Mike M. – Page 45

Health care giant comes clean about recent hack and paid ransom

Biz & IT, Change Healthcare, prescriptions, ransomware, Security / Mike M. / May 1, 2024

HEALTH CARE PROVIDER, HEAL THYSELF —

Ransomware attack on the $371 billion company hamstrung US prescription market.

Dan Goodin – Apr 30, 2024 8: 44 pm UTC

Change Healthcare, the health care services provider that recently experienced a ransomware attack that hamstrung the US prescription market for two weeks, was hacked through a compromised account that failed to use multifactor authentication, the company CEO told members of Congress.

The February 21 attack by a ransomware group using the names ALPHV or BlackCat took down a nationwide network Change Healthcare administers to allow healthcare providers to manage customer payments and insurance claims. With no easy way for pharmacies to calculate what costs were covered by insurance companies, payment processors, providers, and patients experienced long delays in filling prescriptions for medicines, many of which were lifesaving. Change Healthcare has also reported that hackers behind the attacks obtained personal health information for a “substantial portion” of the US population.

Standard defense not in place

Andrew Witty, CEO of Change Healthcare parent company UnitedHealth Group, said the breach started on February 12 when hackers somehow obtained an account password for a portal allowing remote access to employee desktop devices. The account, Witty admitted, failed to use multifactor authentication (MFA), a standard defense against password compromises that requires additional authentication in the form of a one-time password or physical security key.

“The portal did not have multi-factor authentication,” Witty wrote in comments submitted before his scheduled testimony on Wednesday to the House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations. “Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data.” Witty is also scheduled to appear at a separate Wednesday hearing before the Senate Committee on Finance.

Witty didn’t explain why the account, on a portal platform provided by software maker Citrix, wasn’t configured to use MFA. The failure is likely to be a major focus during Wednesday’s hearing.

After burrowing into the Change Healthcare network undetected for nine days, the attackers deployed ransomware that prevented the company from accessing its IT environment. In response, the company severed its connection to its data centers. The company spent the next two weeks rebuilding its entire IT infrastructure “from the ground up.” In the process, it replaced thousands of laptops, rotated credentials, and added new server capacity. By March 7, 99 percent of pre-incident pharmacies were once again able to process claims.

Witty also publicly confirmed that Change Healthcare paid a ransom, a practice that critics say incentivizes ransomware groups who often fail to make good on promises to destroy stolen data. According to communications uncovered by Dmitry Smilyanets, product management director at security firm Recorded Future, Change Healthcare paid $22 million to ALPHV. Principal members of the group then pocketed the funds rather than sharing it with an affiliate group that did the actual hacking, as spelled out in a pre-existing agreement. The affiliate group published some of the stolen data, largely validating a chief criticism of ransomware payments.

“As chief executive officer, the decision to pay a ransom was mine,” Witty wrote. “This was one of the hardest

decisions I’ve ever had to make. And I wouldn’t wish it on anyone.”

Bleeping Computer reported that Change Healthcare may have paid both ALPHV and the affiliate through a group calling itself RansomHub.

Two weeks ago, UnitedHealth Group reported the ransomware attack resulted in a $872 million cost in its first quarter. That amount included $593 million in direct response costs and $279 million in disruptions. Witty’s written testimony added that as of last Friday, his company had advanced more than $6.5 billion in accelerated payments and no-interest, no-fee loans to thousands of providers that were left financially struggling during the prolonged outage. UnitedHealth Care reported $99.8 billion in sales for the quarter. The company had an annual revenue of $371.6 billion in 2023.

Payment processing by Change Healthcare is currently about 86 percent of its pre-incident levels and will increase as the company further restores its systems, Witty said. The number of pharmacies it serves remains a “fraction of a percent” below pre-incident levels.

Health care giant comes clean about recent hack and paid ransom Read More »

Researchers make a plastic that includes bacteria that can digest it

bacteria, Biology, chemistry, evolution, materials science, plastics, Science / Mike M. / May 1, 2024

It’s alive! —

Bacterial spores strengthen the plastic, then revive to digest it in landfills.

John Timmer – Apr 30, 2024 8: 11 pm UTC

Image of two containers of dirt, one with a degraded piece of plastic in it. — Han Sol Kim

One reason plastic waste persists in the environment is because there’s not much that can eat it. The chemical structure of most polymers is stable and different enough from existing food sources that bacteria didn’t have enzymes that could digest them. Evolution has started to change that situation, though, and a number of strains have been identified that can digest some common plastics.

An international team of researchers has decided to take advantage of those strains and bundle plastic-eating bacteria into the plastic. To keep them from eating it while it’s in use, the bacteria is mixed in as inactive spores that should (mostly—more on this below) only start digesting the plastic once it’s released into the environment. To get this to work, the researchers had to evolve a bacterial strain that could tolerate the manufacturing process. It turns out that the evolved bacteria made the plastic even stronger.

Bacteria meet plastics

Plastics are formed of polymers, long chains of identical molecules linked together by chemical bonds. While they can be broken down chemically, the process is often energy-intensive and doesn’t leave useful chemicals behind. One alternative is to get bacteria to do it for us. If they’ve got an enzyme that breaks the chemical bonds of a polymer, they can often use the resulting small molecules as an energy source.

The problem has been that the chemical linkages in the polymers are often distinct from the chemicals that living things have come across in the past, so enzymes that break down polymers have been rare. But, with dozens of years of exposure to plastics, that’s starting to change, and a number of plastic-eating bacterial strains have been discovered recently.

