I was a little bit worried.” Calce now works in the cybersecurity industry as a white hat — a good hacker, as opposed to a black hat, after serving five months in juvenile detention. 

Both MafiaBoy and the VDoS crew were adolescent boys who crashed servers. But whereas MafiaBoy did it for the lulz, VDoS did it for the money. Indeed, these teenage Israeli kids were pioneering tech entrepreneurs. They helped launch a new form of cybercrime: DDoS as a service. DDoS as a service is a subscription-based model that gives subscribers access to a botnet to launch either a daily quota or unlimited attacks, depending on the price. DDoS providers are known as booter services or stressor services. They come with user-friendly websites that enable customers to choose the type of account, pay for subscriptions, check status of service, launch attacks, and receive tech support. 

VDoS advertised their booter service on Hack Forums, the same site on which, according to Coelho, Paras Jha spent hours. On their website, www.vdos-s.com, VDoS offered the following subscription services: Bronze ($19.99/month), Silver ($29.99/month), Gold ($39.99/month), and VIP ($199.99/month) accounts. The higher the price, the more attack time and volume. At its peak in 2015, VDoS had 1,781 subscribers. The gang had a customer service department and, for a time, accepted PayPal. From 2014 to 2016, VDoS earned $597,862, and it launched 915,287 DDoS attacks in one year. 

VDoS democratized DDoS. Even the most inexperienced user could subscribe to one of these accounts, type in a domain name, and attack its website. “The problem is that this kind of firepower is available to literally anyone willing to pay thirty dollars a month,” Allison Nixon, director of security research at business-risk-intelligence firm Flashpoint, explained. “Basically what this means is that you must have DDoS protection to participate on the internet. Otherwise, any angry young teenager is going to be able to take you off-line in a heartbeat.” Even booter services need DDoS protection. VDoS hired Cloudflare, one of the largest DDoS mitigation companies in the world. 

DDoS as a service was following a trend in cybercrime known as “malware as a service.” Where users had once bought information about software vulnerabilities and tried to figure out how to exploit those vulnerabilities themselves, or had bought malicious software and tried to figure out how to install and execute it, they could now simply pay for the use of malware and hack with the click of a button, no technical knowledge required.

Because customers who use DDoS as a service are inexperienced, they are particularly vulnerable to scams. Fraudsters often advertise booter services on public discussion boards and accept orders and payment, but do not launch the promised attacks. Even VDoS, which did provide DDoS service, did so less aggressively than advertised. When tested by Flashpoint, VDoS botnet never hit the promised fifty gigabits/second maximum, ranging instead from six to fourteen gigabits/second.

The boards that advertise booter services, as Hack Forums once did, are accessible to anyone with a standard browser and internet connection. They exist on the Clear Web, not on the so-called Dark Web. To access sites on the Dark Web you must use a special network, known as Tor, typically using a special browser known as the Tor Browser. When a user tries to access a website on the Dark Web, the Tor Browser does not request web pages directly. It chooses three random sites—known as nodes—through which to route the request. The first node knows the original sender, but not the ultimate destination. The second node knows neither the original source nor the ultimate destination—it recognizes only the first node and the third node. The third node knows the ultimate destination, but not the original sender. In this way, the sender and receiver can communicate with each other without either knowing the other’s identity.

The Dark Web is doubly anonymous. No one but the website owner knows its IP address. No one but the visitor knows that they are accessing the website. The Dark Web, therefore, tends to be used by political dissidents and cybercriminals—anyone who needs total anonymity. The Dark Web is legal to browse, but many of its websites offer services that are illegal to use. (Fun fact: the U.S. Navy created the Dark Web in the mid-1990s to enable their intelligence agents to communicate confidentially.)

It might be surprising that DDoS providers could advertise on the Clear Web. After all, DDoS-ing another website is illegal everywhere. In the United States, one violates the Computer Fraud and Abuse Act if one “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization,” where damage includes “any impairment to the . . . availability of data, a program, a system, or information.” To get around this, booter services have long argued they perform a legitimate “stressor” function, providing those who set up web pages a means to stress test websites. Indeed, booter services routinely include terms of service that prohibit attacks on unauthorized sites and disclaim all responsibility for any such attacks.

In theory, stressor sites play an important function. But only in theory. Private chats between VDoS and its customers indicated that they were not stressing their own websites. As a booter service provider admitted to Cambridge University researchers, “We do try to market these services towards a more legitimate user base, but we know where the money comes from.”

