Show Notes: extras.show/70

The post The Resilience of the Voyagers | Jupiter Extras 70 first appeared on Jupiter Broadcasting.

RSS Feeds:

MP3 Feed | Video Feed | iTunes Feed

Become a supporter on Patreon:

Links:

• iOS – Home – Apple
• HomeKit – All Accessories – Apple
• Nexus 6P – Google
• Maui – Your Isle of Freedom
• GeekGamerTV – Twitch
• Soylent.com – Let us take a few things off your plate.
• Soylent.com – Soylent Drink – Original details
• Discord – Free Voice and Text Chat for Gamers
• Jupiter Colony Discord

The post The Lesser Evil | User Error 20 first appeared on Jupiter Broadcasting.

Noah & Emma set out to switch as many users to Linux as possible. Our team documents their competition to switch the most people to Linux within two hours in the Pacific Northwest!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Runs Linux:

• Rover controlling software from the ESA, Runs Linux – Starts at 5:09s

• The Time the UI is up on screen

ESA astronaut Tim Peake will take part in an experiment dubbed ‘SUPVIS-M’ (Supervisory Control of Mars Yard Rover) in which he will operate, from the International Space Station (ISS), a UK-built rover – Bridget – located in the Airbus Mars Yard in Stevenage, UK.

• Source: [Runs Linux] Rover controlling software – ESA – Starts at 5:09s : LinuxActionShow

Getting started with Linux:

1. Obtain the Ubuntu Install image from ubuntu.com

2. Write the Ubuntu installation image to a USB flash media device. On PC use Etcher or Rufus & on a mac, use Etcher. Be careful to make sure the flash drive is chosen in this step.

3. Once that is finished, eject the drive and insert the drive into your PC/Mac

4. When booting the PC/Mac press F2 (or your computer’s hotkey to access the boot menu), or if you’re running a newer version of Windows such as 8 or 10 boot into Windows, press start, go to advanced start options, choose UEFI Settings, Disable secureboot. Boot back into Windows repeat the steps to get back into UEFI and choose to boot off of the USB device.

5. Play around with the live demo system and if you enjoy it, follow the on screen instructions to install Ubuntu either as a secondary option to MacOS X or Windows, or as the only option, whichever you prefer.

The post Linux Switch Competition | LAS 415 first appeared on Jupiter Broadcasting.

This week, Chris & allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Episode Links:

• Cleaning up our Mess | TechSNAP 141
• Target XPoSed | TechSNAP 145
• Tarnished Chrome | TechSNAP 146
• Google’s Automated Outage | TechSNAP 147
• Targeting the HVAC | TechSNAP 148
• Internet Over Packet Loss | TechSNAP 162

The post On Target | TechSNAP 264 first appeared on Jupiter Broadcasting.

This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that’s bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

FBI says APT6 has pwning the government for the last 5 years

• The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard
• The official advisory is available on the Open Threat Exchange website
• The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.
• In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.” Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.
• Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.
• “This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)
• Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.” APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”
• Another researcher at a different security company, who spoke on condition of anonymity because he wasn’t authorized to speak publicly about the hacker’s activities, said this was the “current campaign of an older group,” and said there “likely” was an FBI investigation ongoing. (Several other security companies declined to comment for this story.) At this point, it’s unclear whether the FBI’s investigation will lead to any concrete result. But two years after the US government charged five Chinese military members for hacking US companies, it’s clear hackers haven’t given up attacking US targets.

Unaoil: the company that bribed the world

• After a six-month investigation across two continents, Fairfax Media and The Huffington Post are revealing that billions of dollars of government contracts were awarded as the direct result of bribes paid on behalf of firms including British icon Rolls-Royce, US giant Halliburton, Australia’s Leighton Holdings and Korean heavyweights Samsung and Hyundai.
• A massive leak of confidential documents, and a large email, has for the first time exposed the true extent of corruption within the oil industry, implicating dozens of leading companies, bureaucrats and politicians in a sophisticated global web of bribery.
• The investigation centres on a Monaco company called Unaoil.
• Following a coded ad in a French newspaper, a series of clandestine meetings and midnight phone calls led to our reporters obtaining hundreds of thousands of the Ahsanis’ leaked emails and documents.
• The leaked files expose as corrupt two Iraqi oil ministers, a fixer linked to Syrian dictator Bashar al-Assad, senior officials from Libya’s Gaddafi regime, Iranian oil figures, powerful officials in the United Arab Emirates and a Kuwaiti operator known as “the big cheese”.
• Western firms involved in Unaoil’s Middle East operation include some of the world’s wealthiest and most respected companies: Rolls-Royce and Petrofac from Britain; US companies FMC Technologies, Cameron and Weatherford; Italian giants Eni and Saipem; German companies MAN Turbo (now know as MAN Diesal & Turbo) and Siemens; Dutch firm SBM Offshore; and Indian giant Larsen & Toubro. They also show the offshore arm of Australian company Leighton Holdings was involved in serious, calculated corruption.
• The leaked files reveal that some people in these firms believed they were hiring a genuine lobbyist, and others who knew or suspected they were funding bribery simply turned a blind eye.
• The files expose the betrayal of ordinary people in the Middle East. After Saddam Hussein was toppled, the US declared Iraq’s oil would be managed to benefit the Iraqi people. Today, in part one of the ‘Global Bribe Factory’ expose, that claim is demolished.
• It is the Monaco company that almost perfected the art of corruption.
• It is called Unaoil and it is run by members of the Ahsani family – Monaco millionaires who rub shoulders with princes, sheikhs and Europe’s and America’s elite business crowd.
• How they make their money is simple. Oil-rich countries often suffer poor governance and high levels of corruption. Unaoil’s business plan is to play on the fears of large Western companies that they cannot win contracts without its help.
• Its operatives then bribe officials in oil-producing nations to help these clients win government-funded projects. The corrupt officials might rig a tender committee. Or leak inside information. Or ensure a contract is awarded without a competitive tender.
• On a semi-related note, another big story for you to go read:
• How to hack an Election from someone who has done it, more than once

Researchers find flaw in Visa database

• No, not that kind of Visa, the other one.
• Systems run by the US State Department, that issue Travel Visas that are required for visitors from most countries to be admitted to the US
• This has very important security considerations, as the application process for getting a visa is when most security checks are done
• Cyber-defense experts found security gaps in a State Department system that could have allowed hackers to doctor visa applications or pilfer sensitive data from the half-billion records on file, according to several sources familiar with the matter –- though defenders of the agency downplayed the threat and said the vulnerabilities would be difficult to exploit.
• Briefed to high-level officials across government, the discovery that visa-related records were potentially vulnerable to illicit changes sparked concern because foreign nations are relentlessly looking for ways to plant spies inside the United States, and terrorist groups like ISIS have expressed their desire to exploit the U.S. visa system, sources added
• After commissioning an internal review of its cyber-defenses several months ago, the State Department learned its Consular Consolidated Database –- the government’s so-called “backbone” for vetting travelers to and from the United States –- was at risk of being compromised, though no breach had been detected, according to sources in the State Department, on Capitol Hill and elsewhere.
• As one of the world’s largest biometric databases –- covering almost anyone who has applied for a U.S. passport or visa in the past two decades -– the “CCD” holds such personal information as applicants’ photographs, fingerprints, Social Security or other identification numbers and even children’s schools.
• “Every visa decision we make is a national security decision,” a top State Department official, Michele Thoren Bond, told a recent House panel.
• Despite repeated requests for official responses by ABC News, Kirby and others were unwilling to say whether the vulnerabilities have been resolved or offer any further information about where efforts to patch them now stand.
• State Department documents describe CCD as an “unclassified but sensitive system.” Connected to other federal agencies like the FBI, Department of Homeland Security and Defense Department, the database contains more than 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas.
• “Because of the CCD’s importance to national security, ensuring its data integrity, availability, and confidentiality is vital,” the State Department’s inspector general warned in 2011.

Feedback:

• SSH key protection

• Router Thoughts from Allan

• rmh from the chatroom asks…

Round Up:

• Microsoft Sues Justice Department Over Client Data Gag Orders
• Root cause analysis of a recent Flash zero day
• Exclusive: Canadian Police Obtained BlackBerry’s Global Decryption Key
• After an outage, an Australian mobile provider credited customers with a single day of unlimited data usage. One customer managed to use 994 GB of mobile usage in a single day
• Sophisticated bribe scheme gets game company with access to antivirus whitelist to falsely list malware was trusted
• Microsoft releases optional Windows update to mitigate “mousejacking”, where an attacker can take over your wireless mount and keyboard from up to 100 meters away
• Github commits can now be GPG signed to prove their authenticity
• If you can’t break crypto, break the client. Recovery of plaintext from iMessage
• Renting a movie on your iOS device might free up some space for you
• The Italian Ministry of Economical Progress has revoked “HackingTeam”’s licence to export their Galileo remote control software outside of the EU, must ask special permission for each sale
• Laziness remains the greatest enemy of password security
• The “All Prior Art” project seems to machine generate every possible patent and release it under a creative commons license, so it can never be patented by anyone else. The ultimate reverse patent troll?
• How to identify a vehicle at risk of collisions

The post One Key to Rule Them All | TechSNAP 263 first appeared on Jupiter Broadcasting.