This breakdown process still requires that the bacteria and plastics find each other in the environment, though. So a team of researchers decided to put the bacteria in the plastic itself.

The plastic they worked with is called thermoplastic polyurethane (TPU), something you can find everywhere from bicycle inner tubes to the coating on your ethernet cables. Conveniently, there are already bacteria that have been identified that can break down TPU, including a species called Bacillus subtilis, a harmless soil bacterium that has also colonized our digestive tracts. B. subtilis also has a feature that makes it very useful for this work: It forms spores.

This feature handles one of the biggest problems with incorporating bacteria into materials: The materials often don’t provide an environment where living things can thrive. Spores, on the other hand, are used by bacteria to wait out otherwise intolerable conditions, and then return to normal growth when things improve. The idea behind the new work is that B. subtilis spores remain in suspended animation while the TPU is in use and then re-activate and digest it once it’s disposed of.

In practical terms, this works because spores only reactivate once nutritional conditions are sufficiently promising. An Ethernet cable or the inside of a bike tire is unlikely to see conditions that will wake the bacteria. But if that same TPU ends up in a landfill or even the side of the road, nutrients in the soil could trigger the spores to get to work digesting it.

The researchers’ initial problem was that the manufacturing of TPU products usually involves extruding the plastic at high temperatures, which are normally used to kill bacteria. In this case, they found that a typical manufacturing temperature (130° C) killed over 90 percent of the B. subtilis spores in just one minute.

So, they started out by exposing B. subtilis spores to lower temperatures and short periods of heat that were enough to kill most of the bacteria. The survivors were grown up, made to sporulate, and then exposed to a slightly longer period of heat or even higher temperatures. Over time, B. subtilis evolved the ability to tolerate a half hour of temperatures that would kill most of the original strain. The resulting strain was then incorporated into TPU, which was then formed into plastics through a normal extrusion process.

You might expect that putting a bunch of biological material into a plastic would weaken it. But the opposite turned out to be true, as various measures of its tensile strength showed that the spore-containing plastic was stronger than pure plastic. It turns out that the spores have a water-repelling surface that interacts strongly with the polymer strands in the plastic. The heat-resistant strain of bacteria repelled water even more strongly, and plastics made with these spores was tougher still.

To simulate landfilling or litter with the plastic, the researchers placed them in compost. Even without any bacteria, there were organisms present that could degrade it; by five months in the compost, plain TPU lost nearly half its mass. But with B. subtilis spores incorporated, the plastic lost 93 percent of its mass over the same time period.

This doesn’t mean our plastics problem is solved. Obviously, TPU breaks down relatively easily. There are lots of plastics that don’t break down significantly, and may not be compatible with incorporating bacterial spores. In addition, it’s possible that some TPU uses would expose the plastic to environments that would activate the spores—something like food handling or buried cabling. Still, it’s possible this new breakdown process can provide a solution in some cases, making it worth exploring further.

Nature Communications, 2024. DOI: 10.1038/s41467-024-47132-8 (About DOIs).

Listing image by Han Sol Kim

Researchers make a plastic that includes bacteria that can digest it Read More »

AWS S3 storage bucket with unlucky name nearly cost developer $1,300

Amazon, amazon s3, AWS, Biz & IT, Cloud Storage, Tech / Mike M. / May 1, 2024

Not that kind of bucket list —

Amazon says it’s working on stopping others from “making your AWS bill explode.”

Kevin Purdy – Apr 30, 2024 7: 43 pm UTC

A blue bucket, held by red and yellow brackets, being continuously filled and overflowing — Enlarge / Be careful with the buckets you put out there for anybody to fill.

Getty Images

If you’re using Amazon Web Services and your S3 storage bucket can be reached from the open web, you’d do well not to pick a generic name for that space. Avoid “example,” skip “change_me,” don’t even go with “foo” or “bar.” Someone else with the same “change this later” thinking can cost you a MacBook’s worth of cash.

Ask Maciej Pocwierz, who just happened to pick an S3 name that “one of the popular open-source tools” used for its default backup configuration. After setting up the bucket for a client project, he checked his billing page and found nearly 100 million unauthorized attempts to create new files on his bucket (PUT requests) within one day. The bill was over $1,300 and counting.

Nothing, nothing, nothing, nothing, nothing … nearly 100 million unauthorized requests.

“All this actually happened just a few days after I ensured my client that the price for AWS services will be negligible, like $20 at most for the entire month,” Pocwierz wrote over chat. “I explained the situation is very unusual but it definitely looked as if I didn’t know what I’m doing.”

Pocwierz declined to name the open source tool that inadvertently bum-rushed his S3 account. In a Medium post about the matter, he noted a different problem with an unlucky default backup. After turning on public writes, he watched as he collected more than 10GB of data in less than 30 seconds. Other people’s data, that is, and they had no idea that Pocwierz was collecting it.

Some of that data came from companies with customers, which is part of why Pocwierz is keeping the specifics under wraps. He wrote to Ars that he contacted some of the companies that either tried or successfully backed up their data to his bucket, and “they completely ignored me.” “So now instead of having this fixed, their data is still at risk,” Pocwierz writes. “My lesson is if I ever run a company, I will definitely have a bug bounty program, and I will treat such warnings seriously.”

As for Pocwierz’s accounts, both S3 and bank, it mostly ended well. An AWS representative reached out on LinkedIn and canceled his bill, he said, and was told that anybody can request refunds for excessive unauthorized requests. “But they didn’t explicitly say that they will necessarily approve it,” he wrote. He noted in his Medium post that AWS “emphasized that this was done as an exception.”

