0 Commentaires
0 Parts
1 Vue
Annuaire
Annuaire
-
Connectez-vous pour aimer, partager et commenter!
-
WWW.WSJ.COMThese Startups Are Finally Bringing EV Chargers to Americas CitiesThe lack of charging infrastructure is the biggest barrier to owning an electric car in many urban areas. New York City startups aim to install curbside solutions to address charge anxiety.0 Commentaires 0 Parts 1 Vue
-
WWW.WSJ.COMArts Calendar: Happenings for the Week of November 24Moana 2 sees the titular heroine set sail again, Michael Fassbender plays an international spy in The Agency, George Balanchines the Nutcracker ushers in the holiday season, and more.0 Commentaires 0 Parts 1 Vue
-
ARSTECHNICA.COMSpies hack Wi-Fi networks in far-off land to launch attack on target next doorcompromised Wi-Fi Spies hack Wi-Fi networks in far-off land to launch attack on target next door Nearest Neighbor Attack finally lets Russias Fancy Bear into targets Wi-Fi network. Dan Goodin Nov 22, 2024 9:03 pm | 39 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreOne of 2024's coolest hacking tales occurred two years ago, but it wasn't revealed to the public until Friday at the Cyberwarcon conference in Arlington, Virginia. Hackers with ties to Fancy Bearthe spy agency operated by Russias GRUbroke into the network of a high-value target after first compromising a Wi-Fi-enabled device in a nearby building and using it to exploit compromised accounts on the targets Wi-Fi network.The attack, from a group security firm Volexity calls GruesomeLarch, shows the boundless lengths well-resourced hackers will take to hack high-value targets, presumably only after earlier hack attempts havent worked. When the GruesomeLarch cabal couldnt get into the target network using easier methods, they hacked a Wi-Fi-enabled device in a nearby building and used it to breach the targets network next door. After the first neighbors network was disinfected, the hackers successfully performed the same attack on a device of a second neighbor.Too close for comfortThis is a fascinating attack where a foreign adversary essentially conducted a close access operation while being physically quite far away, Steven Adair, a researcher and the president of Volexity, wrote in an email. They were able to launch an attack that historically had required being in close proximity to the target but found a way to conduct it in a way which completely eliminated the risk of them being caught in the real world.While stalking its target, GruesomeLarch performed credential-stuffing attacks that compromised the passwords of several accounts on a web service platform used by the organization's employees. Two-factor authentication enforced on the platform, however, prevented the attackers from compromising the accounts.So GruesomeLarch found devices in physically adjacent locations, compromised them, and used them to probe the targets Wi-Fi network. It turned out credentials for the compromised web services accounts also worked for accounts on the Wi-Fi network, only no 2FA was required.Adding further flourish, the attackers hacked one of the neighboring Wi-Fi-enabled devices by exploiting what in early 2022 was a zero-day vulnerability in the Microsoft Windows Print Spooler. Credit: Volexity The 2022 hack demonstrates how a single faulty assumption can undo an otherwise effective defense. For whatever reasonlikely an assumption that 2FA on the Wi-Fi network was unnecessary because attacks required close proximitythe target deployed 2FA on the Internet-connecting web services platform (Adair isnt saying what type) but not on the Wi-Fi network. That one oversight ultimately torpedoed a robust security practice.Advanced persistent threat groups like GruesomeLarcha part of the much larger GRU APT with names including Fancy Bear, APT28, Forrest Blizzard, and Sofacyexcel in finding and exploiting these sorts of oversights.Volexitys post describing the 2022 attack provides plenty of technical details about the compromise on the many links in this sophisticated daisy chain attack flow. Theres also useful advice for protecting networks against these sorts of compromises.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 39 Comments Staff Picksffuzzyfuzzyfungus I don't think we're cool enough to be worth the trouble; but there's another incentive to swap out MSCHAPv2 and get certs in place....With the more banal reason being that MS is not getting any less shy about Credential Guard moving toward breaking PEAP-MSCHAPv2. November 23, 2024 at 2:36 am0 Commentaires 0 Parts 1 Vue
-
