Phone numbers, personal information for 533 million Facebook users exposed online, report says
Apr 04. 2021
By Hannah Knowles The Washington Post
Personal information on more than 500 million Facebook users – previously leaked and now made more widely available – was shared online Saturday, according to the news site Insider, worrying experts who said the compromised data could make people more vulnerable to fraud.
Insider said it reviewed a sample of the leaked phone numbers, birth dates, biographical details and more and found that some data matched known Facebook users’ records. The Washington Post has not independently verified the information. Facebook said the leak involved “old” data stemming from a problem resolved in 2019, but the news still sparked renewed scrutiny of a social media giant previously dogged by high-profile concerns about data privacy.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” tweeted Alon Gal, the co-founder of an Israeli cybercrime intelligence company called Hudson Rock, who flagged the release of the Facebook data Saturday. Social engineering involves getting access to people’s confidential information by gaining their trust rather than overcoming technical barriers – for example, by impersonating a tech support person.
“I have yet to see Facebook acknowledging this absolute negligence of your data,” Gal tweeted. Gal said the compromised data also included Facebook IDs, full names, locations, some email addresses, relationship statuses and other details.
Facebook did not immediately respond to questions Saturday evening, but company spokeswoman Liz Bourgeois tweeted Saturday that the leak detailed by Insider involved “old data that was previously reported on in 2019.”
“We found and fixed this issue in August 2019,” Bourgeouis wrote.
Insider said a Facebook spokesperson told the news organization that the data was scraped through a now-fixed vulnerability.
The breach affected more than 533 million users spanning 106 countries, according to Insider, and includes more than 32 million records for users in the United States.
Gal told The Washington Post that the leaked database was previously sold for tens of thousands of dollars and then circulated, selling for lower prices until it finally was offered at no charge.
Early this year, Gal said, someone built a bot that gave people access to the database for a fee – a development that made the trove of data “much more worrisome,” Gal tweeted at the time. Motherboard reported in January on that peddling of access in a “low-level cybercriminal forum.”
On Saturday a user posted on a forum offering the data free.
The Post messaged the user on the app Telegram and did not immediately hear back.
Facebook – the world’s most popular social media site, with well over 2 billion users – has drawn rebukes before for its handling of people’s data. In 2019, the Federal Trade Commission fined the company $5 billion, alleging that it misled users about how third parties such as advertisers were accessing their personal information. Facebook did not have to admit guilt, but its settlement with the government included what was the largest privacy violation fine in American history.
The FTC began investigating after reports that Cambridge Analytica, a firm that worked with the campaign of former president Donald Trump, had improperly accessed names, “likes” and other information for millions of users without their knowledge.
– – –
The Washington Post’s Tony Romm contributed to this report.
Vaccine passports are new apps that will carry pieces of your health information – most critically your coronavirus vaccination status. They may soon be required to travel internationally or even to enter some buildings.
But a growing list of tech companies, governments and open-source software groups are all attempting to tackle the problem, prompting some concerns about a lack of a standard approach that would make it possible to carry around just one pass. Plus, apps would need to pull and verify your vaccination records in an easy, safe and controlled format. And wide adoption would require the majority of countries, airlines and businesses to agree on one (or two or three) accepted standards.
It’s a technical headache that is becoming only more urgent as more people get vaccinated and businesses and borders begin to reopen.
Several different organizations developing apps and tapping into government databases acknowledge how critical a common standard is. Still, many different groups are all racing to create that standard, with some overlap.
“When you think about standards, we should have one, but we have at least five organizations coming up with standards,” said Eric Piscini, the team lead for IBM’s digital health pass. “We are working with all five and will be compatible with all five.”
The Biden administration is working with companies to develop a standard way of handling the passports – or certificates, credentials or health passes, as the industry would prefer they be called – The Washington Post reported this week.
– How do vaccine passport apps actually work?
The idea is that you will be able to carry a QR code on your phone, likely within a digital wallet app, that can be scanned by airlines or venues and give you the green light to enter. The code should contain only relevant information – in most cases, just a confirmation that you have been vaccinated with an approved vaccine within a valid time frame. It is scanned, and voilà, you are in.
State public health agencies have this information. So does the pharmacy or health system where you receive a vaccine. In order for you to get a vaccine passport on your phone, you have to first access that information, verify your identity and download it in some way. Then, the apps need to create a code that can tell others that you are vaccinated.
IBM, which debuted the Excelsior app with New York state this month, created a portal within an app that directs people to sign into a New York database. There, you enter your name, date of birth and vaccination date and receive a QR code to download. That stays in an app in your phone.
To verify the code, another app has to scan it upon entry.
