Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. Government and CERT-In issue high severity alert for iOS,
iPadOS and macOS users (Stephen Loosley)
2. O/t: Defeating AIDS, new MIT vaccination can kill HIV in two
shots (Stephen Loosley)
3. Re: How did pagers explode? (Stephen Loosley)
4. Handy.. also world hacker honey-pots (Stephen Loosley)
----------------------------------------------------------------------
Message: 1
Date: Mon, 23 Sep 2024 16:21:40 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Government and CERT-In issue high severity alert for
iOS, iPadOS and macOS users
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
`
Government issues high severity warning for iOS, iPadOS and macOS users post
iPhone 16 launch
Published 22 Sep 2024
https://www.livemint.com/technology/tech-news/government-issues-high-severity-warning-for-ios-ipados-and-macos-users-post-iphone-16-launch-11726996718377.html
CERT-In has issued a high severity alert for iOS, iPadOS, and macOS users
following the iPhone 16 launch, highlighting multiple vulnerabilities that
could allow attackers to access sensitive information and perform various
malicious actions.
Users are urged to update their software immediately.
[Photo caption: The new iPhone 16 is displayed during an announcement of new
products at Apple headquarters.]
Computer Emergency Response Team (CERT-In), the cyber security watchdog under
the Ministry of Electronics and Information Technology (MeitY), has issued a
high severity alert for iOS, iPadOS and macOS users soon after the iPhone 16
launch.
The warning suggests that multiple vulnerabilities have been reported in Apple
products that could allow an attacker to access sensitive information of users.
What can these vulnerabilities be used for?
CERT-In warns that apart from accessing sensitive information, these
vulnerabilities can be used by attackers to ?execute arbitrary code, bypass
security restrictions, cause denial of service (DoS) conditions, bypass
authentication, gain elevated privileges and perform spoofing attacks on the
targeted system."
Who does the vulnerability affect?
Apple iOS versions prior to 18 and iPadOS versions prior to 18
Apple iOS versions prior to 17.7 and iPadOS versions prior to 17.7
Apple macOS Sonoma versions prior to 14.7
Apple macOS Ventura versions prior to 13.7
Apple macOS Sequoia versions prior to 15
Apple tvOS versions prior to 18
Apple watchOS versions prior to 11
Apple Safari versions prior to 18
Apple Xcode versions prior to 16
Apple visionOS versions prior to 2
What should Apple users do?
CERT-In states that these vulnerabilities have been fixed in the latest version
of software updates by Apple and alerts the iOS, iPadOS, macOS, tvOS, watchOS,
Safari, Xcode and visionOS users to update to the latest software update
provided by the Cupertino based tech giant in order to stay secure.
Notably, CERT-In had also also warned about the vulnerabilities in Google
Chrome browser earlier this month.
The agency stated that these vulnerability only affected users prior to
128.0.6613.119/.120 for Windows and macOS and in versions prior to
128.0.6613.119 for Linux.
--
------------------------------
Message: 2
Date: Mon, 23 Sep 2024 19:04:22 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] O/t: Defeating AIDS, new MIT vaccination can kill HIV
in two shots
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Defeating AIDS: MIT reveals new vaccination method that could kill HIV in just
two shots
MIT researchers found that the first dose primes the immune system, helping it
generate a strong response to the second dose a week later.
By Kapil Kajal: Sep 20, 2024 06:55 PM EST
https://interestingengineering.com/health/new-hiv-vaccination-methods-revealed
Defeating AIDS: MIT reveals new vaccination method that could kill HIV in just
two shots
One major reason why it has been difficult to develop an effective HIV vaccine
is that the virus mutates very rapidly, allowing it to evade the antibody
response generated by vaccines.
Several years ago, MIT researchers showed that administering a series of
escalating doses of an HIV vaccine over two weeks could help overcome a part of
that challenge by generating larger quantities of neutralizing antibodies.
However, a fast multidose vaccine regimen is not practical for mass vaccination
campaigns.
In a new study, the researchers have found that they can achieve a similar
immune response with just two doses, given one week apart.
The first dose, which is much smaller, prepares the immune system to respond
more powerfully to the second, larger dose.
New HIV vaccination
This study, which combined computational modeling and experiments in mice, used
an HIV envelope protein as the vaccine.
A single-dose version of this vaccine is now in clinical trials, and the
researchers hope to establish another study group that will receive the vaccine
on a two-dose schedule.
?By bringing together the physical and life sciences, we shed light on some
basic immunological questions that helped develop this two-dose schedule to
mimic the multiple-dose regimen,? says Arup Chakraborty, the John M. Deutch
Institute Professor at MIT and a member of MIT?s Institute for Medical
Engineering and Science and the Ragon Institute of MIT, MGH, and Harvard
University.
This approach may also generalize to vaccines for other diseases, Chakraborty
notes.
Two shots to kill the virus
Each year, HIV infects more than 1 million people around the world, and some of
those people do not have access to antiviral drugs.
An effective vaccine could prevent many of those infections. One promising
vaccine now in clinical trials consists of an HIV protein called an envelope
trimer and a nanoparticle called SMNP.
Irvine?s lab developed the nanoparticle, which acts as an adjuvant to help
recruit a stronger B cell response to the vaccine.
Researchers administered this and other experimental vaccines as a single dose
in clinical trials.
However, growing evidence shows that a series of doses is more effective at
generating broadly neutralizing antibodies.
The researchers believe the seven-dose regimen is effective because it mimics
the body?s response to virus exposure: As more viral proteins, or antigens,
accumulate in the body, the immune system mounts a strong response.
In the new study, the MIT team investigated how this response develops and
explored whether they could achieve the same effect using fewer vaccine doses.
The researchers began by comparing the effects of one, two, three, four, five,
six, or seven doses, all given over 12 days.