In response to Pocwierz’s story, Jeff Barr, chief evangelist for AWS at Amazon, tweeted that “We agree that customers should not have to pay for unauthorized requests that they did not initiate.” Barr added that Amazon would have more to share on how the company could prevent them “shortly.” AWS has a brief explainer and contact page on unexpected AWS charges.

The open source tool did change its default configuration after Pocwierz contacted them. Pocwierz suggested to AWS that it should restrict anyone else from creating a bucket name like his, but he had yet to hear back about it. He suggests in his blog post that, beyond random bad luck, adding a random suffix to your bucket name and explicitly specifying your AWS region can help avoid massive charges like the one he narrowly dodged.

AWS S3 storage bucket with unlucky name nearly cost developer $1,300 Read More »

Mysterious “gpt2-chatbot” AI model appears suddenly, confuses experts

AI, AI benchmarks, AI vibes, Biz & IT, Chatbot Arena, Ethan Mollick, GPT-3, GPT-3.5, GPT-4, GPT-4.5, GPT-5, gpt2-chatbot, lmsys, machine learning, openai, sam altman, Simon Willison / Mike M. / May 1, 2024

Robot fortune teller hand and crystal ball

On Sunday, word began to spread on social media about a new mystery chatbot named “gpt2-chatbot” that appeared in the LMSYS Chatbot Arena. Some people speculate that it may be a secret test version of OpenAI’s upcoming GPT-4.5 or GPT-5 large language model (LLM). The paid version of ChatGPT is currently powered by GPT-4 Turbo.

Currently, the new model is only available for use through the Chatbot Arena website, although in a limited way. In the site’s “side-by-side” arena mode where users can purposely select the model, gpt2-chatbot has a rate limit of eight queries per day—dramatically limiting people’s ability to test it in detail.

So far, gpt2-chatbot has inspired plenty of rumors online, including that it could be the stealth launch of a test version of GPT-4.5 or even GPT-5—or perhaps a new version of 2019’s GPT-2 that has been trained using new techniques. We reached out to OpenAI for comment but did not receive a response by press time. On Monday evening, OpenAI CEO Sam Altman seemingly dropped a hint by tweeting, “i do have a soft spot for gpt2.”

Enlarge / A screenshot of the LMSYS Chatbot Arena “side-by-side” page showing “gpt2-chatbot” listed among the models for testing. (Red highlight added by Ars Technica.)

Benj Edwards

Early reports of the model first appeared on 4chan, then spread to social media platforms like X, with hype following not far behind. “Not only does it seem to show incredible reasoning, but it also gets notoriously challenging AI questions right with a much more impressive tone,” wrote AI developer Pietro Schirano on X. Soon, threads on Reddit popped up claiming that the new model had amazing abilities that beat every other LLM on the Arena.

Intrigued by the rumors, we decided to try out the new model for ourselves but did not come away impressed. When asked about “Benj Edwards,” the model revealed a few mistakes and some awkward language compared to GPT-4 Turbo’s output. A request for five original dad jokes fell short. And the gpt2-chatbot did not decisively pass our “magenta” test. (“Would the color be called ‘magenta’ if the town of Magenta didn’t exist?”)

A gpt2-chatbot result for “Who is Benj Edwards?” on LMSYS Chatbot Arena. Mistakes and oddities highlighted in red.

Benj Edwards
A gpt2-chatbot result for “Write 5 original dad jokes” on LMSYS Chatbot Arena.

Benj Edwards
A gpt2-chatbot result for “Would the color be called ‘magenta’ if the town of Magenta didn’t exist?” on LMSYS Chatbot Arena.

Benj Edwards

So, whatever it is, it’s probably not GPT-5. We’ve seen other people reach the same conclusion after further testing, saying that the new mystery chatbot doesn’t seem to represent a large capability leap beyond GPT-4. “Gpt2-chatbot is good. really good,” wrote HyperWrite CEO Matt Shumer on X. “But if this is gpt-4.5, I’m disappointed.”

Still, OpenAI’s fingerprints seem to be all over the new bot. “I think it may well be an OpenAI stealth preview of something,” AI researcher Simon Willison told Ars Technica. But what “gpt2” is exactly, he doesn’t know. After surveying online speculation, it seems that no one apart from its creator knows precisely what the model is, either.

Willison has uncovered the system prompt for the AI model, which claims it is based on GPT-4 and made by OpenAI. But as Willison noted in a tweet, that’s no guarantee of provenance because “the goal of a system prompt is to influence the model to behave in certain ways, not to give it truthful information about itself.”

Mysterious “gpt2-chatbot” AI model appears suddenly, confuses experts Read More »

Apple confirms bug that is keeping some iPhone alarms from sounding

Apple, Tech / Mike M. / May 1, 2024

do not be alarmed —

If your iPhone hasn’t been waking you up lately, you’re not alone.

Andrew Cunningham – Apr 30, 2024 6: 58 pm UTC

Enlarge / An iPhone in Standby mode, charging wirelessly on a desk.

Apple

If your iPhone’s alarm hasn’t woken you lately, it seems you’re not alone: Apple has confirmed to Today that a software bug is to blame, following user complaints on TikTok and other social platforms.

Apple is “aware of an issue causing some iPhone alarms to not play the expected sound,” according to the report and “is working on a fix.” The company’s official statement didn’t go into more detail on what caused the bug or why it seems to affect some users but not others.