Find out why everyone’s just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & the story of a simple delete command that took out an entire hosting provider.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Badlock vulnerability disclosed

• The badlock vulnerability was finally disclosed on Tuesday after 3 weeks of hype
• It turns out to not have been as big a deal as we were lead to believe
• The flaw was not in the SMB protocol itself, but in the related SAM and LSAD protocols
• The flaw itself is identified as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2118
• It affects all versions of Samba clear back to 3.0
• “Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases are available”
• “Please be aware that Samba 4.1 and below are therefore out of support, even for security fixes. There will be no official security releases for Samba 4.1 and below published by the Samba Team or SerNet (for EnterpriseSAMBA). We strongly advise users to upgrade to a supported release.”
• See the Samba Release Planning page for more details about support lifetime for each branch
• Microsoft releases MS16-047 but rated it only “Important”, not “Critical”
• The patch fixes an “elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels. An attacker could then impersonate an authenticated user”
• Microsoft was also careful to note: “Only applications and products that use the SAM or LSAD remote protocols are affected by this issue. The SMB protocol is not vulnerable.”
• It seems most of the “badlock” bugs were actually in Samba itself, rather than the protocol as we were lead to believe
• “There are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic:”
• Samba AD server – view or modify secrets within an AD database, including user password hashes, or shutdown critical services.
• standard Samba server – modify user permissions on files or directories.
• There were also a number of related CVEs that are also fixed:
  • CVE-2015-5370 3.6.0 to 4.4.0: Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. It is unlikely but not impossible to trigger remote code execution, which may result in an impersonation on the client side.
  • CVE-2016-2110 3.0.0 to 4.4.0: The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. Which has implications on encrypted LDAP traffic.
  • CVE-2016-2111 3.0.0 to 4.4.0: When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel’s endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
  • CVE-2016-2112 3.0.0 to 4.4.0: A man in the middle is able to downgrade LDAP connections to no integrity protection. It’s possible to attack client and server with this.
  • CVE-2016-2113 4.0.0 to 4.4.0: Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).
  • CVE-2016-2114 4.0.0 to 4.4.0: Due to a bug Samba doesn’t enforce required smb signing, even if explicitly configured. In addition the default for the active directory domain controller case was wrong.
  • CVE-2016-2115 3.0.0 to 4.4.0: The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. Samba doesn’t enforce SMB signing for this kind of SMB connections by default, which makes man in the middle attacks possible.
• Additional Coverage: Threadpost – Badlock vulnerability falls flat against its type
• “As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.”
• “Red Hat security strategist Josh Bressers said Badlock could have been much worse, especially if it had turned out to be a memory corruption issue in SMB as some had surmised. Such a scenario would have cleared a path for remote code execution, for example.”
• Additional Coverage: sadlock.org

Panama Papers: Mossack Fonseca

• Eleven million documents were leaked from one of the world’s most secretive companies, Panamanian law firm Mossack Fonseca.
• They show how Mossack Fonseca has helped clients launder money, dodge sanctions and avoid tax.
• The documents show 12 current or former heads of state and at least 60 people linked to current or former world leaders in the data.
• Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama is among 107 media organisations – including UK newspaper the Guardian – in 76 countries which have been analysing the documents.
• There are many conspiracy theories about the source of the Panama Papers leak. One of the more prominent theories today blames the CIA.
• Bradley Birkenfeld is “the most significant financial whistleblower of all time,” and he has opinions about who’s responsible for leaking the Panama Papers rattling financial and political power centers around the world.
• Wikileaks is also getting attention today for blaming USAID and George Soros for the leaks.
• What little is known about the source of the leak comes from details published by German newspaper Suddeutsche Zeitung. Communicating via encrypted chat in late 2014, the source warned his or her life was “in danger” but that they had data from law firm Mossack Fonseca that they wanted to share. When asked how much data they had, the source replied “more than you have ever seen,” according to the newspaper.
• Regardless, the front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
• Mossack Fonseca’s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete and insecure SSL v2 protocol. The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
• On its main website Mossack Fonseca claims its Client Information Portal provides a “secure online account” allowing customers to access “corporate information anywhere and everywhere”. The version of Drupal used by the portal has at least 25 vulnerabilities, including a high-risk SQL injection vulnerability that allows anyone to remotely execute arbitrary commands. Areas of the portal’s backend can also be accessed by guessing the URL structure, a security researcher noted.
• Mossack Fonseca’s webmail system, which runs on Microsoft’s Outlook Web Access, was last updated in 2009, while its main site runs a version of WordPress that is three months out of date. A further vulnerability makes it possible to easily access files uploaded to the backend of Mossack Fonseca’s site simply by guessing the URL.
• Mossack Fonseca’s emails were also not transport encrypted, according to privacy expert Christopher Soghoian who noted the company did not use the TLS security protocol.
• Who leaked the Panama Papers? A famous financial whistleblower says: CIA. / Boing Boing
• Wikileaks Accuses US Of Funding Panama Papers Putin Expose | The Daily Caller
• Panama Papers: The security flaws at the heart of Mossack Fonseca (Wired UK)
• Additional Coverage: The Register – Mossack Fonseca website found vulnerable to SQL injection
• Additional Coverage: Forbes
• Additional Coverage: WordFence
• Additional Coverage: Slashdot
• In general, it seems there were so many flaws in the website we may never know which one was used to compromise the server

I accidently rm -rf /’d, and destroyed my entire company

• “I run a small hosting provider with more or less 1535 customers and I use Ansible to automate some operations to be run on all servers. Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.”
• “All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).
  How I can recover from a rm -rf / now in a timely manner?”
• There is not usually any easy way to recover from something like this
• That is why you need backups. Backups are not just a single copy of your files in another location, you need time series data, in case you need to go back more than the most recent backup
• It is usually best to not have your backups mounted directly, for exactly this reason
• Even if you will never rm -rf /, an attacker might run rm -rf /backup/*
• While cleaning up after an attacker attempted to use a Linux kernel exploit against my FreeBSD machine in 2003, I accidently rm -rf /’d in a roundabout way, Trying to remove a symlink to / that had a very funky name (part of the exploit iirc), i used tab complete, and instead of: rm -rf badname, it did rm -rf badname/, which deletes the target of the symlink, which was /.
• Obviously this was my fault for using -r for a symlink, since I only wanted to delete one thing
• When the command took too long, I got worried, and when I saw ‘can’t delete /sbin/init’, I panicked and aborted it with control+c
• Luckily, I had twice daily backups with bacula, to another server. 30 minutes later, everything was restored, and the server didn’t even require a reboot. The 100+ customers on the machine never noticed, since I stopped the rm before it hit /usr/home
• There are plenty of other examples of this same problem though
• Steam accidently deletes ALL of your files
• Bryan Cantrill tells a similiar story from the old SunOS days
• Discussion continues and talks about why rm -rf / is blocked by on SunOS and FreeBSD
• Additional Coverage: ServerFault
• When told to dd the drive to a file, to use testdisk to try to recover files, the user reports accidentally swapping if= and of=, which likely would just error out if the input file didn’t exist, but it might also mean that this entire thing is just a troll. Further evidence: rm -rf / usually doesn’t work on modern linux, without the –no-preserve-root flag

Feedback:

• NAS or SAN?
• Full SSD ZFS array

Round Up:

• “FreeBSD Mastery: Advanced ZFS” has been released as ebook for $9.99, print version in a few weeks
• Book features a fancy “Wrap Around” cover, the secret art not revealed yet
• How to not get pwned on Windows: Don’t run any virtual machines, open any web pages, Office docs, hyperlinks
• OpenWhisperSystems has integrated its Signal Protocol public key encryption systems into WhatsApp, now fully end-to-end encrypted with identity verification
• FBI bought previously undisclosed zeroday to crack the iPhone 5c
• After Apple claims to have fixed iOS 1970 bug in February, researchers demo a new remote version, bricks your device 20 minutes after connecting to their rouge WiFi, if your battery doesn’t catch fire first…
• 0-day exploits more than double as attackers prevail in security arms race
• Proving apps don’t take data security seriously, new website uses Tinder’s official API to let you spy on other users
• Google’s monthly Android update fixes Linux kernel flaw from 2014 that was being used to root Android devices
• Nest pulls the plug on the Resolv Hub, leaving owners who were promised a lifetime service subscription with a $299 paperweight
• The entire Turkish citizenship database appears to have been hacked and leaked online
• Python, Go, and PHP (before 5.6), failed to check for self-signed, expired, or worse revoked SSL certificates, also older versions may still accept RC4 and weak DH (logjam)
• Cellebrite, the company originally rumoured to have helped the FBI crack the iPhone, set to release a road side ‘textalyzer’, to determine if you were using your cell phone at the time of an accident
• Google’s new “BeyondCorp” security model, all networks are untrusted, users earn trust with good behaviour, devices earn trust with known good state
• All the resources in the world are not use if you don’t know how to use them

The post rm -rf $ALLTHETHINGS/ | TechSNAP 262 first appeared on Jupiter Broadcasting.

Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.

Plus your batch of networking questions, our answers & a packed round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Researchers at VeriSign investigate DDoS on root DNS servers

• Researchers from VeriSign, the company that runs the .com and .net registries, and operations 2 of the 13 critically import root DNS servers, will be giving a talk at a conference detailing their investigation into the attack
• Their findings suggest the attack, which took place in November of 2015, was not directed at the root name servers directly, but was an attempt to down two chinese websites
• The attack had some interesting patterns, likely caused by design decisions and mistakes made by the programmer of the botnet that was used in the attack
• The provide a video showing a breakdown of the attack
• It was interesting to learn that Randall Munroe (of XKCD fame) actually came up with the best way to visualize the distribution of IP addresses, with a grid where sequential numbers are in adjacent squares
• Only IP addresses in the first 128 /8 netbooks were used. The use of 128/8 specifically suggests an less than or equal, rather than an equal was used during the comparison of IP addresses
• It is not clear why a larger set of addresses were not used
• The attack seemed to use 3 or 4 different groups of bots, sending spoofed DNS requests
• Two of the larger groups of bots sequentially cycled through the 2.0.0.0/8 through 19.0.0.0/8 subnets at different speeds
• Attacks were not seen from the 10.0.0.0/8 and 127.0.0.0/8 networks, for obvious reasons
• However, a delay in the attacks sourced from 11.0.0.0/8 suggests that the botnet attempted to use the entire 10 block, but the packets just never left the source networks
• “The researchers also note that Response Rate Limiting was an effective mitigation in countering up to 60 percent of attack traffic. RRL is a feature in the DNS protocol that mitigates amplifications attacks where spoofed DNS queries are used to target victims in large-scale DDoS attacks.”
• “In addition to RRL, the researchers said attack traffic was easily filterable and through filtering were able to drop response traffic for the attack queries, leaving normal traffic untouched. One of the limitations with this approach is that it’s a manual process”

Virus hits Medstar hospital network, Hospital forced to shutdown systems

• “The health system took down some its computers to prevent the virus from spreading, but it’s not clear how many computers — or hospitals — are affected”
• “A statement by the health system said that all facilities remain open, and that there was “no evidence of compromised information.””
• “The not-for-profit healthcare system operates ten hospitals across the Washington and Baltimore region, with more than a hundred outpatient health facilities. According to the system’s website, it has more than 31,000 employees and serves hundreds of thousands of patients annually.”
• “One visitor to the hospital told ZDNet that staff switched the computers off after learning about the virus. The person, who was visiting a patient in one of the healthcare system’s Washington DC hospital, said the computers were powered off for more than an hour, with all patient orders lost, the person said.”
• “It’s not clear exactly what kind of malware was used in Monday’s cyberattack. A spokesperson for MedStar Health did not immediately respond to a request for comment.”
• An FBI spokesperson confirmed that it was “aware of the incident and is looking into the nature and scope of the matter.”
• Additional Coverage: Threat Post
• After a few days, the medical network was recovering
• “The healthcare provider said the attack forced it to shut down its three main clinical information systems, prevented staff from reviewing patient medical records, and barred patients from making medical appointments. In a statement issued Wednesday, it said that no patient data had been compromised and systems were slowly coming back online.”
• “Clinicians are now able to review medical records and submit orders via our electronic health records. Restoration of additional clinical systems continues with priority given to those related directly to patient care”
• “While the hospital still won’t officially confirm the attacks were ransomware related, The Washington Post along with other news outlets are reporting that employees at the hospital received pop-up messages on their computer screens seeking payment of 45 Bitcoins ($19,000) in exchange for a digital key that would decrypt data”
• “The MedStar cyberattack is one of many hospitals in recent months targeted by hackers. Last week, Kentucky-based Methodist Hospital paid ransomware attackers to unlock its hospital system after crypto-ransomware brought the hospital’s operations to a grinding halt. Earlier this year Los Angeles-based Hollywood Presbyterian Medical Center paid 40 Bitcoin ($17,000) to attackers that locked down access to the hospital’s electronic medical records system and other computer systems using crypto-ransomware.”
• As long as hospitals continue to pay out, this will only grow to be a worse problem
• “Medical facilities don’t give security the same type of attention that other verticals do,” said Craig Williams, senior technical leader for Cisco Talos. “They are there to heal people and cure the sick. Their first priority is not to take care of an IT environment. As a result it’s likely the hackers have been out there for quite some time and realized that there are a lot (healthcare) sites that have a lot of base vulnerabilities.”
• As you might expect: 1400 vulnerabilities to remain unpatched in medical supply system
• Additional Coverage
• In related news:
• Canadian hospital website compromised serves up the Angler malware kit to visitors
• The site is for a hospital in a small city that serves a mostly rural area. Happens to be where I grew up, and the hospital I was born in
• The hospital site is run on Joomla, and is running version 2.5.6, which has many known vulnerabilities. The latest version of Joomla is 3.4.8
• “Like many site hacks, this injection is conditional and will appear only once for a particular IP address. For instance, the site administrator who often visits the page will only see a clean version of it, while first timers will get served the exploit and malware.”
• The obvious targets are “staff, patients and their families and visitors, as well as students”
• The hospital became a teaching facility for McMaster University’s Faculty of Health Sciences in 2009
• “The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week.”

CNBC Password Tester — How not to do it

• CNBC has a post about constructing secure passwords
• The basic idea was that you submit your password, and it tells you how strong it is
• There are obvious problems with this idea. Why are you giving out your password anyway?
• Of course, the CNBC site is served in plain text (which is fine for a news site), but it means your password is sent to them in the clear
• Worse, they had the site adding all of the submitted passwords to a google spreadsheet, also in the clear
• Because the password was submitted as a GET variable, and was in the URL, it was also included in the referral information sent to all of the advertising networks in the CNBC site, including DoubleClick, ScoreCardResearch, something hosted at Amazon AWS, and any other widgets on the site (Facebook, Gigya)
• If you actually did want to build a tool like this, at least use javascript to perform the calculations on the users’ device and never transmit their passwords
• Of course, users should never type the password into another website. This is the definition if a phishing attack
• The page has since been removed
• Additional Coverage

Feedback:

• pfSense question ALERT!
• OpenVPN vs IPSec VPN
• leaky DNS

Round Up:

• Finnish supercomputer suffers largest unplanned outage in years, provides post mortem
• Mattel hit by fake CEO scam, for $3 million. Managed to get it back because the next day was a bank holiday in China
• Google offers a free DDoS shield to news papers and other sites that seek to expose corruption, and may face state-level DDoS attacks attempting to silence them
• EFF Proposes “DRM Non-Aggression Pact” as part of W3C standard for DRM. Asks signatories to agree not to go after security researchers or those making ‘compatible’ technologies
• Amazon Updates Its Policies To Ban USB Type-C Cables That Are Not Fully Spec Compliant
• TrendMicro A/V software accidently exposes debugging console that can be exploited
• US Federal court warns of scammers trying to get people to pay hefty fines for missing fake jury duty
• HID Networking Door Controllers have remote root vulnerability, hilarity ensues
• A Romanian ex-minister faces jail time after embezzling the windfall from the 47% discount Microsoft gave the government for a 5 year deal to use MS Office in all Schools and Public Institutions
• New SideStepper exploit allows Man-in-the-Middle attacks against iOS devices, requires phishing or otherwise tricking the user
• Enders Analysis ad blocker study finds ads take up 79% of mobile data transfer
• Operating Blockbuster, an investigation into the Sony Pictures Entertainment wiper hack
• How Wi-Fi Works

The post Holding Hospitals Hostage | TechSNAP 261 first appeared on Jupiter Broadcasting.

New Ransomware locks your bootloader & makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.

