- Arrowhead’s latest major order is exploiting the Helldiver 2 community’s greatest weakness: communication PC Gamer
- Game master Joel cuts an unprecedented deal with Helldivers 2 players: Pull off the ‘Martale Gambit’ and he’ll liberate two planets for the price of one PC Gamer
- As Helldivers 2 players struggle with a brutal Major Order, dev says GM Joel secretly helps them out: “Short of handing you the win, there isn’t a lot more we can do” Gamesradar
- Helldivers 2 faces “grim projections” after we beat two billion bugs PCGamesN
- Helldivers 2 dev “looking into” progress tracking and display issues Eurogamer.net
Tag Archives: exploiting
SAG-AFTRA, AMPTP Spar Over Terms of Rejected Contract Offer: ‘Deliberately Distorts,’ Says AMPTP; ‘Rewarded for Exploiting Workers,’ Says Union – Variety
- SAG-AFTRA, AMPTP Spar Over Terms of Rejected Contract Offer: ‘Deliberately Distorts,’ Says AMPTP; ‘Rewarded for Exploiting Workers,’ Says Union Variety
- SAG-AFTRA Working “As Fast As We Can” On Waivers For Indie Productions; Approvals Could Be Public By Tuesday Deadline
- SAG-AFTRA Reveals What It Claims Were Unresolved Negotiations Issues With Studios Hollywood Reporter
- Actor’s Strike: SAG-AFTRA Releases List of Proposals and Studios’ Counterproposals Rolling Stone
- SAG-AFTRA Says Companies “Wouldn’t Meaningfully Engage” On Key Issues Leading Up To Strike; AMPTP Responds – Update Deadline
- View Full Coverage on Google News
First observation of de Broglie-Mackinnon wave packets achieved by exploiting loophole in 1980s theorem
University of Central Florida College of Optics and Photonics researchers achieved the first observation of de Broglie-Mackinnon wave packets by exploiting a loophole in a 1980s-era laser physics theorem.
The research paper by CREOL and Florida Photonics Center of Excellence professor Ayman Abouraddy and research assistant Layton Hall has been published in the journal Nature Physics.
Observation of optical de Broglie–Mackinnon wave packets highlights the team’s research using a class of pulsed laser beams they call space-time wave packets.
In an interview with Dr. Abouraddy, he provides more insight into his team’s research and what it may hold for the future.
You accomplished several ‘firsts’ during this phase of your research. Will you provide some history of the theoretical ideas that brought you here?
In the early days of the development of quantum mechanics almost 100 years ago, Louis de Broglie made the crucial conceptual breakthrough of identifying waves with particles, sometimes called wave-particle duality. However, a crucial dilemma was not resolved. Particles are spatially stable: their size does not change as they travel, however waves do change, spreading in space and time. How can one construct a model out of the waves suggested by de Broglie that nevertheless correspond accurately to a particle?
In the 1970s, L. Mackinnon proposed a solution by combining Einstein’s special theory of relativity with de Broglie’s waves to construct a stable ‘wave packet’ that does not spread and can thus accompany a traveling particle. This proposal went unnoticed because there was no methodology for producing such a wave packet. In recent years, my group has been working on a new class of pulsed laser beams that we have called ‘space-time wave packets,’ which travel rigidly in free space.
In our recent research, Layton extended this behavior to propagation in dispersive media, which normally stretch optical pulses—except for space-time wave packets that resist this stretching. He recognized that the propagation of space-time wave packets in a medium endowed with a special kind of dispersion (so-called ‘anomalous’ dispersion) corresponds to Mackinnon’s proposal. In other words, space-time wave packets hold the key to finally achieving de Broglie’s dream. By carrying out laser experiments along these lines, we observed for the first time what we have called de Broglie-Mackinnon wave packets and verified their predicted properties.
What is unique about your results?
There are several unique aspects of this paper. This is the first example of a pulse propagating invariantly in a medium with anomalous dispersion. In fact, a well-known theorem in laser physics from the 1980’s purports to prove that such a feat is impossible. We found a loophole in that theorem that we exploited in designing our optical fields.
Also, all previous pulsed fields that propagate without change have been X-shaped. It has long been theorized that O-shaped propagation-invariant wave packets should exist, but they have never been observed. Our results reveal the first observed O-shaped propagation-invariant wave packets.
The U.S. Office of Naval Research is supporting your research. How are your findings useful to them and others?
We don’t know yet exactly. However, these findings have practical consequences in terms of the propagation of optical pulses in dispersive media without suffering the deleterious impact of dispersion.
These results may pave the way to optical tests of the solutions of the Klein-Gordon equation for massive particles, and may even lead to the synthesis of non-dispersive wave packets using matter waves. This would also enable new sensing and microscope techniques.
What are the next steps?
This work is a part of a larger study of the propagation characteristics of space-time wave packets. This includes long-distance propagation of space-time wave packets that we are testing at UCF’s Townes Institute Science and Technology Experimentation Facility (TISTEF) on Florida’s space coast. From a fundamental perspective, the optical spectrum that we have used in our experiments lies on a closed trajectory. This has never been achieved before, and it opens the path to studying topological structures of light on closed surfaces.