Bethesda announced The Elder Scrolls VI five years ago at E3 2018, but the new fantasy RPG is still “five-plus years away,” according to Phil Spencer. The chief of Microsoft’s Gaming division revealed the game’s potential release timeframe during day two of the hearing where the Federal Trade Commission (FTC) is seeking an injunction to block the company’s proposed acquisition of Activision Blizzard.

“I think we’ve been a little unclear on what platforms it will launch on given how far out the game is. It’s difficult for us right now to nail down exactly what platforms that game will launch on," Spencer said in response to questioning by an FTC lawyer, as reported by IGN. "As I said with Elder Scrolls VI, it’s so far out it’s hard to understand what the platforms will even be at this point. It’s the same team that’s finishing Starfield, which comes out this September. So we’re talking about it being likely five-plus years away."

If you’ve been following any bit of news Bethesda has shared about The Elder Scrolls VI, the game’s distant release date should come as no surprise. Back in 2020, Pete Hines, the publisher’s senior vice president of marketing and communications, said Bethesda wouldn’t have anything substantial to share about the title for another few years. "It’s after Starfield, which you pretty much know nothing about," he tweeted at the time. “So if you’re coming at me for details now and not years from now, I’m failing to properly manage your expectations.” Based on Spencer’s comments, The Elder Scrolls VI may skip the current generation of consoles entirely. Last week, Bethesda Game Studios Creative Director Todd Howard said the Elder Scrolls VI “may be the last game” of his career.

On Friday, a federal court sentenced Joseph James O’Conner to five years in prison for his involvement in the 2020 Twitter hack. Last month, the 24-year-old, known as PlugwalkJoe online, plead guilty to a host of cyber crimes, including carrying out a SIM-swapping attack that targeted a TikTok account with millions of followers. The 2020 Twitter hack saw O’Conner and his co-perpetrators obtain access to the company’s backend and subsequently the accounts of Elon Musk, Bill Gates, Barack Obama and more than 100 other high-profile users. O’Conner netted $794,000 in the crypto scam that followed.

"After stealing and fraudulently diverting the stolen cryptocurrency, O'Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services," the Justice Department said. "Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O'Connor." In 2021, Graham Ivan Clark, the alleged teenage mastermind behind the breach, plead guilty in return for a three-year prison sentence. In addition to his five-year sentence, O’Conner also faces three years of supervised release after his prison term. He must also forfeit the $794,000 he defrauded during the hack.

If you’re a Star Trek fan and haven’t watched Prodigy yet, you may want to do so before next week. According to The Hollywood Reporter (via io9), Paramount+ has canceled the series alongside a handful of other shows, including Grease: Rise of the Pink Ladies and The Game. Taking a page from Disney and Max owner Warner Bros. Discovery, Paramount Global is also removing Star Trek: Prodigy, and the other shows it canceled on Friday, from Paramount+ in exchange for a tax writeoff. Fans have until sometime next week to watch the series before its fate becomes uncertain.

“As we prepare to combine Paramount+ and Showtime later this month in the US, we are refining our content offering to deliver the best streaming experience for subscribers,” a Paramount+ spokesperson told The Hollywood Reporter. “This is consistent with our content strategy since launch and across our business, which ensures we make smart, efficient choices, informed by audience data and insights. We are removing select programming as we look to optimize Showtime’s robust slate of premium originals.”

The cancelation comes after Paramount+ previously greenlit a second season of Star Trek: Prodigy. The show could find another home. The Hollywood Reporter notes Prodigy producer CBS Studios plans to complete postproduction on season two and shop both seasons to a new streaming platform. The announcement won’t affect other Star Trek series, with Paramount+ set to remain the home of ongoing entries like Strange New Worlds.

Apple makes some of the best earbuds you can use with an iPhone, and now you can buy a pair of AirPods Pro for less than you would typically pay for them. The second-generation model has dropped back to its all-time low price of $200, or $50 off the AirPods Pro’s usual $250 price.

Similar appearances aside, the 2022 AirPods Pro are a significant upgrade over the original 2019 model. Thanks to a more powerful H2 chip, the new AirPods Pro boast better audio quality and improved ANC capabilities. They also offer one of the best transparency modes on any set of wireless earbuds on the market right now. The AirPods Pro aren’t perfect, however. Battery life is so-so and the new touch controls could be more intuitive. But for $200, you’ll be hard-pressed to find another pair of Bluetooth headphones that offers the mix of features and convenience that the AirPods Pro do.

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.