The CommonPass app, a digital wallet created by the Commons Project, partnered with airport security clearance company CLEAR to speed up vaccination verification at airports.
“What the health pass apps do, including CommonPass app, is evaluate your underlying health information against some set of rules,” said JP Pollak, co-founder of the Commons Project.
For example, instead of exchanging actual data, the app would look for whether the record your app holds meets the standards of the specific entry requirements on the verifier’s side. Some will require more information – the Excelsior app displays your name, date of birth and the verification, so businesses will likely need to check it against an ID.
“The idea is that verifiers will have a relationship with the Commons Project and will trust that the Commons Project is sort of interpreting information against guidelines and being correct,” Pollack added.
– How is my data secured?
This is a huge concern for developers and users of the app – after all, we are dealing with personal health information here, data that people rightfully want protected. And tech companies have not always been the most responsible with people’s information, so developers also have to overcome a trust void.
Perhaps because of this, many developers of the apps and wallets are trying make your information accessible to as few people as possible.
IBM’s app with New York allows people to connect directly to a public health database and save their information onto their phones. IBM can’t see that information, Piscini said.
“Most of the time, when we work with these employers, they do not want to see the information,” Piscini said of verifiers. “What they do is check against blockchain, and say ‘green, you can go,’ and that’s all they want to do.”
IBM is using a blockchain, or a digital ledger that stores information at many different points rather than one central spot. The app creates a hash – or a copy represented only by a unique set of numbers and letters – to store on the blockchain. Verifiers then connect to the blockchain to be able to confirm QR codes.
CommonPass also says it does not store your personal health information but instead creates a verification pass that can be shared for entry. It briefly sends your information to a server, where the health credential is created, but never stores the information, Pollak said.
“The model that we arrived at is essentially that data only ever lives at the original source,” he said. “So at the place you were vaccinated and then on your device.”
– Will I need to have different passes to get into different places?
At the beginning, probably. This is one of the most significant challenges developers are facing – there are dozens of public health vaccination databases in the United States, not to mention hundreds of health systems, pharmacies and more. The most efficient way to create a broad vaccine passport would be to pull from data sources in a uniform way, and put them into a similar format on everyone’s phones.
But to do this, there needs to be a standard protocol. One organization working on this, the Vaccine Credential Initiative (VCI), includes more than 300 organizations including Microsoft, the Mayo Clinic, Cerner, Epic, the Commons Project and more. The organization is trying to get health organizations, including major electronic medical records companies, to adopt a standard known as smart health cards.
It’s a signed version of your health records, Pollak said, that could be downloaded and then shared with a health app or wallet of your choice. VCI said this week that its implementation guides for vaccine credentials will be widely available in May.
Another consortium, the Good Health Pass Collaborative, hopes to release specifications in June, said Brian Behlendorf, general manager of blockchain, health care and identity at the Linux Foundation, a large consortium of technology companies. The foundation’s public health arm is working with Good Health Pass to create the specifications.
Health credentials should belong to individuals, not companies, Behlendorf said.
“It should work like email, where you have control,” he said. “If you switch providers you should be able to take it. It’s still yours, it’s your sense of ownership of it.”
With no common standard, the U.S. could end up with a patchwork of apps that require you to log in and recreate vaccine verification codes at different businesses and entry points.
– What if I don’t want to use an app?
For people who don’t have a smartphone, don’t easily have access to the Internet or prefer not to use an app, passes will still be available in paper form. Several organizations working on creating digital passes are also making sure the QR codes can be printed out or obtained in person.
Paper vaccination cards have been issued by health organizations for travel and other uses for decades. Why do we need digital versions now?
Developers point to the increased digitization of everything in society – many people prefer using their phones over paper documents. But developers also say that digital passports will make verifying vaccination records faster and more secure. It’s harder to lose, and may be harder to create a fake copy of a digital record.
Gartner analyst Donna Medeiros pointed to the need for long lines of people, perhaps at airports, to carry similar passes so they can all be scanned using the same machine.
“It’s going to speed up our process to have health passports overall,” she said.
Jenny Wanger, director of programs at the Linux Foundation Public Health, compared the issue to showing a bouncer at a bar a driver’s license. All the bouncer needs to see is that you are over 21 years old, and your picture matches. But they also get to see your address, weight and other identifying information.
With a digital option, Wanger said, the idea is that people will get to pick and choose what they show each entity, depending on the entrance requirements.
But digital records can also be faked. Israel’s Green Pass, one of the world’s first digital coronavirus vaccination passes to launch, faced hurdles in February when cybersecurity experts pointed out the passes could be copied and a market for counterfeit passes popped up online, according to the Times of Israel. The government said it would secure the passes and issue updated versions.
Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, says that while the application can “absolutely be made in a secure way” there will always be one weak point the hacker could exploit: the user. Without a central way to verify the phone user’s identity in real time, there’s always a chance that someone could have fraudulently obtained a vaccine pass through identity theft or other means.
He added that passes would be secure once they are in a digital wallet.
“If you’re looking to do the sort the bare minimum, which might be required for legal and liability purposes to get people into a sporting event, this is probably enough,” he said. “But is it going to be a foolproof system or a hacker-proof system or a system that is impossible to penetrate with forgeries? Absolutely not.”
– How widespread will these be?
It’s unclear how prevalent it will be to require a vaccine passport for entry, or how long-lasting the trend will become. But the initial interest from governments, airlines and even some private venues shows no sign of abating.
Travelers to some countries are already using vaccine passports, and Madison Square Garden said it will try out New York’s app.
Still, there was a lot of initial interest for tech to get involved in contact tracing at the beginning of the pandemic. Apple and Google created protocols for the practice, but it was only used in a patchwork manner in a few states.
“We had a big thing around contact tracing and I really like the system we built – but no one used it,” said Matt Green, a cryptography and security expert who is an associate professor at the Johns Hopkins Information Security Institute. “I’m a little skeptical.”
That’s part of the reason many industry groups hope the federal government gets involved and issues guidelines for vaccine passports. They are also trying to tiptoe around the increasing politicization of vaccine passports.
“This technology is coming down the line no matter what, and there is a right way and a wrong way to do it and we want to make sure it’s done the right way,” Wanger said.
Breathing in Bangkok’s Makkasan area gets easier thanks to new air-purification tower
Apr 01. 2021
By THE NATION
In a bid to tackle rising air pollution and intensifying PM2.5 issues, MQDC’s Research and Innovation for Sustainability Centre (RISC) has put up a second air-purification tower, “Fahsai 2”, at Bangkok’s Makkasan Airport Rail Link station.
The first Fahsai tower had been installed at the 101 True Digital Park in 2020.
Fahsai 2 aims to ease air pollution, especially PM2.5 or dust particles smaller than 2.5 micrometres in diameter and kill airborne germs.
Assoc Prof Dr Singh Intrachooto, chief adviser to RISC, said the research centre is following its “sustainnovation” principle for the well-being of all life. Fahsai 2 is being launched along the lines of the UN’s Sustainable Development Goals (SDGs) for good health and well-being, clean water and sanitation, sustainable cities and communities, and life on land.
“RISC does not just serve MQDC projects but is also open to the public. Hence, we developed the first Fahsai tower in 2020. Then Covid-19 arrived, immediately sparking research to develop another tower that can also combat bacteria and viruses. We intend to keep developing to meet demand and have experimented and achieved the requisite efficiency. We hope to be part of solving air pollution in many areas,” Dr Singh said.
Napol Kieatkongmanee, a senior researcher and co-developer at RISC, said Fahsai 2 is run on a hybrid system, with solar panels during the day. It is an improvement on the first tower as it has the enhanced ability to kill bacteria, fungi and viruses with UV rays and ozone.
“The new tower has bigger capacity, and now covers a total of 120,000 cubic metres per hour, or an area of about one football field. The machine is also more compact, only 5.1 metres in height and 2.4m in width to allow easier access and installation and lower construction costs. The fan has been repositioned to prevent reverse airflow,” Napol said.
“The moisture trap in the air outlet has been redesigned to prevent water from being blown out. The solar panels have an adjustable design to clean air further and more effectively. The solar panels unfold to collect sunlight during the day and shut at night when the area is lit up for safety.
“Fahsai 2 can help mitigate PM2.5 air pollution and dust and help create a sustainable environment for people under RISC’s ‘sustainnovation’ principle,” he added.
Facebook comes out with ‘improved’ features, transparency
Apr 01. 2021
By THE NATION
Facebook is introducing a new tool on Thursday to give users more control over what they share to their News Feed by managing who can comment on public posts, the social media platform said in a press release.
Users can control comments from their audience for a given public post by choosing from a menu of options ranging from anyone who can see the post to only the people and pages they tag.
The new feature gives users, public figures, creators and brands further control of who can interact with their public posts and limit potentially unwanted interactions and help engage in more meaningful conversations with communities, the platform said.
This new tool is part of a suite of recent product changes to help users more easily identify and engage with the friends and pages they care most about and ensure that they’re easy to find and to use, it said. This includes features such as:
Favourites: you can control and prioritise posts from friends and pages you care about most in your News Feed. By selecting up to 30 friends and pages to include in Favourites, their posts will appear higher in the ranked News Feed and can also be viewed as a separate filter.