Plus some great questions, our answers, a packed round up & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

New Petya malware encrypts the Master Boot Record then BSoDs your machine

• “Malware experts from German security firm G DATA have found a new type of lock-ransomware that uses a DOS-level lock screen to prevent users from accessing their files”
• Unlike some other malware, the researchers did not come up with the name, the malware has its own website and logo, where you pay the ransom
• I am not sure “DOS-level” makes sense as a term, but ok
• “Lock-ransomware, also known as lockers, is the first type of ransomware that existed before the rise of crypto-ransomware. This type of ransomware doesn’t encrypt files, but merely blocks the user’s access to his data”
• “The latest lock-ransomware discovered by security researchers is the Petya ransomware, which was seen spread via spear-phishing campaigns aimed at human resource departments. HR employees are sent an email with a link to a file stored on Dropbox, where an applicant’s CV can be downloaded. This file is an EXE file named portfolio-packed.exe, which if executed, immediately crashes the system into a standard Windows blue screen of death.”
• “As soon as the user restarts the PC after the blue screen, the computer will enter a fake check disk (CHKDSK) process that, after it finishes, will load Petya’s lock screen. Restarting the computer over and over will always enter this screen”
• “This screen provides a link to the ransomware’s payment site, hosted on Tor. After the user purchases a decryption key, he can enter it at the bottom of the DOS lock screen. Petya claims to encrypt the user’s files, but G DATA says they can’t verify its claims, and that this is presumably a lie.”
• “UPDATE: Trend Micro’s researchers also took a look at Petya and they confirm that the ransomware does encrypt files, while also revealing it alters the MBR , preventing users from entering in Safe Mode, and it ask for a 0.99 Bitcoin (~$400) ransom”
• The encryption of the boot sector is very simple, the data is just XOR’d with the value 0x37 (the ascii code for the number 7): Animated GIF
• Additional Coverage: Threat Post

New USB Thief trojan found in the wild

• Researchers at ESET have identified a new trojan being spread on USB sticks, called “USB Thief”
• What makes this malware so unique is how it protects itself from analysis by researchers
• “Each instance of this trojan relies on the particular USB device on which it is installed and it leaves no evidence on the compromised system. Moreover, it uses a very special mechanism to protect itself from being reproduced or copied, which makes it even harder to detect.”
• “It depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives. The malware takes advantage of this trend by inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL). And therefore, whenever such an application is executed, the malware will also be run in the background.”
• “The malware consists of six files. Four of them are executables and the other two contain configuration data. To protect itself from copying or reverse engineering, the malware uses two techniques. Firstly, some of the individual files are AES128-encrypted; secondly, their filenames are generated from cryptographic elements. The AES encryption key is computed from the unique USB device ID, and certain disk properties of the USB drive hosting the malware. Hence, the malware can only run successfully from that particular USB device.”
• So when researchers copied the malware to a VM to try to dissect it, it stopped working, as it could no longer decrypt its payload
• “It was quite challenging to analyze this malware because we had no access to any malicious USB device. Moreover, we had no dropper, so we could not create a suitably afflicted USB drive under controlled conditions for further analysis.”
• “Only the submitted files can be analyzed, so the unique device ID had to be brute-forced and combined with common USB disk properties. Moreover, after successful decryption of the malware files, we had to find out the right order of the executables and configuration files, because the file copying process to get the samples to us had changed the file creation timestamp on the samples.”
• “Finally, the payload implements the actual data-stealing functionality. The executable is injected into a newly created “%windir%\system32\svchost.exe -k netsvcs” process. Configuration data includes information on what data should be gathered, how they should be encrypted, and where they should be stored. The output destination must always be on the same removable device. In the case we analyzed, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called “WinAudit”. It encrypts the stolen data using elliptic curve cryptography.”
• “In addition to the interesting concept of self-protecting multi-stage malware, the (relatively simple) data-stealing payload is very powerful, especially since it does not leave any evidence on the affected computer. After the USB is removed, nobody can find out that data was stolen. Also, it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload.”

Six people charged in hacked lottery terminal scam

• “Connecticut prosecutors say the group conspired to manipulate automated ticket dispensers to run off “5 Card Cash” tickets that granted on-the-spot payouts in the US state.”
• “According to the Hartford Courant, a group of shop owners and employees setup the machines to process a flood of tickets at once, which caused a temporary display freeze. This allowed operators to see which of the tickets about to be dispensed would be winning ones, cancel the duff ones, and print the good ones.”
• “While those reports were being processed, the operator could enter sales for 5 Card Cash tickets,” the newspaper reports. “Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners.”
• “The Courant says that the lottery commission wised up to the scheme back in November when it heard that people were winning the 5 Card Cash game at a higher-than-expected rate. The game was temporarily halted. The paper notes that more arrests are expected in the case.”
• In Ontario, there are special provisions for when an employee of the store wants to buy a lottery ticket, specifically to deal with crimes of this nature
• The other common lottery crime was replacing a customer large payout winning ticket with a smaller one. The employee would buy a number of tickets, keep the small winners ($10), and swap them for the larger winning tickets of unsuspecting customers when they came in to cash them
• It is now common place for there to be an automated lottery checking machine that is used directly by the customer.
• The ticket machines in Ontario also play an audible tune when a winning ticket is scanner, much to the annoyance of people who have to work there all day, but it ensures that customers are not ripped off

Feedback:

• Mail Backup
• DB2 on copy-on-write filesystem.
• Server Rebooting After Updates
• Is Krebs on holiday? No new posts since last week. How am I supposed to do this show without Krebs?

Round Up:

• vncroulette.com
• Node.js package manger vulnerable to malicious packages
• ​Microsoft and Canonical partner to bring Ubuntu to Windows 10
• Intel will move away from the Tick/Tock development cycle, the three stage process will be the standard now
• Congress attempts to pass law requiring ID to buy a “burner” phone. Likely fails to understand the entire issue — I predict this does nothing to solve the problem, but causes more people to be unable to get a phone at all
• Researcher exploits flaw in Valve’s Steam game review process, bypassing it to upload “Watch Paint Dry: The Game”
• Security flaw in “TrueCaller” Android app exposes data of millions of users
• The iPhone may be easier to hack than expected, as the unlock count it not stored as securely as previously thought
• Amazon releases guide to developing for its Echo platform using a Raspberry Pi
• CloudFlare is asking tor to implement a “prove you are human” plugin or face being blocked
• The Mastermind — Atavist

The post Pay to Boot | TechSNAP 260 first appeared on Jupiter Broadcasting.

Ang and Mike discuss business operational tools, practices & common issues, how Ang got her kids started on computers, good languages to get started with & she makes a pretty poignant comment about Linux. Mike discusses TarDisk & whether or not he recommends it & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

Show Notes:

Hoopla:

• TarDisk Review | dominickm.com
• PyCharm

WTR’s:

• Code Saves Time | WTR 48 | Jupiter Broadcasting
• Technology For Connection | WTR 43 | Jupiter Broadcasting
• Sharing with Intent | WTR 45 | Jupiter Broadcasting

The post Linux: Bug or Feature? | CR 188 first appeared on Jupiter Broadcasting.

Angela and Chris discuss all sorts of space goods that might be cool to have as well as a couple up and coming projects that are really breaking ground for space utilization to keep us all connected.

Direct Download:

HD Video | Mobile Video | MP3 Audio | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feed

— Show Notes —

Main Topic:

• Luna: Bring the moon along with you | Indiegogo
• Planetary Glass Set | ThinkGeek
• Star Trek Enterprise Projection Alarm Clock | ThinkGeek
  +Jupiter Solar Spinning Globe | ThinkGeek
• I Heart Pluto T-Shiirt | SnorgTees
• Caelus Cubesat Bringing Revolutionary technology to space. by Sakarias — Kickstarter
• Lantern: One Device, Free Data From Space Forever | Indiegogo
  +Dans Space Van – Tour & Webcast | Indiegogo
• Pornhub Space Program – SEXPLORATION | Indiegogo

Email angela@jupiterbroadcasting.com your computer based PORN SKIT! Yes, write your own potentially horribly geeky porn skit and email it in. Send in a pic and/or link and IRC nick.

WTR

• Check out Technology For Connection | WTR 43 | Jupiter Broadcasting
• Follow WTR on twitter: www.twitter.com/heywtr
• Email WTR: wtr@jupiterbroadcasting.com

Follow Jupiter Broadcasting

• See more pics: https://instagram.com/jupiterbroadcasting#
• Sign up for Jupiter Signal: www.bit.ly/jupitersignal
• Unfilter is on Patreon! https://www.patreon.com/unfilter
• Tech Talk Today is on Patreon! https://www.patreon.com/jupitersignal

— Find the FauxShow! —

• Facebook: https://www.facebook.com/thefauxshow
• Twitter: https://www.twitter.com/angerz
• G+: https://www.gplus.to/fauxshow
• Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
• Jupiter Radio: https://jblive.info
• Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
• Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
• Donations: https://original.jupiterbroadcasting.net/donate
• Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Space Goods | FauxShow 225 first appeared on Jupiter Broadcasting.