ARSTECHNICA.COMAmazon pours another $4B into Anthropic, OpenAIs biggest rivallet the billions fly Amazon pours another $4B into Anthropic, OpenAIs biggest rival Amazon has now committed $8 billion to AI startup that makes a key ChatGPT competitor. Benj Edwards Nov 22, 2024 2:32 pm | 39 Dario Amodei, co-founder and chief executive officer of Anthropic, during the Bloomberg Technology Summit in San Francisco, California, US, on Thursday, May 9, 2024. Credit: Bloomberg via Getty Images Dario Amodei, co-founder and chief executive officer of Anthropic, during the Bloomberg Technology Summit in San Francisco, California, US, on Thursday, May 9, 2024. Credit: Bloomberg via Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreOn Friday, Anthropic announced that Amazon has increased its investment in the AI startup by $4 billion, bringing its total stake to $8 billion while maintaining its minority investor position. Anthropic makes Claude, an AI assistant rival to OpenAI's ChatGPT.One reason behind the deal involves chips. The computing demands of training large AI models have made access to specialized processors a requirement for AI companies. While Nvidia currently dominates the AI chip market with customers that include most major tech companies, some cloud providers like Amazon have begun developing their own AI-specific processors.Under the agreement, Anthropic will train and deploy its foundation models using Amazon's custom-built Trainium (for training AI models) and its Inferentia chips (for AI inference, the term for running trained models). The company will also work with Amazon's Annapurna Labs division to advance processor development for AI applications.Reportedly, Anthropic has also been assisting Amazon with developing a new version of its Alexa AI assistant since August based on Anthropic's Claude AI language model. However, snags with security issues and latency have delayed the launch.Anthropic, founded by former OpenAI executives Dario and Daniela Amodei in 2021, will continue using Google's cloud services along with Amazon's infrastructure. The UK Competition and Markets Authority reviewed Amazon's partnership with Anthropic earlier this year and ultimately determined it did not have jurisdiction to investigate further, clearing the way for the partnership to continue.Shaking the money treeAmazon's renewed investment in Anthropic also comes during a time of intense competition between cloud providers Amazon, Microsoft, and Google. Each company has made strategic partnerships with AI model developersMicrosoft with OpenAI (to the tune of $13 billion), Google with Anthropic (committing $2 billion over time), for example. These investments also encourage the use of each company's data centers as demand for AI grows.The size of these investments reflects the current state of AI development. OpenAI raised an additional $6.6 billion in October, potentially valuing the company at $157 billion. Anthropic has been eyeballing a $40 billion valuation during a recent investment round.Training and running AI models is very expensive. While Google and Meta have their own profitable mainline businesses that can subsidize AI development, dedicated AI firms like OpenAI and Anthropic need constant infusions of cash to stay afloatin other words, this won't be the last time we hear of billion-dollar-scale AI investments from Big Tech.Benj EdwardsSenior AI ReporterBenj EdwardsSenior AI Reporter Benj Edwards is Ars Technica's Senior AI Reporter and founder of the site's dedicated AI beat in 2022. He's also a tech historian with almost two decades of experience. In his free time, he writes and records music, collects vintage computers, and enjoys nature. He lives in Raleigh, NC. 39 Comments0 Commentaires 0 Parts 1 Vue
-
WWW.NEWSCIENTIST.COMIBM entangled two quantum chips to work together for the first timeAn artists impression of IBMs Eagle quantum processing unitIBMIBM has made a significant advance on the road to larger and more powerful quantum computers by linking two such devices together and performing calculations beyond the capabilities of either alone. The result is a positive sign that the companys bet on a modular approach to scaling up quantum computers is feasible.Quantum computers promise to be able to solve certain problems much faster than conventional devices, but major hurdles remain, including making the computers large enough while reducing errors. Various research groups and companies are taking different approaches to0 Commentaires 0 Parts 2 Vue
-
WWW.NATURE.COMDNA need not apply: Books in briefNature, Published online: 22 November 2024; doi:10.1038/d41586-024-03863-8Andrew Robinson reviews five of the best science picks.0 Commentaires 0 Parts 2 Vue
-
WWW.NATURE.COMThis dwarf planet might have its very own ice volcanoNature, Published online: 22 November 2024; doi:10.1038/d41586-024-03856-7Relatively warm regions of the object called Makemake could also be explained by a dusty planetary ring.0 Commentaires 0 Parts 2 Vue