These sorts of bugs usually relate to some kind of time change; one circa 2010 iOS alarm bug was caused by Daylight Saving Time, and another cropped up in the first two days of 2011 when alarms suddenly stopped working for the first two days of the year (for whatever reason. they began working properly again on January 3 without any kind of software update). Daylight Saving Time in 2024 kicked in all the way back in mid-March, so it’s hard to say whether the problem is related to the change this time around.

If you aren’t affected by the bug—my alarms have been working fine—you can still keep this bug in your pocket for when you’re late for something for another reason.

Apple confirms bug that is keeping some iPhone alarms from sounding Read More »

Fragments of bird flu virus genome found in pasteurized milk, FDA says

avian influenza, bird flu, CDC, cows, dairy cows, fda, flu, H5N1, Infectious disease, influenza, milk, pasteurization, Science, Uncategorized / Mike M. / April 24, 2024

Milk testing —

The test cannot tell if the virus is live. The FDA still assess milk supply as safe.

Beth Mole – Apr 24, 2024 1: 20 am UTC

The Food and Drug Administration on Tuesday announced that genetic fragments from the highly-pathogenic avian influenza virus H5N1 have been detected in the pasteurized, commercial milk supply. However, the testing completed so far—using quantitative polymerase chain reaction (qPCR)—only detects the presence of viral genetic material and cannot tell whether the genetic material is from live and infectious viral particles or merely remnants of dead ones killed by the pasteurization process.

Testing is now ongoing to see if viable, infectious H5N1 can be identified in milk samples.

So far, the FDA still believes that the milk supply is safe. “To date, we have seen nothing that would change our assessment that the commercial milk supply is safe,” the agency said in a lengthy explanation of the finding and ongoing testing.

H5N1 made its startling jump to US dairy cows recently, with the first ever documented cases in a Texas herd confirmed on March 25. It has spread widely since then with at least 32 herds in eight states now known to be infected. The unexpected spread to bovines has raised fears that the virus is evolving to infect mammals more efficiently, and so poses a heightened risk of spread to and among humans.

But amid the alarming outbreak among the country’s dairy herds, federal agencies have appeared confident that the virus poses little risk to no risk to the safety of the milk supply.

“At this time, there continues to be no concern that this circumstance poses a risk to consumer health, or that it affects the safety of the interstate commercial milk supply because products are pasteurized before entering the market” the FDA wrote in an FAQ published Friday. “Pasteurization has continually proven to inactivate bacteria and viruses, like influenza, in milk.”

In the announcement Tuesday, the FDA also highlighted that multiple studies have shown that the pasteurization process for eggs, which uses lower temperatures than what is used for milk, is effective at inactivating H5N1.

Nevertheless, the FDA, along with the Centers for Disease Control and Prevention and the US Department of Agriculture, have continued to investigate potential risks, including establishing whether pasteurization can inactivate this specific virus. The FDA noted in its announcement Tuesday that, while pasteurization is expected to kill the virus, pasteurization is “different than complete sterilization.”

As such, it carried out the qPCR tests, expecting it might find some genetic fragments in the pasteurized milk because virus has been detected in raw milk. “Based on available information, pasteurization is likely to inactivate the virus, however the process is not expected to remove the presence of viral particles,” the FDA explained. “Therefore, some of the samples collected have indicated the presence of HPAI [Highly Pathogenic Avian Influenza] using quantitative polymerase chain reaction (qPCR) testing.”

The FDA did not indicate how many samples it has tested, where the samples were collected from, or the level of viral genetic material the samples contained.

The agency is now working on assessing whether it can identify if any virus particles are infectious using egg inoculation tests, which are considered a gold-standard for determining viral viability. It added that it will release results from those tests and others in “the next few days to weeks.”

“[W]e take this current situation and the safety of the milk supply very seriously. We recognize the importance of releasing further, actionable information,” the FDA said.

Meanwhile, the agency reported that the CDC’s food safety group has been closely monitoring emergency department data and flu testing data for any unusual trends in flu-like illness, flu, or conjunctivitis, which could indicate spread of H5N1 to people. “To date, surveillance systems do not show any unusual trends or activity,” the FDA said.

Fragments of bird flu virus genome found in pasteurized milk, FDA says Read More »

The spam came from inside the house: How a smart TV can choke a Windows PC

Android TV, device association service, Hisense, registry keys, smart televisions, smart tvs, Tech, Windows, windows registry, windows task manager / Mike M. / April 24, 2024

There are a million protocols in the naked city —

The curious case of a living room screen making Windows’ Settings app disappear.

Kevin Purdy – Apr 23, 2024 10: 15 pm UTC

Image of silhouetted girl trapped inside a television inside an entertainment center — Enlarge / I have hundreds of UUIDs and I must scream.

Getty Images

The modern “smart” TV asks a lot of us. In exchange for connecting you to a few streaming services you use, a TV will collect data, show ads, and serve as another vector for bad actors. In a few reported cases, though, a modern connected TV has been blamed for attacks not on privacy, eyeballs, or passwords but on an entirely different computer.

The TV in question is a Hisense TV, and the computer is a Windows PC, specifically one belonging to Priscilla Snow, a musician and audio designer in Montréal, Quebec. Her post about her Hisense experience reads like a mystery. Of course, because you already know the crime and the culprit, it’s more like a Columbo episode. Either way, it’s thrilling in a very specific I-can’t-believe-that-fixed-it kind of thrill.