Google’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

After years of wondering, we can finally find out about Google’s Data Center Secrets

• “Google has long been a pioneer in distributed computing and data processing, from Google File System to MapReduce to Bigtable and to Borg. From the beginning, we’ve known that great computing infrastructure like this requires great datacenter networking technology.”
• “For the past decade, we have been building our own network hardware and software to connect all of the servers in our datacenters together, powering our distributed computing and storage systems. Now, we have opened up this powerful and transformative infrastructure for use by external developers through Google Cloud Platform.”
• ““We could not buy, for any price, a data-center network that would meet the requirements of our distributed systems,” Vahdat said. Managing 1,000 individual network boxes made Google’s operations more complex, and replacing a whole data center’s network was too disruptive. So the company started building its own networks using generic hardware, centrally controlled by software. It used a so-called Clos topology, a mesh architecture with multiple paths between devices, and equipment built with merchant silicon, the kinds of chips that generic white-box vendors use. The software stack that controls it is Google’s own but works through the open-source OpenFlow protocol.“
• “At the 2015 Open Network Summit, we are revealing for the first time the details of five generations of our in-house network technology.”
• “Our current generation — Jupiter fabrics — can deliver more than 1 Petabit/sec of total bisection bandwidth. To put this in perspective, such capacity would be enough for 100,000 servers to exchange information at 10Gb/s each, enough to read the entire scanned contents of the Library of Congress in less than 1/10th of a second.”
• “We use a centralized software control stack to manage thousands of switches within the data center, making them effectively act as one large fabric, arranged in a Clos topology”
• “We build our own software and hardware using silicon from vendors, relying less on standard Internet protocols and more on custom protocols tailored to the data center”
• “Putting all of this together, our datacenter networks deliver unprecedented speed at the scale of entire buildings. They are built for modularity, constantly upgraded to meet the insatiable bandwidth demands of the latest generation of our servers. They are managed for availability, meeting the uptime requirements of some of the most demanding Internet services and customers. Most importantly, our datacenter networks are shared infrastructure. This means that the same networks that power all of Google’s internal infrastructure and services also power Google Cloud Platform. We are most excited about opening this capability up to developers across the world so that the next great Internet service or platform can leverage world-class network infrastructure without having to invent it.”
• ““The amount of bandwidth that we have to deliver to our servers is outpacing even Moore’s Law,” Vahdat said. Over the past six years, it’s grown by a factor of 50. In addition to keeping up with computing power, the networks will need ever higher performance to take advantage of fast storage technologies using flash and non-volatile memory, he said.”
• “For full details you’ll have to wait for a paper we’ll publish at SIGCOMM 2015 in August”
• Official Google Cloud Platform Blog Post

The US Government is in no position to teach anyone about Cyber Security

• “Why should anyone trust what the US government says on cybersecurity when they can’t secure the systems they have full control over?”
• “IRS employees can use ‘password’ as a password? No wonder they get hacked”
• As I have long said, you have to assume the worst until you can prove otherwise: “The effects of the massive hack of the Office of Personnel Management (OPM) continue to ripple through Washington DC, as it seems every day we get more information about how the theft of millions of government workers’ most private information is somehow worse than it seemed the day before. (New rule: if you read about a hack of a government or corporate database that sounds pretty bad, you can guarantee it be followed shortly thereafter by another story detailing how the same hack was actually much, much “worse than previously admitted.”)”
• “It’d be one thing if this incompetence was exclusively an OPM problem, but despite the government trying to scare private citizens with warnings of a “cyber-Armageddon” or “cyber-Pearl Harbor” for years, they failed to take even the most basic steps to prevent massive data loss on their own systems. As OTI’s Robyn Greene writes, 80-90% of cyber-attacks could be prevented or mitigated with basic steps like “encrypting data, updating software and setting strong passwords.””
• Of course, using Multi-Factor Authentication would help a lot too
• “The agency that has been singled out for some of the worst criticism in recent years is the Department of Homeland Security, the agency that is supposedly in charge of securing all other government systems. The New York Times reported this weekend that the IRS’s systems still allow users to set their passwords to “password,” along with other hilariously terrible mistakes. “
• “Instead of addressing their own problems and writing a bill that would force the government to upgrade all its legacy systems, implement stronger encryption across federal agencies and implement basic cybersecurity best practices immediately, members of both parties have been pushing dangerous “info-sharing” legislation that will end with much more of citizens’ private data in the hands of the government. And the FBI wants tech companies to install “backdoors” that would give the government access to all encrypted communications – thereby leaving everyone more vulnerable to hackers, not less. Two “solutions” that won’t fix any of the glaring problems staring them in the face, and which may make things a lot worse for ordinary people.”
• There are plenty of examples of large networks that are fairly well secured, so it isn’t impossible to secure a large network. However, the number of insecure government and corporate networks suggests that more needs to be done.
• The solution isn’t something sold by a vendor, it is the same stuff security experts have been preaching for decades:
  • Need to know — Only those who actually need data should have access to it. Lets not just store everything in a giant shared network drive with everyone having read/write access to it
  • Patching — Software has flaws. These flaws get fixed and then become public (sometimes the other way around, the dreaded Zero-Day flaw). If you do not patch your software quickly, you increase the chance of the flaw being used against you
  • Strong Authentication — Password complexity requirements can be annoying, because they are often too vague. Requiring a number, a lower case letter, an upper case letter, and a symbol isn’t necessarily as secure as a passphrase which is longer. Worse, many systems do not securely store the passwords, making them less secure
  • Multi-Factor Authentication — Requiring more than one factor, to ensure that if an attacker does shoulder surf, key log, phish, or otherwise gain access to someones password, that they cannot access the secure data
  • Encryption — This one is hard, as many solutions turn out to not be good enough. “The harddrive on my laptop is encrypted”, this is fine, except if the attacker gets access while your machine is powered on and logged in. Sensitive data should be offlined when it is not in use, rather than being readily accessible in its decrypted form
  • Logging — Knowing who accessed what, and when is useful after-the-fact. Having an intelligence system that looks for anomalies in this data can help you detect a breach sooner, and maybe stop it before the baddies make off with your data
  • Auditing — A security appliance like the FUDO to only allow access to secure systems when such access is recorded. This way the actions of all contractors and administrators are recorded on video, and there is no way to access the protected systems except through the FUDO.
• As we discussed before in TechSNAP 214, there are other techniques that can be used to help safeguard systems, including whitelisting software, and only allowing approved applications on sensitive systems. The key is deciding which protections to use where, while generating the least amount of ‘user resistance’

Google Project Zero researcher discloses 15 new vulnerabilities

• Researcher Mateusz Jurczyk has disclosed 15 new remote code execution vulnerabilities
• The most interesting of these including a flaw in Adobe Reader and Windows that appears to get past all known exploit defenses.
• “The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”
• “Any of the 15 vulnerabilities Jurczyk pulled from this old but seemingly unexplored area could trigger remote code execution or privilege escalation in Adobe Reader or the Windows kernel.”
• Researcher Blog
• Video of Exploit
• PDF of Slides
• Project Zero has also published some other interesting vulnerabilities recently
• Owning Internet Printing — A Case Study in Modern Software Exploitation
• Microsoft’s MemoryProtector feature actually counters Microsoft’s new extended ASLR protections
• “It is possible to use a timing attack on MemoryProtector to reveal the offset used by High-Entropy Bottom-Up Randomization, thus completely bypassing it.”
• Analysis and Exploitation of an ESET Vulnerability — Do we understand the risk vs. benefit trade-offs of security software?
  
• In-Console-Able — Developing a sandbox escape chain for Chrome

Feedback:

• Somewhat nervous: how to mitigate Samsung SSD firmware + Linux major corruption risk?