-
WWW.BUSINESSINSIDER.COMI made Dolly Parton's sweet potato casserole for Friendsgiving. It disappeared within minutes.Dolly Parton makes her sweet potato casserole with a nutty twist.Ingredients for Dolly Parton's sweet potato casserole. Anneta Konstantinides/Business Insider To make Parton and her sister's sweet potato casserole at home, you'll need:5 large sweet potatoes, peeled and quartered2 cups miniature marshmallows cup chopped raw pecans cup light brown sugar, packed cup (1 stick) butter at room temperature, plus more for greasing1 teaspoon vanilla extract1 teaspoon salt1 teaspoon ground cinnamon First, I preheated the oven and prepped my potatoes and baking pan.I quartered my sweet potatoes after peeling them. Anneta Konstantinides/Business Insider I set the oven to 350 degrees Fahrenheit and buttered a 9-inch by 13-inch pan, per Parton's instructions.I also washed, peeled, and quartered my sweet potatoes. I placed my sweet potatoes in a large pot and covered them with cold water.I cooked the potatoes for 20 minutes. Anneta Konstantinides/Business Insider I brought the pot to a boil over high heat, then lowered the heat to maintain a low boil for 20 minutes while the potatoes cooked.Parton said you'll know the potatoes are ready when they're "fork tender."I drained the potatoes, placed them in a large bowl, and added the butter and seasonings.Seasoning my sweet potatoes. Anneta Konstantinides/Business Insider I threw in the brown sugar, vanilla, salt, cinnamon, and butter, adding the latter in knobs so it'd be easy to mix. Then, it was time to mash.My mashed sweet potatoes. Anneta Konstantinides/Business Insider Parton recommends using a potato masher to mix the ingredients until they're "well combined," but I don't own one, so I simply used a big wooden fork. It worked like a charm.I transferred my mashed sweet potatoes to the baking pan, smoothing the top.I covered the top of the pan with marshmallows, as Dolly instructed. Anneta Konstantinides/Business Insider I sprinkled the pecans before evenly covering the casserole with my miniature marshmallows. I covered my pan with aluminum foil and threw it in the oven.My covered pan. Anneta Konstantinides/Business Insider Parton says you should bake your sweet potato casserole for 20 minutes.Once the 20 minutes were up, I removed the foil and baked the sweet potato casserole for five more minutes.My sweet potato casserole after 20 minutes in the oven. Anneta Konstantinides/Business Insider Parton says your marshmallows should be "golden brown" once the five minutes are up. My marshmallows were still white as snow, so I turned on the broiler and baked the casserole for two additional minutes to give them some color. I let my sweet potato casserole cool for 15 minutes before serving, per Parton's recommendation. Then, everyone dug in!I would make Dolly Parton's sweet potato casserole again, with one little tweak. Anneta Konstantinides/Business Insider I was slightly disappointed when the sweet potato casserole came out of the oven. The marshmallows got a little overcooked by the broiler and now only covered half of the casserole. Next time, I think I'll skip Parton's aluminum foil trick and just let the marshmallows cook uncovered the entire time.But unphotogenic marshmallows aside, the flavor of this sweet potato casserole was delicious. The crunch of the pecans was a delightful twist, and the combination of the brown sugar, vanilla, and cinnamon was well-balanced. The texture was satisfyingly creamy, and the dish smelled delicious. I brought this for a recent Friendsgiving, and the pan was empty within minutes despite having a lot of competition!So, with one little tweak, I think the Parton sisters' sweet potato casserole will be a hit on your holiday menu.0 Commentaires 0 Parts 1 Vue
-
WWW.BUSINESSINSIDER.COMWhy it might be easier to change jobs next yearHiring could increase in 2025, easing job changes for workers.Job postings for recruiters are up in some industries. That can signal broader hiring will follow.One industry's workers are feeling "restless and grumpy," an HR exec told BI.Come 2025, you might find it's a tad easier to change jobs.That would be welcome news for many. While layoffs and the overall US unemployment rate remain low, some employees in industries like tech have felt stuck in their roles because of tepid hiring.Labor market experts and executives who oversee corporate recruitment told Business Insider that more people could switch roles next year. One possible sign: Job postings for recruiters are up in some industries.Hiring recruiters tends to signal an increase in broader hiring about three months later, Lisa Simon, the chief economist at Revelio Labs, which examines employment data, told BI.Simon