Feed Filter Bar: a new menu at the top of News Feed offers easier access to filtering posts by Most Recent too, making it simpler to switch between an algorithmically ranked News Feed and a feed sorted chronologically with the newest posts first.
Snooze: you now can temporarily hide posts from a person, page, or group.
“Why am I seeing this?” How News Feed works:
Facebook is also providing more context around the content suggested in News Feed by expanding its “Why am I seeing this?” feature.
To help users discover new and relevant content, Facebook typically suggests posts in the News Feed from pages and groups that you don’t already follow but may be interested in.
These post suggestions are primarily based on factors such as post-engagement, where users have previously interacted with a page or group; related topics, where Facebook may suggest posts from a similar topic to those previously engaged with, and location, where users may see a suggested post based on where they are and what people nearby are interacting with.
The expansion of the ‘Why am I seeing this?” feature means users will be able to tap on posts from the friends, pages, and groups they follow as well as suggested posts and get more context on why they’re appearing in the News Feed.
Facebook also said that to update what you want to see and how you share to your News Feed, check out your News Feed preferences and privacy settings in the app and adjust them to your liking.
As Google ends cookies, ad industry has an alternative
Apr 01. 2021
By Syndication Washington Post, Bloomberg · Aoife White
Digital advertisers are pushing an alternative to web cookies that competes with a Google proposal, the latest industry effort to adjust to new curbs on how personal data is used online.
A group of ad executives and lawyers detailed an anonymous identifier on Wednesday that lets people control what ads they see on the web. The technology, called SWAN, is supported by ad-tech companies including PubMatic Inc., OpenX and Zeta Global Corp.
There’s now a 60-day public-comment period when marketers, publishers and others in the industry can try out the system before it launches in the summer.
Google upended the sector when it announced plans last year to end third-party cookies that advertisers rely on to track users and measure the performance of digital marketing campaigns. The move is being examined by antitrust regulators.
The withdrawal of third-party cookies leaves a vacuum that SWAN can plug and “address problems that we all see with the unfettered” use of data for advertising, said James Rosewell, a tech entrepreneur who helped found the project in early 2020. He describes it as a new utility for publishers and advertisers that don’t want to rely on Google.
Google’s new plan, known as FLoC, replaces third-party cookies with a system that puts users into groups, or cohorts, based on common interests. Users can opt out.
SWAN works differently. When people first visit a website in the SWAN network, they will be asked to give consent for all publishers that use SWAN to show them ads. Personalized ads is one option, but not required. User preferences are then stored in the SWAN network registry and shared with other SWAN participants so individuals’ access to online content continues uninterrupted. People can change preferences anytime on any of the websites and that will be automatically updated for all sites in the network.
Thai researchers develop overnight-dialysis machine to cut treatment time, costs
Mar 31. 2021
By The NationResearchers at the National Science and Technology Development Agency (NSTDA) have unveiled a breakthrough for patients with chronic kidney disease who need dialysis or haemodialysis.
The NSTDA’s Automated Peritoneal Dialysis Machine reduces the time and cost of dialysis for patients while also making it far more convenient.
“In traditional peritoneal dialysis, patients have to undergo dialysis three to four times a day, which may not be convenient,” Dr Decho Surangsrirat, senior researcher at NSTDA’s Assistive Technology and Medical Devices Research Centre (A-MED), explained.
“The automatic peritoneal dialysis machine developed by the NSTDA research team has an automatic dialysis solution exchange control system. It can work automatically at night during sleep, with the patient only wired up once before going to bed, making dialysis more convenient so they can spend the day studying or doing various activities.”
Peritoneal dialysis uses a tube inserted into the peritoneum in a person’s abdomen to remove excess fluid, correct electrolyte problems, and remove toxins in those with kidney failure.
Dr Decho added that his research team had developed a third-generation automatic peritoneal dialysis machine which will be registered with the Food and Drug Administration (FDA).
The second-generation machine has already passed Electrical and Electronic Product Testing Centre (PTEC) standards and is undergoing pilot trials at Thammasat University’s Faculty of Medicine. The third-generation machine features a more efficient delivery and drainage system, including a connection upgrade with mobile phone applications and online systems that send results to the doctor immediately.
The research team is now working with the private sector to develop a business model that gives patients full access to the machine.
In Thailand, 17.5 per cent of the population (11.6 million people) suffer from chronic kidney disease – a figure that is increasing every year. The medical costs for patients with end-stage kidney failure are at least Bt200,000 per person per year.