Disappearing Settings, keyboards, remote desktops, and eventually taskbars

Snow’s Windows PC had “a few hiccups over the past couple of years,” Snow wrote on April 19. She couldn’t open display settings, for one. A MIDI keyboard interface stopped working. Task manager would start to hang until force-closed. Video capture cards had trouble connecting. As Snow notes, any veteran of a Windows computer that has had lots of stuff installed on it can mentally write off most of these things, or at least stash them away until the next reinstall.

Then, while trying to figure out why a remote desktop session wasn’t working, the task bars on Snow’s PC disappeared. The PC refused to launch any settings panels. After updating drivers and restarting the PC, the taskbars returned, but only for six days. Snow hunted for solutions, and after using “the exact right string in my search,” she found a Reddit thread that led to a Microsoft support question, all describing the same kinds of seemingly spectral problems her computer was having over time, with no clear cause.

User Narayan B wrote in Microsoft’s forum that the issue is the Hisense TV generating “random UUIDs for UPNP network discovery every few minutes.” Windows, seemingly not knowing why any device would routinely do this, sees and adds those alternate Hisense devices to its Device Association Framework, or DAF. This service being stuffed full of attention-grabbing devices can hang up Task Manager, Bluetooth, the Settings apps, File Explorer, and more.

The fix is deleting hundreds of keys from the registry. Narayan B wrote that noticed his Hisense TV flooding Windows’ device discovery systems before but “didn’t think Windows would go for a toss due to this.” Snow did the same, and everything—Task Manager, MIDI keyboard, remote desktop, even a CRT monitor she had assumed was broken—started working again.

UUID, UPNP, DAF, and hundreds of Registry keys

Along with deleting hundreds of keys with maniacal keyboard pounding, Snow notes in chats attached to her post that she disabled “Set up network connected devices automatically” on her “Private networks” settings in Windows. And, of course, she recommend not buying the same Hisense 50Q8G she bought, or at least not having it on the same network.

The mystery is solved, but the culprit remains very much at large. Or culprits—plural—depending on how you think a Windows PC should react to a shapeshifting TV.

Ars reached out to Hisense to ask for comment and will update the post if we hear back.

The spam came from inside the house: How a smart TV can choke a Windows PC Read More »

Why canned wine can smell like rotten eggs while beer and Coke are fine

canned wine, chemistry, flavor compounds, oenology, Science / Mike M. / April 24, 2024

The cork or the can? —

Sulfur dioxide in the wine reacts with the aluminum to make hydrogen sulfide.

Jennifer Ouellette – Apr 23, 2024 10: 02 pm UTC

True wine aficionados might turn up their noses, but canned wines are growing in popularity, particularly among younger crowds during the summer months, when style often takes a back seat to convenience. Yet these same wines can go bad rather quickly, taking on distinctly displeasing notes of rotten eggs or dirty socks. Scientists at Cornell University conducted a study of all the relevant compounds and came up with a few helpful tips for frustrated winemakers to keep canned wines from spoiling. The researchers outlined their findings in a recent paper published in the American Journal of Enology and Viticulture.

“The current generation of wine consumers coming of age now, they want a beverage that’s portable and they can bring with them to drink at a concert or take to the pool,” said Gavin Sacks, a food chemist at Cornell. “That doesn’t really describe a cork-finished, glass-packaged wine. However, it describes a can very nicely.”

According to a 2004 article in Wine & Vines magazine, canned beer first appeared in the US in 1935, and three US wineries tried to follow suit for the next three years. Those efforts failed because it proved to be unusually challenging to produce a stable canned wine. One batch was tainted by “Fresno mold“; another batch resulted in cloudy wine within just two months; and the third batch of wine had a disastrous combination of low pH and high oxygen content, causing the wine to eat tiny holes in the cans. Nonetheless, wineries sporadically kept trying to can their product over the ensuing decades, with failed attempts in the 1950s and 1970s. United and Delta Airlines briefly had a short-lived partnership with wineries for canned wine in the early 1980s, but passengers balked at the notion.

The biggest issue was the plastic coating used to line the aluminum cans. You needed the lining because the wine would otherwise chemically react with the aluminum. But the plastic liners degraded quickly, and the wine would soon reek of dirty socks or rotten eggs, thanks to high concentrations of hydrogen sulfide. The canned wines also didn’t have much longevity, with a shelf life of just six months.

Thanks to vastly improved packing processes in the early 2000s, canned wine seems to finally be finding its niche in the market, initially driven by demand in Japan and other Asian markets and expanding after 2014 to Australia, New Zealand, the US, and the UK. In the US alone, projected sales of canned wines are expected to grow from $643 million in 2024 to $3.12 billion in 2034—a compound annual growth rate of 10.5 percent.

Granted, we won’t be seeing a fine Bordeaux in a can anytime soon; most canned wine comes in the form of spritzers, wine coolers, and cheaper rosés, whites, or sparkling wines. The largest US producers are EJ Gallo, which sells Barefoot Refresh Spritzers, and Francis Ford Coppola Winery, which markets the Sofia Mini, Underwood, and Babe brands.

Enlarge / Locations within the body of a can sampled for liner and surface analysis.

M.J. Sheehan et al., 2024

There are plenty of oft-cited advantages to putting wine in cans. It’s super practical for picnics, camping, summer BBQs, or days at the beach, for example, and for the weight-conscious, it helps with portion control, since you don’t have to open an entire bottle. Canned wines are also touted as having a lower carbon footprint compared to glass—although that is a tricky calculation—and the aluminum is 100 percent recyclable.