More information:
Layton A. Hall et al, Observation of optical de Broglie–Mackinnon wave packets, Nature Physics (2023). DOI: 10.1038/s41567-022-01876-6
Provided by
University of Central Florida
Citation:
First observation of de Broglie-Mackinnon wave packets achieved by exploiting loophole in 1980s theorem (2023, January 27)
retrieved 28 January 2023
from https://phys.org/news/2023-01-de-broglie-mackinnon-packets-exploiting-loophole.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Attackers Exploiting Windows Zero-Day Flaw – Krebs on Security
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. IE been slowly abandoned for more recent Windows browsers like Edge, but the same vulnerable component also is used by Microsoft Office applications for rendering web-based content.
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” Microsoft wrote. “The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Microsoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.
On of the researchers credited — EXPMON — said on Twitter that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.
“The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous),” EXPMON tweeted.
Windows users could see an official fix for the bug as soon as September 14, when Microsoft is slated to release its monthly “Patch Tuesday” bundle of security updates.
This year has been a tough one for Windows users and so-called “zero day” threats, which refers to vulnerabilities that are not patched by current versions of the software in question, and are being actively exploited to break into vulnerable computers.
Virtually every month in 2021 so far, Microsoft has been forced to respond to zero-day threats targeting huge swaths of its user base. In fact, by my count May was the only month so far this year that Microsoft didn’t release a patch to fix at least one zero-day attack in Windows or supported software.
Many of those zero-days involve older Microsoft technologies or those that have been retired, like IE11; Microsoft officially retired support for Microsoft Office 365 apps and services on IE11 last month. In July, Microsoft rushed out a fix for the Print Nightmare vulnerability that was present in every supported version of Windows, only to see the patch cause problems for a number of Windows users.
On June’s Patch Tuesday, Microsoft addressed six zero-day security holes. And of course in March, hundreds of thousands of organizations running Microsoft Exchange email servers found those systems compromised with backdoors thanks to four zero-day flaws in Exchange.
R. Kelly accused of sexually exploiting 17-year-old boy in sex-trafficking trial
NEW YORK (AP) — After several days of testimony from women claiming they were groomed and sexually abused by R. Kelly, a man took the witness stand at Kelly’s sex-trafficking trial in New York City on Monday to say the R&B star exploited him in the same way when he was a high school student.
The witness, testifying in federal court in Brooklyn without using his real name, told a jury how Kelly lured him to his Chicago-area home in 2007 with false offers of helping him with his fledgling music career.
Kelly asked the alleged victim, then 17, “what I was willing to do for music,” the witness said. He replied, “I’ll carry your bags. … Anything you need, I’ll be willing to do.”
“That’s not it. That’s not it,” he said Kelly responded before asking him if he ever fantasized about having sex with men. He described how Kelly then “crawled down on his knees and proceeded to give me oral sex,” even though, “I wasn’t into it.”
SCENES FROM WEEK 2 OF THE R. KELLY SEX TRAFFICKING TRIAL
Afterward, “he told me to keep between him and me,” he said.
R. Kelly has been accused of sexual misconduct by a man, who claimed that the singer performed unwanted oral sex on him when he was only 17.
(AP Photo/Nam Y. Huh, File)
In a later episode, Kelly snapped his fingers to summon a naked girl from where she was hiding under a boxing ring to give Kelly and the witness oral sex, the man told the jury.
He kept seeing Kelly after that because “I really wanted to make it in the music industry,” he said.
The witness was testifying as part of a cooperation agreement stemming from his guilty plea in a separate case alleging he was part of a botched scheme to bribe a woman to not testify against Kelly. No charges were brought against Kelly related to the scheme.
R. KELLY ONCE COMPARED HIMSELF TO JERRY LEE LEWIS: WITNESS
Kelly, 54, has repeatedly denied accusations that he preyed on victims during a 30-year career highlighted by his 1996 mega hit “I Believe I Can Fly.” His lawyers have portrayed his accusers as groupies who are lying about their relationships with him.
Earlier Monday, a woman testified that Kelly sexually assaulted her at age 17 following a performance in Miami in 1994. The witness, also testifying without using her real name, claimed that Kelly’s cronies took her and a friend to his dressing room after the show before he pulled down her shorts and forced her to have unprotected sex, she said.
R. Kelly is currently on trial for sex-trafficking charges in New York.
(AP Photo/Elizabeth Williams)
“I was in complete shock,” she said. “I didn’t know what to say at all. I basically went blank.”
CLICK HERE TO GET THE FOX NEWS APP
Afterward, she and her friend “unlocked the door and ran out of there,” she said.
On cross-examination, defense attorney Deveraux Cannick pressed the witness on why, after someone allegedly “raped you,” she waited more than two decades to contact law enforcement.
CLICK HERE TO SIGN UP FOR OUR ENTERTAINMENT NEWSLETTER
“Because I didn’t want to feel more shame and trauma,” she said.
Chinese Hackers Have Been Exploiting A Microsoft Email Product to Steal Data
In the latest in a string of security-related headaches for Microsoft, the company warned customers Tuesday that state sponsored hackers from China have been exploiting flaws in one of its widely used email products, Exchange, in order to target American companies for data theft.