They initially found that while three or more doses generated strong antibody
responses, two did not.
However, by tweaking the dose intervals and ratios, the researchers discovered
that giving 20 percent of the vaccine in the first dose and 80 percent in a
second dose, seven days later, achieved just as good a response as the
seven-dose schedule.
The researchers are now studying this vaccine strategy in a nonhuman primate
model.
They are also working on specialized materials that can deliver the second dose
over an extended period, which could further enhance the immune response.
--
------------------------------
Message: 3
Date: Mon, 23 Sep 2024 21:36:52 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: Re: [LINK] How did pagers explode?
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
> On Mon, 23 Sept 2024 at 09:03, Tom writes:
> >
> > On 21/9/24 12:15, Narelle Clark writes:
> >
> > > ... there would be very tight arrangements around these devices and
> > > it's highly unlikely any would have strayed at all. ...
> >
> > I am not sure procedures would be that tight in a fake company set up by
> > a secret organization, or their customers. With thousands of booby
> > trapped products manufactured there is the risk some went astray.
>
> That's just it - I doubt there would have been thousands of booby
> trapped devices made. The risk of handling that much explosive would
> have been too high. This is likely one or a few boxes of the goods on their
> way to Hezbollah intercepted and replaced with identical ones
> that were booby trapped.
>
> Narelle
> [email protected]
>
The New York Times writes that Israeli intelligence officials made the pagers ..
https://www.defenseone.com/threats/2024/09/the-d-brief-september-20-2024/399701/
Update: Israeli intelligence officials made the pagers that detonated across
Lebanon and Syria, killing more than a dozen people and wounding more than
2,700 others on Tuesday, the New York Times reported late Wednesday, citing ?12
current and former defense and intelligence officials.?
Ref:
https://www.nytimes.com/2024/09/18/world/middleeast/israel-exploding-pagers-hezbollah.html
[Quoting above: Israeli intelligence officials saw an opportunity. Even before
Mr. Nasrallah decided to expand pager usage, Israel had put into motion a plan
to establish a shell company that would pose as an international pager
producer...."]
Related reading: ?Hezbollah handed out pagers hours before blasts - even after
checks,? Reuters reported separately.
--
------------------------------
Message: 4
Date: Mon, 23 Sep 2024 22:44:26 +0930
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Handy.. also world hacker honey-pots
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
This ?cloud in a box? could save Air Force maintainers years of paperwork
The Air Force has been developing a portable data center that can hold
maintenance and sustainment docs for every plane the service has?in a container
the size of a window air conditioner.
By Lauren C. Williams Senior Editor September 20, 2024
https://www.defenseone.com/defense-systems/2024/09/cloud-box-could-save-air-force-maintainers-years-paperwork/399722/
Every time a KC-135 lands, it?s greeted by a swarm of maintainers armed with
three-ring binders and stacks of paper forms, sometimes tablets or laptops?all
necessary to determine and document the plane readiness to fly again.
Converting that information into a readable format to update commanders can
take 14 hours.
To shrink that turnaround time, the Air Force Rapid Sustainment Office is
developing a prototyped ?cloud in a box??a portable data and compute center
that can effectively hold the maintenance records of every aircraft the service
has in a container the size of a window A/C unit.
?The goal is digitizing the flight line,? Col. Nathan Stuckey, military
department program executive officer at the Air Force Rapid Sustainment Office,
told Defense One. ?Having that maintainer, having that digital assistance ? to
help them maintain and repair our aircraft.?
The product hits a trifecta: it?s a digital, cloud-based dashboard that
displays maintenance data from disparate systems, a ruggedized box with compute
and storage, and it offers the ability to access everything from a mobile
device. Users can also load the cloud-based platform onto the box, called
Google Distributed Air-Gapped Appliance, which can operate even when
disconnected from networks.
By teaming up with Google, the Air Force designed ?a marketplace of data input
and output? from several systems with ?real time readiness reporting? so the
data never needs to be manually re-entered at a workstation, said Josh Marcuse,
director of strategic initiatives at Google Public Sector.
And the system doesn?t have to be hooked up to the internet to function.
?We have to have systems that will still work when our networks are attacked,?
Stuckey said. ?If you're in the Pacific trying to fix an airplane and your
location loses all internet connectivity, this system's still got to work.?
Maintainers will be able to do their work and then reconnect the box to the
network to update headquarters with essential mission data, like parts that are
needed, which is available in seconds instead of hours. Less important
information, like a video to assist in a repair, are deprioritized, Stuckey
said.
?Information that higher headquarters needs to plan the fight, know what
aircraft are available. That kind of data can be prioritized, so the second you
get that connection, it's immediately seen by higher level. If it is lower
priority data, you know, that might take a little bit ? to see, but we're doing
it in such a way that the most important data is available immediately,?
Stuckey said.
The other feature with potential to change how maintainers work is the ability
to securely connect with personal devices, Stuckey said.
?During a demo, I was able to use my personal phone and log into the device and
get that dashboard. And that's the way. The vision is that a maintainer will be
able to use their mobile devices, tablets, phones, to be able to access what
they need at their fingertips.?
Current demonstrations of the ?cloud in a box? have been limited to a handful
or users over a handful of days. But the goal is for the tech to be a trusty
digital assistant for maintainers, starting with select units.
The plan is to launch the prototype at Nellis Air Force Base, Nev. and Minot
Air Force Base, S.D. and do initial concept work in the coming months. But
Stuckey was hesitant to give a more specific timeline because the product is
going through the Defense Department's cybersecurity certification process,
called authority to operate.
?We're in a state where getting those approvals is very soon?we're starting to
talk months instead of years on when we're ready to go live? with the first and
then expanded demonstrations, Stuckey said.
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 382, Issue 17
*************************************