• To delta sync or not to delta sync

• Changing domain registrars and want to maximize email up-time

• Keys

Round Up:

• Samsung deliberately disabling Windows Update
• Adobe issues out-of-band patch for Flash Player after zero-day exploit is discovered being used in the wild
• Google reveals that it was forced to hand over journalist’s data during wikileaks grand jury investigation
• As many as 1 in 3 servers in data centers are powered on but not doing anything
• Chinese may have had access to US Security Clearance data for over a year
• Bruce Schneier: China and Russia Almost Definitely Have the Snowden Docs
• Default Authorized SSH key found in many Cisco security appliances
• Richard Bejtlich: If you can’t keep hackers out, find and remove them faster
• Snowden leak shows NSA and GCHQ attacked security software vendors
• Stealing your GPG private key using a cell phone and an AM radio
• Secunia will block access to vulnerabilities less than 9 months old for non-members after they “frequently encounter organizations engaged in wrongful use of Secunia Advisories”
• Great tool for building regular expressions, better than most in that it supports lookbehind, which most basic javascript implementations do not
• Many Android apps do HTTPS wrong, or not at all
• US Navy Warfare Systems command paid $9.1 million to get security updates for 100,000 Windows XP and 2003 computers. Contract could be worth up to $30 million and extend to 2017
• Sony has killed off the Aibo robots, making replacement parts hard to come by. This raises questions about the next generation of robots. Softbank is soon to release a “Child” robot called Pepper. What will people do when spare parts for their child can only be gotten by cannibalizing other children?
• Google, Mozilla, Webkit, and Microsoft team up to launch ‘Webassembly’ a new binary format for web applications
• HP’s Adventures with the Zero-Day Initiative and bug bounties
• 5 intrusion vectors that cannot be spotted by going offline
• Cryptography jokes

The post Homeland Insecurity | TechSNAP 220 first appeared on Jupiter Broadcasting.

Hello everyone and welcome back to SciByte!

We take a look at resurrecting a space probe, classroom decorations, brain control, viewer feedback, a three year look back at SciByte, Curiosity news, and as always take a peek back into history and up in the sky this week.

Direct Download:

MP3 Audio | OGG Audio | HD Video | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes

Show Notes:

Bringing an Abandoned Satellite Back to Life and Use

• An independent team of engineers recovering old imagery on magnetic tape reels from the first lunar orbiter missions decided to accomplish a landmark achievement: to turn on, command and maneuver a NASA spacecraft long ago abandoned
• Original mission : Sun/Earth Explorer 3 (ISEE-3)
• Originally the mission was cooperative effort between NASA and ESRO/ESA to study the interaction between the Earth’s magnetic field and the solar wind.
• Examine in detail the structure of the solar wind near the Earth and the shock wave that forms the interface between the solar wind and Earth\’s magnetosphere
• Investigate motions of and mechanisms operating in the plasma sheets, and continue the investigation of cosmic rays and solar flare emissions in the interplanetary region near 1 AU
• Second mission: International Cometary Explorer
• On June 10, 1982, after completing its original mission, ISEE-3 was repurposed. It was renamed the International Cometary Explorer (ICE)
• The primary scientific objective of ICE was to study the interaction between the solar wind and a cometary atmosphere
• ICE carried no cameras. It instead carried instruments for measurements of energetic particles, waves, plasmas, and fields
• It was sent on a trajectory intercepting that of Comet Giacobini-Zinner and on 11 September 1985, the craft passed through the plasma tail of Comet Giacobini-Zinner
• It transited between the Sun and Comet Halley in late March 1986, when other spacecraft were in the vicinity of Comet Halley, ICE flew through the tail
• Heliospheric mission
• This phase of the mission was approved by NASA in 1991, which consisted of investigations of coronal mass ejections in coordination with ground-based observations
• End of mission
• On May 5, 1997, NASA ended the ICE mission, and ordered the probe shut down, with only a carrier signal left operating
• Further contact
• In 1999, NASA made brief contact with ICE to verify its carrier signal and discovered that it had not been powered off after the last contact
• On September 18, 2008 a status check revealed that all but one of its 13 experiments were still functioning, and it still has enough propellant
• Bringing It Back to Life?
• Earlier in 2014, officials with the Goddard Space Flight Center had said that the Deep Space Network equipment necessary to transmit signals to the spacecraft had been decommissioned in 1999, and that replacing it was not economically feasible
• An independent team of engineers recovering old imagery on magnetic tape reels from the first lunar orbiter missions decided to accomplish a landmark achievement: to turn on, command and maneuver a NASA spacecraft long ago abandoned
• They began to study the feasibility and challenges involved in reviving the \’dead\’ satellite
• A team webpage said, \”We intend to contact the ISEE-3 (International Sun-Earth Explorer) spacecraft, command it to fire its engine and enter an orbit near Earth, and then resume its original mission…If we are successful we intend to facilitate the sharing and interpretation of all of the new data ISEE-3 sends back via crowdsourcing.\”
• Crowdsourcing
• To cover the costs of writing the software to communicate with the probe, searching through the NASA archives for the information needed to control the spacecraft, and buying time on the dish antennas
• On May 15, 2014, the project reached its crowdfunding goal, and they further met a \’stretch\’ goal of $150,000
• Window of Opportunity
• The team needed to contact the spacecraft before the end of May because the next close approach to the Earth won’t be until 30-40 years
• The ISEE-3/ICE spacecraft was never really designed to be an interplanetary cruiser and thus the thrusters on board are very small
• The project members are working on deadline: if they get the spacecraft to change its orbit by late May or early June 2014, it can use the Moon\’s gravity to get back into a useful halo orbit.
• The team estimates that if they wait until mid-June to do the course correction that it will take 17 hours of thrusting to get the course change of about 40 meters/second that they will need at that time
• Hardware and Software
• It has been 30 years since the original project was started and and documents and magnetic tapes have disappeared.
• The software and hardware to program, command and transmit to ISEE-3 are long gone
• Amateur radio operators now have technology sufficient to acquire the signal and through the internet are also a part of the recovery effort
• Even without the original hardware transmitter, today’s high-speed electronics are able to emulate in software the hardware from 36 years ago
• Project members obtained the needed hardware (power amplifier, modulator/demodulator and installed it on the 305-meter Arecibo dish antenna on May 19, 2014
• Technical Progress
• This is an ongoing process and the team has dug some of the pertinent information out of 35 year old IEEE or AIAA papers that are publicly available
• Most of the best information the team found was from the people who worked on the project in the 1980\’s when the spacecraft was fully operational
• They also obtained several documents from NASA as part of the development of thier Space Act Agreement
• Since there is no computer on board the ISEE-3 spacecraft the task is actually much easier since we are going to be directly commanding various subsystems
• Non-Reimbursable Space Act Agreement
• Although NASA is not funding the project, it made advisors available and gave approval to try to establish contact
• On May 21, 2014, NASA announced that it had signed a Non-Reimbursable Space Act Agreement with the ISEE-3 Reboot Project
• \”This is the first time NASA has worked such an agreement for use of a spacecraft the agency is no longer using or ever planned to use again,\” officials said
• Multimedia
• Twitter | ISEE3 Reboot Project (ISEE3Reboot)
• YouTube | ISEE-3 Reboot | Mike Loucks
• YouTube | ISEE-3 Reboot Project – Recovering a 30 year old space probe Scott Manley
• Further Reading / In the News
• NASA Signs Agreement with Citizen Scientists Attempting to Communicate with Old Spacecraft | NASA.gov
• ISEE-3 Reboot Project Status and Schedule for First Contact | Space College
• Guest Post: No turning back, NASA ISEE-3 Spacecraft Returning to Earth after a 36 Year Journey | UniverseToday.com
• International Cometary Explorer – Wikipedia, the free encyclopedia
• ISEE-3 Reboot Project | Astronomy News | NinePlanets.org
• ISEE-3 Reboot Project: Stretch Goal – NASA Watch
• ISEE-3 Reboot Project by Space College, Skycorp, and SpaceRef | RocketHub

— NEWS BYTE —

Distracted by Classroom Decorations?

• New research from Carnegie Mellon University shows that too much materials covering a classroom wall may end up disrupting attention and learning in young children
• The Low Down
• Researchers looked at whether classroom displays affected children\’s ability to maintain focus during instruction and to learn the lesson content
• They found that children in highly decorated classrooms were more distracted, spent more time off-task and demonstrated smaller learning gains than when the decorations were removed
• The Study
• 24 kindergarten students were placed in laboratory classrooms for six introductory science lessons on topics they were unfamiliar with
• Three lessons were taught in a heavily decorated classroom, and three lessons were given in a sparse classroom.
• Results
• The results showed that while children learned in both classroom types, they learned more when the room was not heavily decorated
• Children\’s accuracy on the test questions was higher in the sparse classroom (55 percent correct) than in the decorated classroom (42 percent correct).
• When the researchers tallied all of the time children spent off-task in both types of classrooms, the rate of off-task behavior was higher in the decorated classroom (38.6 percent time spent off-task) than in the sparse classroom (28.4 percent time spent off-task)
• The Future
• The researchers are interested in finding out if the visual displays were removed, whether the children\’s attention would shift to another distraction
• Additional research is needed to know what effect the classroom visual environment has on children\’s attention and learning in real classrooms
• They say that they do not suggest by any means that this is the answer to all educational problems but that teachers should consider whether some of their visual displays may be distracting
• Further Reading / In the News
• Heavily decorated classrooms disrupt attention and learning in young children | ScienceDaily.com

— TWO-BYTE NEWS —

Flying With Only A Thought

• Scientists have now demonstrated the feasibility of flying via brain control, with astonishing accuracy
• First Breakthrough
• Seven subjects took part in the flight simulator tests
• They had varying levels of flight experience, including one person without any practical cockpit experience whatsoever
• The accuracy with which the test subjects stayed on course by merely thinking commands would have sufficed, in part, to fulfill the requirements of a flying license test
• Several of the subjects also managed the landing approach under poor visibility
• In The Future
• Scientists are now focusing in particular on the question of how the requirements for the control system and flight dynamics need to be altered to accommodate the new control method
• Normally, pilots feel resistance in steering and must exert significant force when the loads induced on the aircraft become too large
• This feedback is missing when using brain control
• The researchers are thus looking for alternative methods of feedback to signal when the envelope is pushed too hard, for example
• Further Reading / In the News
• Using thoughts to control airplanes | ScienceDaily.com

— VIEWER FEEDBACK —

Jupiter\’s Great Red Spot Shrinking?