Automating the enterprise to thrive in your digital transformation journey
Mar 31. 2021
By Kawinthorn Bhutrakul Special to The NationToday’s businesses are challenged to move faster than ever before and often with less resources – both budget and personnel. That challenge has grown since mid-2020, with workforces going remote during Covid, which has led IT departments to re-evaluate how they can support their customers and grow their business in uncertain times. Automation may be the solution and the underutilised tool in their technological toolbox.
Business automation: begin with a definition
Traditionally, technologies such as business process management (BPM), decision management and complex event processing (CEP) were used to drive greater efficiencies and control costs across the organisation; however, these technologies are now finding their place as a key enabler for digital transformation. By aligning these technologies with modern, cloud-native application development tools and practices, organisations are able to bring new applications to market faster. Ultimately, it’s about enabling business users and application developers to work together more seamlessly so that the organisation can respond to changes in the world with greater agility and effectiveness.
Automation’s role in digital transformation
Although the need for digital transformation varies widely based on an organisation’s specific challenges and demands, it is the key strategy for thriving in today’s market environment, and it requires both business and IT leaders to partner together. In an IDC study sponsored by Red Hat, 86 per cent of IT professionals said, “automation is very important or mission-critical to my future cloud strategy”. An enterprise-wide approach to automation should include strategies to transform the way people, processes, and platforms work together. This enables organisations to manage complex environments more easily, gain visibility into your operations, and integrate new technology and processes more effectively.
Case study: Ascend Money
A good example of automation’s value is Thailand’s own Ascend Money. As Asia’s largest financial technology company, it serves more than 40 million people in six countries. Rapid growth through acquisitions meant that teams in each country had different approaches to developing and deploying digital applications, preventing efficient collaboration. The company wanted to gain efficiency by building a central app development and deployment platform. Ascend Money standardised app delivery and processes on Red Hat’s OpenShift Container Platform, based on Kubernetes container orchestration technology. With the help of Ansible automation, Ascend Money can now more easily expand business products and services to quickly meet customer demand.
Another automation example from Asean’s public sector is Malaysia’s social security organisation, Perkeso. It is using Red Hat Process Automation to reduce operational costs and extend the availability of its services. With the help of process automation, more than 400,000 employers can now submit contributions and make payments via Perkeso’s new digital channels, instead of having to visit a physical branch. This not only helps Perkeso to better serve existing customers, it also means that employees in new sectors, such as drivers working for e-hailing services, are now protected under federal regulations.
Automation to drive business innovation
Expanding automation for an activity or set of tasks means less time spent manually performing those tasks. IT teams can implement new processes – create DevOps and DevSecOps, and enable them to make new applications and update at speed and at scale.
Automation also enables self-service and delegation. As people work in new configurations – like we do now with vast swathes of employees working remotely – we’re all under resource and time pressures. Delegation and self-service are vital to address these new challenges. Microsoft used automation to transform how they manage networks and network automation within their partner ecosystem of hardware vendors, different technologies and multi-vendor requirements. Working with Red Hat Ansible Automation Platform’s community, Microsoft drove network advancements for its enterprise clients.
Teams also cannot write code and create products without governance. Without the adequate layers of review and oversight, organisations run the risk of leaving open security vulnerabilities and configurations. This can pull valuable resources, time and money to solve problems that do not need to be there in the first place. Governance about “who’s allowed to do what”, especially in economies and businesses in Asean that are leapfrogging technology, is important when considering automation.
Up next: AI-driven automation
Automation has become an essential element of an organisation’s modernisation and digital transformation strategy, more so than ever before. Today, it is the answer to IT talent shortage and the constant pressure for agile innovation. The benefits are compelling. It improves accountability, efficiency and predictability while reducing cost, variability and risk. As a result, more and more enterprises are taking advantage of automation, making it a key business enabler for today’s fast-paced digital economy.
The technologies and use cases surrounding business automation continue to evolve, driven by macro-level trends such as the confluence of automation and application intelligence, the rise of the citizen developer, the impact of new cloud-native development and deployment paradigms like microservices and containers, and more.
As technology leaders evaluate the best route for driving business agility, they should also look for solutions that allow users to manage policy, enforcement and processes at the domain level. Solving problems at the same time and in one place allows for easy scalability, while freeing up bandwidth to focus on more strategic initiatives. If adaptation was a goal for 2020, then organisations should consider business automation in their 2021 digital transformation roadmaps in order to level-up.
Kawinthorn Bhutrakul is country manager at Red Hat Thailand.