said demand isn't uniformly higher, though, in some areas, it's up sharply. Take electronics manufacturing. Job recruitment postings in that sector have jumped about 76% from the first quarter of 2024, according to data from Revelio Labs and Appcast, which provides recruitment advertising services.Recruiter postings for areas like pharmaceuticals as well as hospitality and tourism management are up about 45% from early 2024."It could well be that this is real," Simon said, referring to the demand for recruiters indicating a broader economic lift.As always, unforeseen economic obstacles could emerge. It also remains unclear whether proposals to increase tariffs or cut the federal workforce might alter some employers' plans.Nevertheless, there's room for optimism, according to Sean Barry, VP of talent acquisition at Allstate. He told BI that he expects the company will hire between 15,000 and 16,000 workers in 2025, up from an estimated 14,000 this year. The insurance giant has about 55,000 workers."I personally think the entire market is going to experience an uptick," Barry said, referring to overall hiring in the US in 2025.Working through a backlogIf hiring does heat up in 2025, it might take time for everyone hunting for a job to see the effects, Daniel Zhao, the lead economist at Glassdoor, told BI.He said that because many workers have had to settle for lower-paying or lower-seniority positions in recent years, they might be the first to seek better roles."Those experienced workers will be prime targets to climb the career ladder," Zhao said.It would likely then take longer, he said, for entry-level workers and new grads to see the benefits of a stronger job market as they might need to wait for more experienced peers to create vacancies.Regardless, increased movement could give a much-needed boost to worker sentiment, Zhao said."Workers are feeling stuck right now," he said, "creating an epidemic of employee disengagement."If the job market doesn't strengthen as hoped, Zhao said some workers' frustrations over their 9-to-5 could rise.Yet "if the job market heats up, then we'll likely see a wave of turnover as workers vote with their feet," Zhao said.Michelle Volberg, a longtime recruiter who founded Twill, a venture-backed startup that pays tech workers to recommend peers for key jobs, told BI in early November that she's witnessed more demand from employers for 2025."We're seeing a pretty healthy number of roles planning to be posted in January, probably more than we even expected," Volberg said. She added that she'd seen an "upward trend" in the past year.It might not be the Great Resignation 2.0Even if the job market does pick up, Simon, from Revelio Labs, said it won't be like the pandemic-era boom when companies like the tech giants scooped up workers."We're done with that level of hiring," she said.Yet even without a Great Resignation Redux, finding the right workers could remain challenging for some.Christina Schelling, SVP and chief talent and diversity officer at Verizon, told BI that she expects the competition for workers to remain high.Verizon has some 105,000 employees and typically fills about 20,000 jobs a year through a mix of internal and external candidates. She expects that will continue."I don't think that it's going to be any easier to get the best of the best to work here," Schelling said.Feeling 'restless and grumpy'Tanya Moore, chief people officer at the consulting firm West Monroe, told BI that reductions in promotions and job changes for many US desk workers have hurt morale.Over the summer, she grew concerned that some of the firm's employees were not feeling recognized or rewarded for their work.Based on conversations with West Monroe employees and others in the industry, Moore said many consultants are feeling "restless and grumpy."So, Moore and several colleagues went to the company's board. Moore shared her concern that if the job market heats up in 2025, as she expects, key employees could be tempted to leave.The board listened. In October, to help stave off an exodus and to "make workers feel valued," Moore said, the company paid a bonus to the top 18% of its performers. The payouts were based on financial criteria that she said were "clear and hard to argue with."The payments were in addition to the annual bonuses that a wider pool of employees are eligible for.Moore expects the consulting business and the broader economy will see "moderate" growth in 2025 and stepped-up growth in 2026. That could lead to another "big reshuffle," she said.Already, she said, West Monroe has seen a slight uptick in attrition."As the economy settles and people get more confident, I think we're going to see a whole other Great Resignation," Moore said.0 Commentaires 0 Parts 1 Vue