• Twitter | Michael Thalleen ‏@ThalleenM
• Jupiter\’s Great Red Spot Shrinks to Smallest Size Ever Seen
• The Great Red Spot
• “Recent Hubble Space Telescope observations confirm that the spot is now just under 10,250 miles (16,500 km) across, the smallest diameter we’ve ever measured,” said Amy Simon of NASA’s Goddard Space Flight Center
• Using historic sketches and photos from the late 1800s, astronomers determined the spot’s diameter then at 25,475 miles (41,000 km) across
• Changes
• Starting in 2012 amateur observations revealed a noticeable increase in the spot’s shrinkage rate
• They showed that the spot’s “waistline” is getting smaller by just under 620 miles (1,000 km) per year while its north-south extent has changed little
• This has caused the spot to become more circular in shape
• Cause
• There are no firm answers yet as to what is causing the drastic downsizing,
• New observations however show that very small eddies are feeding into the storm which may be responsible for the accelerated change by altering the internal dynamics of the Great Red Spot
• The storm appears to be conserving angular momentum by spinning faster the same way an ice skater spins up when they pulls in their arms
• The faster winds might also help shrink the spot further or bring about its rejuvenation.
• Multimedia
• YouTube | Jupiter\’s Great Red \’Shrinking\’ Spot Spied By Hubble | VideoFromSpace
• Further Reading / In the News
• [Hubble Sees Jupiter\’s Red Spot Shrink to Smallest Size Ever | UniverseToday.com(https://www.universetoday.com/111907/hubble-sees-jupiters-red-spot-shrink-to-smallest-size-ever/)

— Updates —

SciByte

• Hosts
• Jeremy | Co-Hosted for ep 1-13
• Nikki | Summer SciByte | August 06, 2013; August 13, 2013; August 27, 2013; July 23, 2013; SciByte September 03, 2013
• Chris | Episodes 14+ [minus a few \”Summer SciByte\” or \”Summer SciByte Style\” with Nikki]
• Formats Over the Years
• Totally edited video in a virtual studio with Jeremy
• Totally video in a virtual studio with Chris
• Video once a month and \”Enhance Audio\” with Chris
• \”Enhanced Audio\” with Chris
• Google Hangout\’s with Nikki
• Science as an Adjective, a Noun, and a Verb
• Adjective = \’describing\’ a word; Noun = person, place, thing, animal, idea; Verb = conveys an action
• \”Science is Sad\” | Large Hadron Collider | SciByte 8
• Watching Science Progres
• Private Space Travel Advances | From an idea, to engineering, to testing, to implementation [i.e. SpaceX and Virgin Galactic]
• Mars Landers | Opportunity (continuing science and solar panel ‘cleaning’ events) and Curiosity (Confirmation of running/standing water in Mars history, ancient habitable locations, drilling into rocks, switching to searching for the building blocks of life)
• Watching science progress | Alzheimer\’s research, Voyager 1, Exoplanets, medical research helping senses
• Breaking Science | \’Faster Than Light Neutrinos\’, Higgs-Boson Particle
• Further Reading / In the News
• SciByte | JupiterBroadcasting.com

— CURIOSITY UPDATE —

• The Image from Mars Hand Lens Imager (MAHLI)
• Shows the rock target \”Windjana\” and its immediate surroundings after inspection of the site by the rover
• The researchers drilled a test hole and a sample collection hole produced the mounds of drill cuttings that are markedly less red than the other visible surfaces
• This preparatory \”mini drill\” hole, to lower right from the open hole, was drilled on Sol 615 (April 29, 2014) and subsequently filled in with cuttings from the sample collection drilling.
• The open hole from sample collection is 0.63 inch (1.6 centimeters) in diameter. It was drilled on Sol 621 (May 5, 2014).
• The vigorous activity of penetrating the rock with the rover\’s hammering drill also resulted in slides of loose material near the rock
• Gathering Samples
• Since then, the 1 ton robot carefully scrutinized the resulting 2.6 inches (6.5 centimeters) deep borehole, the scientists then hit the fresh bore hole with a pinpoint series of parting laser blasts
• The mound of dark grey colored drill tailings, much darker and greyer that the exterior of the rock, that are piled around for an up close examination of the texture and composition with the MAHLI camera and spectrometers
• The team has successfully delivered pulverized and sieved samples to the pair of onboard miniaturized chemistry labs [Chemistry and Mineralogy instrument (CheMin) and Sample Analysis at Mars instrument (SAM)] for chemical and compositional analysis.
• Researchers decided that one drill campaign into Kimberley was enough, so the rover will not be drilling into any other rock targets at this location
• There will be further analysis of the ‘Windjana’ sample along the way since there’s plenty of leftover sample material stored in the CHIMRA sample processing mechanism to allow future delivery of samples when the rover periodically pauses during driving.
• The Future
• It may be a very long time before the next drilling when the rover arrives at the foothills of Mount Sharp
• The current location, Windjama, lies some 2.5 miles (4 kilometers) southwest of Yellowknife Bay
• It still has about another 4 kilometers to go to reach the foothills of Mount Sharp sometime later this year
• Multimedia
• Images – Mars Science Laboratory | mars..jpl.nasa.gov
• Image Galleries at JPL and Curiosity Mulimedia
• Social Media
• Curiosity Rover @MarsCuriosity
• Further Reading / In the News
• Curiosity says \’Goodbye Kimberley\’ after Parting Laser Blasts and Seeking New Adventures Ahead | UniverseToday.com

SCIENCE CALENDAR

Looking back

• May 29, 1919 : 95 years ago : Einstein\’s Relativity Theory Proved : A solar eclipse permitted observation of the bending of starlight passing through the sun\’s gravitational field, as predicted by Albert Einstein\’s theory of relativity. Separate expeditions of the Royal Astronomical Society travelled to Brazil and off the west coast of Africa. Both made measurements of the position of stars visible close to the sun during a solar eclipse. These observations showed that, indeed, the light of stars was bent as it passed through the gravitational field of the sun. This was a key prediction of Albert Einstein\’s theory that gravity affected energy as in addition to the familiar effect on matter. The verification of predictions of Einstein\’s theory, proved during the solar eclipse was a dramatic landmark scientific event.

Looking up this week

• Keep an eye out for …
• Wed, May 28 | New Moon (exact at 2:40 p.m. EDT)
• Fri, May 30 | 20-30 min after sunset | | Very low in the W-NW you can see the hairline crescent Moon with Mercury to its right, they both set fairly quickly. You can see Jupiter to the far upper left.
• Sat, May 31 | ~1hr after sunset | Jupiter stands to the upper right of the Moon in the early evening
• Sun, Jun 03 | ~1hr after sunset | Jupiter is now to the left and slightly higher than the moon
• Planets
• Mercury | Twilight | It is at it\’s highest point for 2014 for mid-N lat, and is fading this week. As twilight deepens, look for it in the W-NW to the lower right of bright Jupiter as it fades this week
• Venus | Dawn | The \”Morning Star\” is low in the E during dawn, moving to it\’s highest point in the south in late twilight
• Mars | Is at it\’s highest point in the S in late twilight, it sets in the W around 3 or 4 a.m. DST
• Jupiter | Twilight | Is in the west at twilight, sinking during the evening and sets around 11 or midnight. Jupiter is on the far side of the Sun from us and is nearly its minimum apparent size that we see

• Saturn | Evening | Appears SE in the evening moving to it\’s highest point in the S ~11-12

• Further Reading and Resources

• Sky&Telescope | Sky at a Glance
• SpaceWeather.com
• StarDate.org
• For the Southern hemisphere: SpaceInfo.com.au
• Constellations of the Southern Hemisphere : astronomyonline.org
• Royal Astronomical Society of New Zealand : rasnz.org.nz
• AstronomyNow
• HeavensAbove

The post ISEE-3 Back To Life | SciByte 132 first appeared on Jupiter Broadcasting.