For Elon Musk’s SpaceX Starship program more smoke, fire and shrapnel
Mar 31. 2021Elon Musk
By The Washington Post · Christian Davenport
Elon Musk’s latest attempt to land the prototype of a rocket that he hopes will someday fly people to the moon and Mars exploded Tuesday, sending debris crashing to the ground in the latest fiery setback in a test campaign designed to push the limits.
The SpaceX Starship spacecraft lifted off from its launchpad in South Texas at about 9 a.m. Eastern time in dense fog and cruised to an altitude of about six miles under the power of three engines. As it had done previously, the rocket prototype then shut off its engines, flipped horizontally and started falling back to Earth.
The spacecraft, dubbed Serial Number 11, or SN11, was supposed to then reorient itself, restart its engines and then touch down softly on a landing pad. But at some point, the vehicle blew up, and John Insprucker, SpaceX’s principal integration engineer, said the company “lost all the data from the vehicle.”
He added, for viewers watching a frozen image of the spacecraft’s engines on the screen: “Starship 11 is not coming back. Don’t wait for the landing.”
On a webcast provided by NASAspaceflight.com, a space news website that carries the Starship flights, debris could be seen crashing down. And SpaceX CEO Musk tweeted, “At least the crater is in the right place!” He added that “a high production rate solves many ills,” meaning the next prototype should be ready before too long and the company would try again.
To ensure people’s safety in the event of an explosion, the Federal Aviation Administration requires SpaceX to evacuate the nearby village and keep people miles away from the launch and landing site. Nearby roads are closed, and local law enforcement help secure a wide safety zone around the area. There were no reports of injuries.
The landing attempt was SpaceX’s fourth try since December, when a series of Starships launched successfully, fell back toward the landing site, but exploded on the ground. The test campaign is designed to push the limits and gather a lot of data quickly so the company can iterate and try again.
Musk has said he wants Starship to reach orbit by the end of this year. NASA has awarded SpaceX a $135 million contract to help develop Starship so that it might fly astronauts to the moon as part of its Artemis program.
The flight came days after Rep. Peter DeFazio, D-Ore., the chairman of the House Transportation and Infrastructure Committee and Rep. Rick Larsen, D-Wash., chairman of the aviation subcommittee, wrote in a letter that they were concerned about “the pressure exerted on the FAA during high profile launches. While the commercial space transportation sector is crucial to our Nation’s future, at no point should a commercial space launch jeopardize public safety.”
They were referring to a tweet by Musk in January, when he took aim at the FAA, saying it moves too slowly and is too bureaucratic.
“Unlike its aircraft division, which is fine, the FAA space division has a fundamentally broken regulatory structure,” he wrote. “Their rules are meant for a handful of expendable launches per year from a few government facilities. Under those rules, humanity will never get to Mars.”
In December, SpaceX had sought a waiver from the FAA that would have allowed it “to exceed the maximum public risk allowed by federal safety regulations,” the agency said at the time.
The waiver was denied, but SpaceX proceeded with the flight anyway, violating its launch license and, industry officials said, potentially putting the public at risk.
The FAA directed SpaceX to conduct an internal investigation. But in the letter to Steve Dickson, the administrator of the Federal Aviation Administration, DeFazio and Larsen wrote they were “disappointed that the FAA declined to conduct an independent review of the event and, to the best of our knowledge, has not pursued any form of enforcement action.”
They urged the agency to “resist any potential undue influence on launch safety decision-making” and “establish explicitly a strict policy to deal with violations of FAA launch and reentry licenses, which must include full enforcement of agency regulations and civil penalties.”
Three previous Starship prototypes exploded in massive fireballs that sent smoke billowing into the air. In December, SN8 crash landed in what Musk called an “awesome test.” But that touched off the tussle with the FAA.
After the FAA approved SpaceX’s remedies, it granted the company approval to launch again. That flight, of Starship SN9, also hit hard and exploded.
Still, it was another great flight,” Insprucker, SpaceX’s principal integration engineer, said during a broadcast of the event. But, he added, “we need to work on that landing a little bit.”
A month later, SpaceX was at it again, this time with SN10. This time, it reached its apogee, or highest point, of about six miles, shut off its engines and fell gracefully in a “belly flop” or horizontal position. Then, shortly before reaching the ground, it flipped back to vertical and fired its engines. It landed, bounced, but appeared to stick the landing – at least for a while.
“Third time’s a charm, as the saying goes,” Insprucker said on the broadcast. “A beautiful soft landing on the landing pad.
But the vehicle was visibly leaning and after a little more than eight minutes, it exploded.
After all of the explosions, the FAA, which is charged with promoting the space industry but also protecting people and property on the ground, oversaw investigations with SpaceX.