This latest study grew out of a conference session Sacks led that was designed to help local winemakers get a better grasp on how best to protect the aromas, flavors, and shelf life of their canned wines since canned wines are still plagued by issues of corrosion, leakage, and off flavors like the dreaded rotten egg smell. “They said, ‘We’re following all the recommendations from the can suppliers and we still have these problems, can you help us out?’” Sacks said. “The initial focus was defining what the problem compounds were, what was causing corrosion and off aromas, and why was this happening in wines, but not in sodas? Why doesn’t Coca-Cola have a problem?”

Why canned wine can smell like rotten eggs while beer and Coke are fine Read More »

nestle-baby-foods-loaded-with-unhealthy-sugars—but-only-in-poorer-countries

Nestlé baby foods loaded with unhealthy sugars—but only in poorer countries

babies, baby food, Formula, Infants, nestle, nutrition, obesity, overweight, Science, Sugar / Mike M. / April 24, 2024

Bad track record —

Health experts say children under age 2 should have zero added sugars in their diets.

Beth Mole – Apr 23, 2024 9: 46 pm UTC

Enlarge / Night view of company logos in Nestlé Avanca Dairy Products Plant on January 21, 2019, in Avanca, Portugal. This plant produces Cerelac, Nestum, Mokambo, Pensal, Chocapic and Estrelitas, among others.

In high-income countries, Nestlé brand baby foods have no added sugars them, in line with recommendations from major health organizations around the world and consumer pressure. But in low- and middle-income countries, Nestlé adds sugar to those same baby products, sometimes at high levels, which could lead children to prefer sugary diets and unhealthy eating habits, according to an investigation released recently by nonprofit groups.

The investigation, conducted by Public Eye and the International Baby Food Action Network (IBFAN), says the addition of added sugars to baby foods in poorer countries, against expert recommendations, creates an “unjustifiable double standard.” The groups quote Rodrigo Vianna, an epidemiologist and professor at the Department of Nutrition of the Federal University of Paraíba in Brazil, who calls added sugars in baby foods “unnecessary and highly addictive.”

“Children get used to the sweet taste and start looking for more sugary foods, starting a negative cycle that increases the risk of nutrition-based disorders in adult life,” Vianna told the organizations for their investigation. “These include obesity and other chronic non-communicable diseases, such as diabetes or high blood-pressure.”

The two groups compared the nutritional content of Nestlé’s Cerelac and Nido products, the company’s best-selling baby food brands in low- and middle-income countries that generate sales of over $2.5 billion. In a Cerelac wheat cereal product, for instance, the product contained up to 6 grams of added sugar in countries including Thailand, Ethiopia, South Africa, Pakistan, India, and Bangladesh. In the United Kingdom and Germany, the same product contained zero added sugars.

The product with the highest sugar content was a Cerelac baby cereal product sold in the Philippines with 7.3 grams of sugar. While children under age 2 are recommended to have zero grams of added sugars in their diet, for reference, children aged 2 to 18 are recommended to have less than 25 grams (about six teaspoons) per day by the American Academy of Pediatrics.

In the Philippines, where the sugar content was the highest, and in other countries—including Nigeria, Senegal, Vietnam and Pakistan—the added sugar content was not listed on Nestlé’s labeling, the investigation found.

Double standard

“There is a double standard here that can’t be justified,” Nigel Rollins, a WHO scientist, told the nonprofit groups. Rollins pointed out that the company does not add sugars to its baby products in Switzerland, where the company is headquartered. Thus, continuing to add it in low-resource settings is “problematic both from a public health and ethical perspective,” he said.

In a report last month, the WHO found that as of 2022, 37 million children under the age of 5 worldwide had overweight. Additionally, over 390 million children ages 5 to 19 had overweight and 160 million had obesity. The prevalence of overweight in children 5 to 19 rose from 8 percent in 1990 to 20 percent in 2022, the United Nations agency noted. Obesity rates in this age group, meanwhile, rose from 2 percent to 8 percent in the same timespan.

Nestlé responded to the investigation with a statement suggesting that the differences in sugar content “depend on several factors, including regulations and availability of local ingredients, which can result in offerings with lower or no-added sugars.” But it argued that these differences do not “compromise the nutritional value of our products for infants and young children.”

Nestlé is a multinational food and drink behemoth with a controversial history of selling baby products in poorer countries. In the 1970s and ’80s, the company came under heavy international fire for aggressively marketing its baby formula to impoverished mothers. Health advocates accused Nestlé of misleading mothers into thinking formula is better than breast milk for their babies, even though leading health organizations recommend exclusive breastfeeding for the first six months of life when possible.

Critics accused Nestlé of providing free formula to hospital maternity wards, causing new, low-income mothers to turn to it shortly after birth in the critical window in which breast milk production would otherwise ramp up in response to nursing a newborn. Without nursing in that time, mothers can struggle to lactate and become dependent on formula. Out of the hospital, the powdered formula is no longer free and must be mixed in proper amounts and in sanitary conditions to ensure it is safe and meeting the nutritional needs of the infant, which can be a struggle for poor families.

Nestlé now states that it follows international standards for marketing breast-milk substitutes, despite ongoing boycotts in some countries.

Nestlé baby foods loaded with unhealthy sugars—but only in poorer countries Read More »

You can now buy a flame-throwing robot dog for under $10,000

dangerous robots, flame throwers, robot dog, Robots, Tech / Mike M. / April 24, 2024

burninating the countryside —

Thermonator, the first “flamethrower-wielding robot dog,” is completely legal in 48 US states.

