Has CERN found an exploitable vulnerability in physics?

Rresearchers at the European Organization for Nuclear Research, better known as CERN, claim to have exported subatomic particles from Switzerland to Italy at greater than the speed of light!

You read that correctly. Greater than the speed of light - something which even science fiction fans accept isn't really supposed to happen.
Reports say that CERN boosted streams of neutrinos to a whopping 300,006 kilometres per second on their journey from Geneva, Switzerland, to a laboratory over 700km away in Gran Sasso, Italy.

But received wisdom - and the so-called Standard Model of physics - says that the neutrinos ought to have topped out at just 299792 kilometres per second, the speed of light. Suddenly, the laws of physics seem to have an exploitable vulnerability.
The results now need checking out, a project which researchers worldwide will doubtless be keen to take on.
Unless and until the findings are disproved, however, we can all hope that this means that the speed of light will no longer be the limiting factor in the speeds at which we can send data across the internet.
And then, who knows?
Perhaps we will be able to replace our fibre optic cables with neutrino-based transmission systems, and gain an unexpected 0.07% improvement in performance?
Just imagine how much more YouTube video we'd be able to pack into our busy lives!

Mac OS X Trojan hides behind malicious PDF disguise

A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it.
Despite the numerous times that cybercriminals have created boobytrapped PDF files that exploit vulnerabilities to infect unsuspecting users, many people still think that PDF files are somehow magically safer to open than conventional programs.
The OSX/Revir-B Trojan plays on this by posing as a PDF file.
When the malicious Macintosh application file is run it tries to drop a PDF embedded inside it onto the user's hard drive. The Chinese language PDF file displayed is about a controversial topic, "Do the Diaoyu Islands belong to Japan?"
The Diaoyu Islands (known as the Senkaku islands in Japan) are the subject of a long-running dispute between the two countries, with both claiming sovereignty.
Because the document is opened, users may believe that they have opened a harmless PDF rather than run a program.

When we tested the malware inside our labs, we couldn't manage to get it to execute as the author probably intended - however, strings embedded deep inside its code make it clear that it was written with malicious intent.

The malware attempts to install a backdoor Trojan horse (detected by Sophos as OSX/Imuler-A) which would give malicious hackers remote access to your Apple Mac computer.
As our friends at F-Secure point out, we have seen plenty of Windows malware in the past which has pretended to be a PDF rather than an EXE - sometimes using techniques such as the double-extension trick (for instance, filename.PDF.EXE).
It's quite possible that this is evidence that Mac malware authors are attempting something similar, moving on from the fake anti-virus alerts that blighted many Mac users earlier this year.
Customers of Sophos, including users of Sophos's free anti-virus for Mac, are protected against the malware.

Homeless hacker 'Commander X' pleads not guilty

The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front (PLF) associated with Anonymous hacktivism.
47-year-old Christopher Doyon has entered a not guilty plea to charges of "conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting".
According to an indictment filed against Christopher Doyon and another man, Joshua John Covelli, the charges specifically relate to a denial-of-service attack against the servers of Santa Cruz County in December 2010, after the city put in place a law prohibiting camping inside the city.

The indictment gives Doyon the aliases "PLF", "Commander Adama" (clearly a Battlestar Galactica fan) and "Commander X". Covelli meanwhile is alleged to use the pseudonyms "Absolem" and "Toxic". 26-year-old Covelli was previously named in connection with internet attacks on PayPal.
Someone calling themselves "Commander X" gave an interview to CBS News earlier this year, claiming responsibility for denial-of-service attacks by Anonymous.

According to a CBS News report, "Commander X" told their reporter that he had no fear about being caught:

"We're not going to turn ourselves in. They can come and get us is what I say. Bring it on. Until then, we run... We will remain free and at liberty and at large for as long as we can, and when the time comes that each and every one of us eventually will be brought to justice, we will hold our head high in any court of law and we will defend our actions."