The investigation into the SN10 “mishap,” as the FAA calls it, remains open, the agency said Friday. But it found “no safety concerns in the preliminary SN10 mishap report that would preclude further launches,” so SpaceX was cleared to proceed with the flight test Friday.
As the commercial space industry grows and embraces a culture of testing to failure and then iterating quickly to remedy errors, the FAA has been busy. So far, it has investigated six mishaps this fiscal year, Dickson said this week. That includes the Starship crashes, a SpaceX Falcon 9 rocket that missed its landing site on an autonomous boat in the ocean, as well as an aborted flight from Virgin Galactic and a launch in Alaska by start-up space company Astra that just missed making orbit in December.
Some of the mishaps “ended in spectacular fireballs and went viral on social media,” Dickson said. “But all six of these were successful failures because we were able to protect public safety.”
Together, we can help all Temples in Thailand to go Digital in 2021
Mar 26. 2021
By The Nation (sponsored news)
Bangkok, 26 March 2021 – “Digital Temple Thailand” is a collaborative project between the National Office of Buddhism (ONAB) and IsWhere, a Singapore company. The goal of the venture is to digitize information from Thailand’s 40,000 temples scattered across all the 77 provinces. Thai and foreign Buddhist devotees can learn more about temple and prayer activities happening on the temple grounds safely from their homes prior to venturing out to visit a temple and making merit. The technology platform has been provided free of charge for the temples to use by IsWhere and will incorporate the latest online and cloud-based services. New digital services like Online Donations and Prayers will also be offered to make merit giving easier and safer for all Buddhists during the pandemic and provide a convenient service for the future of Thailand’s temples in this new digital society.
The Digital Temple Thailand national launch will occur once the COVID situation in Thailand stabilizes, however IsWhere platform is already in use with Nakhon Pathom Province of Buddhism, and another 16 provinces coming online in the next months.
Although the technology is offered free of charge for the temples, the cost of operating and servicing Digital Temple Thailand for the benefit of devotees will need to be covered by “sponsors”. IsWhere is therefore seeking help from Thais, foreigner’s and corporates to help sponsor this historical project to launch nationwide over the coming months.
Buddhist devotees, consumers or corporates wishing to sponsor and support this project can visit iswhere.com for more details. Prominent Thai Corporations are enthusiastically joining and supporting the Digital Temple Thailand project including:
Mr.Jatuphat Tangkaravakoon, CEO of TOA Paint (Thailand) PCL. One of the organizations that focus on the development of innovation and technology in tandem with the community. said that in an age where everything is evolving rapidly and never stop. “It is inevitable that digital technology plays a role in our new daily life and work. Including the introduction of digital technology used to spread and inherit Buddhism to make it easier to access our daily life. Making Buddhism as the national religion will remain a place to hold the minds of Buddhists forever. Therefore, it is a good chance that TOA has been a part of this historic project and we encourage more companies to come on board to help the success of this project.”
Huawei, President of Cloud&AI APAC Mr.Daniel Zhou, “In supporting digital temple project, Huawei is supplying cloud technology and other technologies which can handle high traffic usage from millions of IsWhere’s user. Huawei is happy to be a part of this project for the Thais and Corporations in Thailand for a successful of platform launch.
Mr.Terence Mak, Founder & CEO of IsWhere, said: “We welcome sponsors to help us roll out the technology to make this historical project a success for all the temples across Thailand. IsWhere technology can also be used to support other industries in Thailand such as F&B, Travel, Retail and Services. Merchants who wish to join us for this upcoming launch of the Digital Temple in later 2021 are welcome to register on iswhere.com.
Interested in sponsorship? Please contact K. Metee Veerapat at metee@iswhere.com or Tel. 098-641-5144
Trust no one becomes cyber mantra after massive hacking attacks
Mar 26. 2021A person typing at a backlit computer keyboard in Danbury, U.K., on Tuesday, Dec. 29, 2020. In the spring, hackers managed to insert malicious code into a software product from an IT provider called SolarWinds, whose client list includes 300,000 institutions. MUST CREDIT: Bloomberg photo by Chris Ratcliffe
By Syndication Washington Post, Bloomberg · Alyza Sebenius, Kartikay Mehrotra
Researcher John Kindervag published a paper about a decade ago that argued administrators of sensitive computer networks shouldn’t trust anyone on their networks, regardless of their title.
It’s not good enough simply to try to keep bad guys out of your network, he argued. You also have to put strict limits on the people already inside, thus the shorthand for the security model: “zero trust.”