Benj Edwards – Apr 23, 2024 9: 27 pm UTC

Enlarge / The Thermonator robot flamethrower dog.

If you’ve been wondering when you’ll be able to order the flame-throwing robot that Ohio-based Throwflame first announced last summer, that day has finally arrived. The Thermonator, what Throwflame bills as “the first-ever flamethrower-wielding robot dog” is now available for purchase. The price? $9,420.

Thermonator is a quadruped robot with an ARC flamethrower mounted to its back, fueled by gasoline or napalm. It features a one-hour battery, a 30-foot flame-throwing range, and Wi-Fi and Bluetooth connectivity for remote control through a smartphone.

It also includes a LIDAR sensor for mapping and obstacle avoidance, laser sighting, and first-person view (FPV) navigation through an onboard camera. The product appears to integrate a version of the Unitree Go2 robot quadruped that retails alone for $1,600 in its base configuration.

The Robot Dog With A Flamethrower | Thermonator

The company lists possible applications of the new robot as “wildfire control and prevention,” “agricultural management,” “ecological conservation,” “snow and ice removal,” and “entertainment and SFX.” But most of all, it sets things on fire in a variety of real-world scenarios.

Remote controlling rhe Thermonator robot flamethrower dog.
The Thermonator robot flamethrower dog.
The Thermonator robot flamethrower dog.
The Thermonator robot flamethrower dog.

Back in 2018, Elon Musk made the news for offering an official Boring Company flamethrower that reportedly sold 10,000 units in 48 hours. It sparked some controversy because flamethrowers can also double as weapons or potentially start wildfires.

In the US, flamethrowers are legally unregulated in 48 states and are not considered firearms by federal agencies. Restrictions exist in Maryland, where flamethrowers require a Federal Firearms License to own, and California, where the range of flamethrowers cannot exceed 10 feet.

Even so, to state the obvious, flamethrowers can easily burn both things and people, starting fires and wreaking havoc if not used safely. Accordingly, the Thermonator might be one Christmas present you should skip for little Johnny this year.

You can now buy a flame-throwing robot dog for under $10,000 Read More »

FTC bans noncompete clauses, declares vast majority unenforceable

ftc noncompetes, noncompete ban, Noncompete clauses, Policy / Mike M. / April 24, 2024

No more noncompetes —

Chamber of Commerce vows to sue FTC, will try to block ban on noncompetes.

Jon Brodkin – Apr 23, 2024 9: 15 pm UTC

Federal Trade Commission Chair Lina Khan smiles while talking with people at an event. — Enlarge / Federal Trade Commission Chair Lina Khan talks with guests during an event in the Eisenhower Executive Office Building on April 03, 2024

Getty Images | Chip Somodevilla

The Federal Trade Commission (FTC) today announced that it has issued a final rule banning noncompete clauses. The rule will render the vast majority of current noncompete clauses unenforceable, according to the agency.

“In the final rule, the Commission has determined that it is an unfair method of competition and therefore a violation of Section 5 of the FTC Act, for employers to enter into noncompetes with workers and to enforce certain noncompetes,” the FTC said.

The US Chamber of Commerce said it will sue the FTC in an effort to block the rule, claiming the ban is “a blatant power grab that will undermine American businesses’ ability to remain competitive.”

The FTC proposed the rule in January 2023 and received over 26,000 public comments on its proposal. Over 25,000 of the comments supported the proposed ban, the FTC said. The final rule announced today will take effect 120 days after it is published in the Federal Register, unless opponents of the rule secure a court order blocking it.

The FTC said that “noncompetes are a widespread and often exploitative practice imposing contractual conditions that prevent workers from taking a new job or starting a new business. Noncompetes often force workers to either stay in a job they want to leave or bear other significant harms and costs, such as being forced to switch to a lower-paying field, being forced to relocate, being forced to leave the workforce altogether, or being forced to defend against expensive litigation.”

Noncompete clauses currently bind about 30 million workers in the US, the agency said. “Under the FTC’s new rule, existing noncompetes for the vast majority of workers will no longer be enforceable after the rule’s effective date,” the FTC said.

FTC: “Noncompete clauses keep wages low”

The only existing noncompetes that won’t be nullified are those for senior executives, who represent less than 0.75 percent of workers, the FTC said. The rule defines senior executives as people earning more than $151,164 a year and who are in policy-making positions.

“The final rule allows existing noncompetes with senior executives to remain in force because this subset of workers is less likely to be subject to the kind of acute, ongoing harms currently being suffered by other workers subject to existing noncompetes and because commenters raised credible concerns about the practical impacts of extinguishing existing noncompetes for senior executives,” the FTC said.

Senior executives will be protected from new noncompete clauses after the rule takes effect. Employers will be “banned from entering into or attempting to enforce any new noncompetes, even if they involve senior executives,” the FTC said. “Employers will be required to provide notice to workers other than senior executives who are bound by an existing noncompete that they will not be enforcing any noncompetes against them.”

The FTC vote was 3-2, with Democrats supporting the noncompete ban and Republicans opposing.

“Noncompete clauses keep wages low, suppress new ideas, and rob the American economy of dynamism, including from the more than 8,500 new startups that would be created a year once noncompetes are banned,” FTC Chair Lina Khan said. “The FTC’s final rule to ban noncompetes will ensure Americans have the freedom to pursue a new job, start a new business, or bring a new idea to market.”