Doyon is scheduled to appear on September 29th for a bail hearing

Secure web browsing cracked by BEAST

A pair of researchers have unveiled a serious new attack on web browser security.
The researchers used this week's Ekoparty security conference in Buenos Aires to unveil a new tool that attacks TLS and SSL, the cryptographic protocols used to establish secure web connections.
The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.
The tool, known as BEAST (Browser Exploit Against SSL/TLS), compromises TLS by exploiting a vulnerability that has been known about for years but which has been treated as a theoretical problem until now.
However, although researchers Thai Duong and Juliano Rizzo have significantly raised the stakes it's probably too early to start hoarding tins of beans and donning our tin foil hats.
Right now the attack can take up to half an hour to execute. Although the researchers have hinted that this can be significantly reduced the fact is that if you have the malicious nature, time and access required to execute this attack then there are probably easier ways to exercise your criminal ambitions.
Even when governments attack weapons manufacturers, they don't need to get any more high-tech then basic con tricks like spear-phishing.
The danger of BEASTly attacks against TLS has moved a little closer but we probably have enough time to react before it becomes practical.
A good start would be for browser and server vendors to pull their collective fingers out and start supporting versions 1.1 and 1.2 of TLS. Both of them have specific defences against this kind of attack but unfortunately support for them is poor.
Duong and Rizzo tipped off the major browser vendors about their findings months ago but so far the only response appears to have come from the folks at Chrome. A fix for the attack is currently under test in the development version of their browser.
If you run a web server and you're concerned you may want to take a look at switching them so that they prefer the rc4-sha cipher. It's widely supported and isn't vulnerable to this kind of attack.
Although the BEAST attack is targeted at browsers there are plenty of other applications that rely on TLS, not least mail servers. Although BEAST isn't targeted at them I'm sure it will have raised eyebrows and their vendors will be taking a keen interest. Keep an eye out for updates and advisories.
If you want to know more about how the attack actually works then I recommend you take a look at nickm's excellent and accessible write-up over at the Tor project.

NASA looks to lasers to speed data

WASHINGTON, (UPI) -- NASA says it's looking at lasers to speed up the transmission of high-resolution images from distance spacecraft like those now on Mars.
It currently takes 90 minutes to transmit images to Earth from the planet by radio, but NASA said research could dramatically reduce that time to just minutes and a new optical communications system it plans to demonstrate in 2016 will lead the way.
Such a system could even allow the streaming of high-definition video from distances beyond the moon, a release by the agency said Thursday.
"We want to take NASA's communications capabilities to the next level," said Dave Israel, who is leading a research team that includes NASA's Jet Propulsion Laboratory in Pasadena, Calif., and the Massachusetts Institute of Technology.
Current communication technology will not keep pace with the projected data needs of advanced instruments and future human exploration, Israel said.
"Just as the home Internet user hit the wall with dial-up, NASA is approaching the limit of what its existing communications network can handle," he said.
The solution, NASA said, is to augment its legacy radio-based network with laser-based optical systems that could increase data rates by anywhere from 10 to 100 times.
"This transition will take several years to complete, but the eventual payback will be very large increases in the amount of data we can transmit, both downlink and uplink, especially to distant destinations in the solar system and beyond," James Reuther of NASA's Office of the Chief Technologist said.

NASA Satellite Hits Earth, Space Agency Confirms

WASHINGTON — NASA's dead 6-ton satellite plunged to Earth early Saturday, but more than eight hours later, U.S. space officials didn't know just where it hit. They thought the fiery fall was largely over water and the debris probably hurt no one.
The bus-sized satellite first penetrated Earth's atmosphere somewhere over the Pacific Ocean, according to NASA and the U.S. Air Force's Joint Space Operations Center. But that doesn't necessarily mean it all fell into the sea.
NASA's earlier calculations had predicted that the 20-year-old former climate research satellite would fall over a 500-mile swath and could include land.
Because the plummet began over the ocean and given the lack of any reports of people being hit, that "gives us a good feeling that no one was hurt," but officials didn't know for certain, NASA spokesman Steve Cole told The Associated Press.
The two government agencies said the 35-foot satellite fell sometime between 11:23 p.m. EDT Friday and 1:09 a.m. EDT Saturday, but with no precise time or location.
There was rampant speculation on the Internet and Twitter, much of it focusing on unconfirmed reports and even video of debris over Alberta, Canada.
Cole said that was possible because the last track for the satellite included Canada, starting north of Seattle and then in a large arc north then south. From there, the track continued through the Atlantic south toward Africa, but it was unlikely the satellite got that far if it started falling over the Pacific.
Cole said NASA was hoping for more details from the Air Force, which was responsible for tracking debris.
But given where the satellite may have fallen, officials may never quite know precisely.