“People told me I was crazy,” Kindervag said of the 2010 report. But the cybersecurity approach has slowly gained followers over the years, as government agencies and private businesses have been continually pummeled by computer hacks.
Now, in the wake of two massive cyber-attacks that exposed glaring deficiencies in U.S. defenses, government officials and cybersecurity practitioners are saying zero trust may be the way to stop the cyber mayhem. In February, the National Security Agency issued guidance urging the owners of networks related to national security and critical infrastructure to adopt zero trust.
In many existing computer networks, once an individual has logged into the system, they can move freely and access information without further verification. It’s what some cybersecurity experts describe as a “castle and moat” approach, protecting perimeter security by investing in firewalls, proxy servers and other intrusion prevention tools and assuming activity inside the castle walls is mostly safe.
Zero trust takes a different approach, assuming that anyone that logs on is suspicious and preventing them from moving freely through the system — such as accessing the other devices and networks connected to it — without authenticating their credentials for each additional connection.
In other words, zero trust “reduces or prevents lateral movement and privilege escalation,” said George Kurtz, the chief executive officer of the cybersecurity firm Crowdstrike Holdings, speaking at a February congressional hearing.
The embrace of zero trust has occurred in part because of U.S. failures to prevent major breaches linked to Russia and China. For example, following the 2015 revelation that Chinese hackers had breached the U.S. Office of Personnel Management, stealing sensitive security clearance data on millions of Americans, a congressional report called for adding the zero trust model to government networks. But so far, more than a half a decade later, zero trust remains an aspirational goal across much of the U.S. government.
But calls for zero trust accelerated in recent months after suspected Russian hackers compromised popular software from Texas-based firm SolarWinds. In that highly sophisticated attack, which was disclosed in December, the hackers inserted malicious code into updates for SolarWinds software, which was received by as many as 18,000 of its customers. At least nine government agencies and 100 private companies were targeted by the hackers for further infiltration.
The other major cyberattack, disclosed this month and linked to China, exploited vulnerabilities in Microsoft’s software for email. Hackers used flaws in the code of Microsoft Exchange to break into tens of thousands of organizations, according to cybersecurity experts.
Zero trust may not have blocked the hacks, experts said, but they likely would have limited the damage. At the very least, the security measure would have have given the U.S. a better chance to detect the attackers’ movements, keeping them from traveling as freely across government and private sector networks.
At a March 18 hearing on the SolarWinds attack, U.S. Chief Information Security Officer Christopher DeRusha said he is working with U.S. government agencies to implement zero trust because it “prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident.” In addition, Microsoft, which has advocated for zero trust, found that targeted victims in the SolarWinds attack whose systems had embraced the model were more resilient following the attack, according to the company’s director of identity security, Alex Weinert.
But adopting a zero trust model can be costly and time consuming. In extreme instances, it may require organizations to rip out existing computer equipment and replace it — to make certain there isn’t any malware hidden deep inside the network.
“If U.S. government investigators can’t pinpoint each agency’s exposure to the malware, it may be forced to assume that most every department within the federal government has been compromised. This scenario would produce the daunting, perhaps impossible task of purging all malware from federal networks,” said John Bambenek, a cybersecurity investigator. “Eradicating the Russian malware would require agencies to rip and replace their network infrastructure.”
But given the persistent threats from adversaries, the U.S. government may not have years to find a fix. As a result, a more likely outcome for its networks may be some sort of compromise, adding zero trust where possible and relying on less drastic cybersecurity fixes elsewhere, including encrypting data, fully staffing cyber positions and ensuring that only a small number of individuals have access to highly sensitive information.
“Zero trust is the buzzword du jour,” said James Lewis, who serves senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies. But he added that ripping out and replacing networks seems impractical. “We haven’t done the basics. So, why immediately go to the nuclear option?”
Since publishing his paper, Kindervag, who now works at the cybersecurity company On2it, which describes itself as “zero trust innovators,” has continued to promote his approach across the public and private sector. But he, too, recommends a gradual approach.
“You don’t secure a road by ripping out a road and putting a new road in. You figure out how to put stoplights in, or you figure out how to change the exit ramps,” he said. “We need to do the same thing with networks and not do things that will never happen–but do things that we can accomplish using the people and technologies we have today.”
.jpg)
Elon Musk
.jpg)
.jpg)
.jpg)
A person typing at a backlit computer keyboard in Danbury, U.K., on Tuesday, Dec. 29, 2020. In the spring, hackers managed to insert malicious code into a software product from an IT provider called SolarWinds, whose client list includes 300,000 institutions. MUST CREDIT: Bloomberg photo by Chris Ratcliffe
SootinClaimon.Com 