Chamber of Commerce CEO Suzanne Clark argued that “the FTC has never been granted the constitutional and statutory authority to write its own competition rules… The Chamber will sue the FTC to block this unnecessary and unlawful rule and put other agencies on notice that such overreach will not go unchecked.”

FTC cites authority, urges businesses to raise wages

The FTC argues that it can impose the rule using authority under sections 5 and 6(g) of the FTC Act:

Alongside section 5, Congress adopted section 6(g) of the Act, in which it authorized the Commission to “make rules and regulations for the purpose of carrying out the provisions of” the FTC Act, which include the Act’s prohibition of unfair methods of competition. The plain text of section 5 and section 6(g), taken together, empower the Commission to promulgate rules for the purpose of preventing unfair methods of competition. That includes legislative rules defining certain conduct as an unfair method of competition.

The FTC said it found evidence that “noncompetes tend to negatively affect competitive conditions in product and service markets, inhibiting new business formation and innovation” and “lead to increased market concentration and higher prices for consumers.”

Businesses can protect trade secrets without noncompetes, the agency said:

Trade secret laws and nondisclosure agreements (NDAs) both provide employers with well-established means to protect proprietary and other sensitive information. Researchers estimate that over 95 percent of workers with a noncompete already have an NDA.

The Commission also finds that instead of using noncompetes to lock in workers, employers that wish to retain employees can compete on the merits for the worker’s labor services by improving wages and working conditions.

FTC bans noncompete clauses, declares vast majority unenforceable Read More »

Hackers infect users of antivirus service that delivered updates over HTTP

antivirus, backdoors, Biz & IT, Encryption, HTTP, HTTPS, man in the middle, Security / Mike M. / April 24, 2024

GOT HTTPS? —

eScan AV updates were delivered over HTTP for five years.

Dan Goodin – Apr 23, 2024 9: 03 pm UTC

Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet.

The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MiitM) attack that replaced the genuine update with a file that installed an advanced backdoor instead, said researchers from security firm Avast today.

eScan, an AV service headquartered in India, has delivered updates over HTTP since at least 2019, Avast researchers reported. This protocol presented a valuable opportunity for installing the malware, which is tracked in security circles under the name GuptiMiner.

“This sophisticated operation has been performing MitM attacks targeting an update mechanism of the eScan antivirus vendor,” Avast researchers Jan Rubín and Milánek wrote. “We disclosed the security vulnerability to both eScan and the India CERT and received confirmation on 2023-07-31 from eScan that the issue was fixed and successfully resolved.”

Complex infection chain

The complex infection chain started when eScan applications checked in with the eScan update system. The threat actors then performed a MitM attack that allowed them to intercept the package sent by the update server and replace it with a corrupted one that contained code to install GuptiMiner. The Avast researchers still don’t know precisely how the attackers were able to perform the interception. They suspect targeted networks may already have been compromised somehow to route traffic to a malicious intermediary.

To lower the chances of detection, the infection file used DLL hijacking, a technique that replaces legitimate dynamic link library files used by most Microsoft apps with maliciously crafted ones that use the same file name. For added stealth, the infection chain also relied on a custom domain name system (DNS) server that allowed it to use legitimate domain names when connecting to attacker-controlled channels.

Last year, the attackers abandoned the DNS technique and replaced it with another obfuscation technique known as IP address masking. This involved the following steps:

Obtain an IP address of a hardcoded server name registered to the attacker by standard use of the gethostbyname API function

For that server, two IP addresses are returned—the first is an IP address which is a masked address, and the second one denotes an available payload version and starts with 23.195. as its first two octets

If the version is newer than the current one, the masked IP address is de-masked, resulting in a real command-and-control (C&C) IP address

The real C&C IP address is used along with a hardcoded constant string (part of a URL path) to download a file containing malicious shellcode

Some variants of the infection chain stashed the malicious code inside an image file to make them harder to detect. The variants also installed a custom root TLS certificate that satisfied requirements by some targeted systems that all apps must be digitally signed before being installed.

The payload contained multiple backdoors that were activated when installed on large networks. Curiously, the update also delivered XMRig, an open-source package for mining cryptocurrency.

Enlarge / The GuptiMiner infection chain.

Avast

GuptiMiner has circulated since at least 2018 and has undergone multiple revisions. One searched compromised networks for systems running Windows 7 and Windows Server 2008, presumably to deliver exploits that worked on those earlier versions. Another provided an interface for installing special-purpose modules that could be customized for different victims. (This version also scanned the local system for stored private keys and cryptocurrency wallets.)

The researchers were surprised that malware that took such pains to fly under the radar would also install a cryptocurrency miner, which by nature is usually easy to detect. One possibility is the attackers’ possible connection to Kimsuky, the tracking name for a group backed by the North Korean government. Over the years, North Korea’s government has generated billions of dollars in cryptocurrency through malware installed on the devices of unwitting victims. The researchers made the possible connection after finding similarities between a known Kimsuky keylogger and code fragments used during the GuptiMiner operation.

The GuptiMiner attack is notable for exposing major shortcomings in eScan that went unnoticed for at least five years. Besides not delivering updates over HTTPS, a medium not susceptible to MitM attacks, eScan also failed to enforce digital signing to ensure updates hadn’t been tampered with before being installed. Representatives of eScan didn’t respond to an email asking why engineers designed the update process this way.

People who use or have used eScan should check the Avast post for details on whether their systems are infected. It’s likely that most reputable AV scanners will also detect this infection.

Hackers infect users of antivirus service that delivered updates over HTTP Read More »

Author name: Mike M.