"Most space debris is in the ocean. It'll be hard to confirm," Cole said.
Some 26 pieces of the satellite representing 1,200 pounds of heavy metal had been expected to rain down somewhere. The biggest surviving chunk should be no more than 300 pounds.
The Upper Atmosphere Research Satellite is the biggest NASA spacecraft to crash back to Earth, uncontrolled, since the post-Apollo 75-ton Skylab space station and the more than 10-ton Pegasus 2 satellite, both in 1979.
Russia's 135-ton Mir space station slammed through the atmosphere in 2001, but it was a controlled dive into the Pacific.
Before UARS fell, no one had ever been hit by falling space junk and NASA expected that not to change.
NASA put the chances that somebody somewhere on Earth would get hurt at 1-in-3,200. But any one person's odds of being struck were estimated at 1-in-22 trillion, given there are 7 billion people on the planet.
The satellite ran out of fuel and died in 2005. UARS was built and launched before NASA and other nations started new programs that prevent this type of uncontrolled crashes of satellite.
___
Online:
NASA: http://www.nasa.gov/mission_pages/uars/index.html

NASA Says Satellite Fell to Earth Over Pacific Ocean

NASA

An artist's concept of the Upper Atmosphere Research Satellite (UARS) satellite in space. The 6 1/2-ton satellite was deployed from space shuttle Discovery in 1991 and decommissioned in December 2005.

NASA's dead six-ton satellite fell to Earth early Saturday morning, starting its fiery death plunge somewhere over the vast Pacific Ocean.

Details were still sketchy, but the U.S. Air Force's Joint Space Operations Center and NASA say that the bus-sized satellite first penetrated Earth's atmosphere somewhere over the Pacific Ocean. That doesn't necessarily mean it all fell into the sea -- although most of it is believed to have burned up.

There are a myriad of unconfirmed reports, including video that purportedly shows the satellite breaking up over Canada. There were also unconfrimed reports of debris seen from Florida. However, Cecilie Korst of the Aerospace Corporation said Oregon was likely the last place in the U.S. that the satellite was visible.

NASA's calculations had predicted that the former climate research satellite would fall over a 500-mile swath.

The two government agencies say the 35-foot satellite fell sometime between 11:23 p.m. EDT and 1:09 a.m. EDT. NASA said it didn't know the precise time or location yet

Some 26 pieces of the satellite -- representing 1,200 pounds of heavy metal -- were expected to rain down somewhere. The biggest surviving chunk should be no more than 300 pounds.

The Upper Atmosphere Research Satellite, or UARS, will be the biggest NASA spacecraft to crash back to Earth, uncontrolled, since the post-Apollo 75-ton Skylab space station and the more than 10-ton Pegasus 2 satellite, both in 1979.

Russia's 135-ton Mir space station slammed through the atmosphere in 2001, but it was a controlled dive into the Pacific.

Some 26 pieces of the UARS satellite -- representing 1,200 pounds of heavy metal -- are expected to rain down somewhere. The biggest surviving chunk should be no more than 300 pounds (136 kilograms).

Earthlings can take comfort in the fact that no one has ever been hurt by falling space junk -- to anyone's knowledge -- and there has been no serious property damage. NASA put the chances that somebody somewhere on Earth would get hurt at 1-in-3,200. But any one person's odds of being struck were estimated at 1-in-22 trillion, given there are 7 billion people on the planet.

"Keep in mind that we have bits of debris re-entering the atmosphere every single day," said NASA orbital debris scientist Mark Matney in brief remarks broadcast on NASA TV.

In any case, finders definitely aren't keepers.

Any surviving wreckage belongs to NASA, and it is against the law to keep or sell even the smallest piece. There are no toxic chemicals on board, but sharp edges could be dangerous, so the space agency is warning the public to keep hands off and call police.

The $740 million UARS was launched in 1991 from space shuttle Discovery to study the atmosphere and the ozone layer. At the time, the rules weren't as firm for safe satellite disposal; now a spacecraft must be built to burn up upon re-entry or have a motor to propel it into a much higher, long-term orbit.

NASA shut UARS down in 2005 after lowering its orbit to hurry its end. A potential satellite-retrieval mission was ruled out following the 2003 shuttle Columbia disaster, and NASA did not want the satellite hanging around orbit posing a debris hazard.
Space junk is a growing problem in low-Earth orbit. More than 20,000 pieces of debris, at least 4 inches in diameter, are being tracked on a daily basis. These objects pose a serious threat to the International Space Station.