In several recently published blog posts, the company listed four newly discovered zero-day vulnerabilities associated with the attacks, as well as patches and a list of compromise indicators. Users of Exchange have been urged to update to avoid getting hacked.
Microsoft researchers have dubbed the main hacker group behind the attacks “HAFNIUM,” describing it as a “highly skilled and sophisticated actor” focused on conducting espionage via data theft. In past campaigns, HAFNIUM has been known to target a wide variety of entities throughout the U.S., including “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs,” they said.
In the case of Exchange, these attacks have meant data exfiltration from email accounts. Exchange works with mail clients like Microsoft Office, synchronizing updates to devices and computers, and is widely used by companies, universities, and other large organizations.
G/O Media may get a commission
Attacks on the product have unfolded like this: hackers will leverage zero days to gain entry to an Exchange server (they also sometimes used compromised credentials). They then typically will deploy a web shell (a malicious script), hijacking the server remotely. Hackers can then steal data from an associated network, including whole tranches of emails. The attacks were conducted from U.S.-based private servers, according to Microsoft.
Microsoft Corporate Vice President of Customer Security Tom Burt said Tuesday that customers should work quickly to update associated security flaws:
Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.
The situation was originally brought to Microsoft’s attention by researchers at two different security firms, Volexity and Dubex. According to KrebsOnSecurity, Volexity initially found evidence of the intrusion campaigns on Jan. 6. In a blog post Tuesday, Volexity researchers helped break down what the malicious activity looked like in one particular case:
Through its analysis of system memory, Volexity determined the attacker was exploiting a zero-day server-side request forgery (SSRF) vulnerability in Microsoft Exchange (CVE-2021-26855). The attacker was using the vulnerability to steal the full contents of several user mailboxes. This vulnerability is remotely exploitable and does not require authentication of any kind, nor does it require any special knowledge or access to a target environment. The attacker only needs to know the server running Exchange and what account from which they want to extract e-mail.
These recent hacking campaigns—which Microsoft has said are “limited and targeted” in nature—are unassociated with the ongoing “SolarWinds” attacks that the tech giant is also currently embroiled in. The company hasn’t said how many organizations were targeted or successfully compromised by the campaign, though other threat actors besides HAFNIUM may also be involved. Microsoft says it has briefed federal authorities on the incidents.
Hackers are exploiting a critical zeroday in devices from SonicWall
Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the devices it sells.
The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t slated to receive a fix until the end of Tuesday.
Monday’s update came a day after security firm NCC Group said on Twitter that it had detected “indiscriminate use of an exploit in the wild.” The NCC tweet referred to an earlier version of the SonicWall advisory that said its researchers had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
Per the @SonicWall advisory – https://t.co/teeOvpwFMD – we’ve identified and demonstrated exploitability of a possible candidate for the vulnerability described and sent details to SonicWall – we’ve also seen indication of indiscriminate use of an exploit in the wild – check logs
— NCC Group Research & Technology (@NCCGroupInfosec) January 31, 2021
In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerability that affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.”
In Monday’s update, SonicWall representatives said the company’s engineering team confirmed the submission by NCC Group included a “critical zero-day” in the SMA 100 series 10.x code. SonicWall is tracking it as SNWLID-2021-0001. The SMA 100 series is a line of secure remote access appliances.
The disclosure makes SonicWall at least the fifth large company to report in recent weeks that it was targeted by sophisticated hackers. Other companies include network management tool provider SolarWinds, Microsoft, FireEye, and Malwarebytes. CrowdStrike also reported being targeted but said the attack wasn’t successful.
Neither SonicWall nor NCC Group said that the hack involving the SonicWall zeroday was linked to the larger SolarWinds hack campaign. Based on the timing of the disclosure and some of the details in it, however, there is widespread speculation that the two are connected.
NCC Group has declined to provide additional details before the zeroday is fixed to prevent the flaw from being exploited further.
People who use SonicWall’s SMA 100 series should read the company’s advisory carefully and follow stopgap instructions for securing products before a fix is released. Chief among them:
- If you must continue operation of the SMA 100 Series appliance until a patch is available
- Enable MFA. This is a *CRITICAL* step until the patch is available.
- Reset user passwords for accounts that utilized the SMA 100 series with 10.X firmware
- If the SMA 100 series (10.x) is behind a firewall, block all access to the SMA 100 on the firewall;
- Shut down the SMA 100 series device (10.x) until a patch is available; or
- Load firmware version 9.x after a factory default settings reboot. *Please back up your 10.x settings*
- Important Note: Direct downgrade of Firmware 10.x to 9.x with settings intact is not supported. You must first reboot the device with factory defaults and then either load a backed up 9.x configuration or reconfigure the SMA 100 from scratch.
- Ensure that you follow multifactor authentication (MFA) best practice security guidance if you choose to install 9.x.
SonicWall firewalls and SMA 1000 series appliances, as well as all respective VPN clients, are unaffected and remain safe to use.
This post was updated to correct the description of the SMA 100.