We take a look at new sources of freshwater, plasticity, water on Europa, spacecraft updates, and as always take a peek back into history and up in the sky this week.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes

Star Trek: The Return (Adapted) Audiobook | William Shatner | Audible.com

Hidden Freshwater Reserves

• According to the latest report documented in the journal Nature Australian scientists have identified vast freshwater reserves buried beneath the oceans
• The Discovery
• Groundwater scientists were very well aware of the presence of the freshwater reserves beneath the seafloor, but have assumed it to occur during unusual and extraordinary situations
• Researchers have now revealed the presence of nearly half a million cubic kilometres [120,000 cubic mi] of low salinity water located beneath the seabed on the continental shelves
• Located off Australia, China, North America and South Africa, the newly discovered fresh water reserves can be used to supply water to coastal cities
• This water resource is a hundred times greater than the amount we\’ve extracted from the Earth\’s subsurface in the past century since 1900
• This latest study reveals that the fresh and brackish aquifers under the seabed are a common phenomena
• Formation
• Hundreds to thousands of years ago when the sea level was lower than what it is currently rainwater penetrated into the ground and filled up the water tables in regions that are currently under sea
• Nearly 20,000 years ago, the sea levels rose, the ice caps began melting and the areas were covered by oceans
• Most of the aquifers today are protected from seawater by blankets of clay and sediments that are piled on top
• These aquifers are not different from those found below land. Their salinity is low due to which they can be easily converted into drinking water
• Acquisition and Use
• Researchers propose two ways to gain access to these freshwater reserves, either be by constructing a platform and drilling into the seabed, which is expensive, or drill from the mainland that is at a closer distance from the aquifer
• Freshwater under the seabed is much less salty than seawater and it can be converted to drinking water with less energy than seawater desalination and also leave us with a lot less hyper-saline water
• Because of how they formed, these water reserves are non-renewable and should be used carefully
• Further Reading / In the News
• Scientists Discover Untapped Freshwater Reserves Beneath the Oceans | ScienceWorldReport.com

— NEWS BYTE —

Learning New Skills

• A new computational model developed by MIT neuroscientists explains how the brain maintains the balance between plasticity and stability and how it can learn very similar tasks without interference between them.
• To learn new motor skills, the brain must be plastic: able to rapidly change the strengths of connections between neurons, forming new patterns that accomplish a particular task, if the brain were too plastic, previously learned skills would be lost too easily.
• Neurons
• The key is that neurons are constantly changing their connections with other neurons
• Not all of the changes are functionally relevant – they simply allow the brain to explore many possible ways to execute a certain skill, such as a new tennis stroke
• The brain is always trying to find the configurations that balance everything so you can do two tasks, or three tasks, or however many you\’re learning
• According to this theory as the brain explores different solutions, neurons can become specialized for specific tasks
• As the brain learns a new motor skill, neurons form circuits that can produce the desired output
• Modifications
• Perfection is usually not achieved on the first try, so feedback from each effort helps the brain to find better solutions, complications arise when the brain is trying to learn many different skills at once
• Because the same distributed network controls related motor tasks, new modifications to existing patterns can interfere with previously learned skills, particularly when you\’re learning very similar things such as two different tennis strokes
• Instructions for each task would be stored in a different location on a computer chip; however, the brain is not organized like a computer chip.
• Instead, it is massively parallel and highly connected – each neuron connects to, on average, about 10,000 other neurons
• That connectivity offers an advantage, however, because it allows the brain to test out so many possible solutions to achieve combinations of tasks
• The constant changes in these connections, which researchers call hyperplasticity, is balanced by another inherent trait
• Neurons have a very low signal to noise ratio, meaning that they receive about as much useless information as useful input from their neighbors
• New Model with Signal Noise
• Most models of neural activity don\’t include noise, but the MIT team says noise is a critical element of the brain\’s learning ability
• This model helps to explain how the brain can learn new things without unlearning previously acquired skills
• The paper shows is that, counterintuitively, if you have neural networks and they have a high level of random noise, that actually helps instead of hindering the stability problem
• Without noise, the brain\’s hyperplasticity would overwrite existing memories too easily
• Low plasticity would not allow any new skills to be learned, because the tiny changes in connectivity would be drowned out by all of the inherent noise
• What it Means
• The constantly changing connections explain why skills can be forgotten unless they are practiced often, especially if they overlap with other routinely performed tasks
• Skills such as riding a bicycle, which is not very similar to other common skills, are retained more easily
• Once you\’ve learned something, if it doesn\’t overlap or intersect with other skills, you will forget it but so slowly that it\’s essentially permanent
• Researchers are now investigating whether this type of model could also explain how the brain forms memories of events, as well as motor skills
• Multimedia
• YouTube | How Neurons Work Made Simple ~ An Animated Guide | cosmiccontinuum
• Further Reading / In the News
• How Our Brain Balances Old and New Skills | ScienceWorldReport.com

— TWO-BYTE NEWS —

MarsOne, Another Step Forward

• Mars One has announced that Lockheed Martin and Surrey Satellite Technology Ltd. have been awarded contracts to study and develop concepts for a Mars lander and a data link satellite, for a 2018 exploratory mission
• The mission\’s timetable has been pushed back by two years. The satellite was originally supposed to launch in 2016, with humans arriving by 2023. Now, Mars One is aiming for a 2025 colonization date.
• Multimedia
• YouTube | Mars One Crowdfunding Campaign 2018 Mars Mission | MarsOneProject
• Further Reading / In the News
• One-Way, Manned Mission To Mars Just Got Closer To Reality | Popular Science | PopSci.com

— VIEWER FEEDBACK —

Water Jets Above Another One of Jupiters Moons

• Jacob F. Roecker ‏@jacobroecker
• Check This Out
• NASA\’s Hubble Space Telescope has spotted water vapor above Europa frigid south polar region, providing the first strong evidence of water plumes erupting off the moon\’s surface
• Only after a particular camera on the Hubble Space Telescope had been repaired on the last servicing mission by the Space Shuttle did we gain the sensitivity to really search for these plumes
• Europa’s ocean could help explain its jigsaw surface | Arstechnica.com
• Water Plumes
• Scientists had previously detected evidence of an ocean under Europa\’s icy crust
• The simplest explanation for this water vapor is that it erupted from plumes on the surface of Europa
• If those plumes are connected with the subsurface water ocean then future investigations can directly investigate the chemical makeup of Europa\’s potentially habitable environment without drilling through layers of ice
• Water Plumes Seen Before
• This would actually be the second moon in the solar system known to have water vapor plumes, the first one to be discovered was Saturn\’s moon Enceladus
• First detected in 2005 by NASA\’s Cassini orbiter, the plumes of Enceladus possess dust and ice particles
• Surface Terrain
  • Jupiter’s icy moon Europa has cracks in its surface, as seen before on Enceladus
• On Europa the cracks come in the form of jumbled pieces of ice that make up what are called the moon\’s “chaos terrains.”
• It seems likely that the ocean has something to do with the chaos terrain, especially given the presence of salt there
• To figure that out, however, we’d have to know something about how water circulates in that ocean
• It’s been thought that the big-picture pattern might look something like the atmosphere of Jupiter, with alternating bands of eastward or westward flow.
• Circulation in the ocean would be driven by the heat from Europa’s interior, making it difficulty of studying Europa’s oceans
• When They Can Be Seen
• Europa plumes are similar to Enceladus in that they also seem to vary depending on the moon\’s orbital position; active jets have only been seen when Europa is farthest from Jupiter
• This supports a key prediction that Europa should tidally flex by a significant amount if it has a subsurface ocean
• The Future
• Once the plumes are confirmed, scientists can take a closer look at their composition and may even be able to find out more about the potential subsurface sea of Europa
• Future space probe missions to Europa could confirm that the exact locations and sizes of vents and determine whether they connect to liquid subsurface reservoirs
• ESA\’s JUpiter ICy moons Explorer, a mission planned for launch in 2022, and which aims to explore both Jupiter and three of its largest moons: Ganymede, Callisto, and Europa.
• Multimedia
• YouTube | Jupiter Moon Europa\’s Water Plume Spied By Hubble – Artist Impression Video | VideoFromSpace
• Further Reading / In the News
• New computer model may explain moon Europa\’s chaotic terrain | Phys.org
• Hubble discovers water vapor venting from Jupiter\’s moon Europa | Phys.org
• NASA Hubble Telescope Discovers Water Plumes Over Icy Europa | ScienceWorldReport.com
• Europa\’s ocean could help explain its jigsaw surface | Ars Technica

— SPACECRAFT UPDATE—

International Space Station Troubles

• The Low Down
• On Dec. 12, 2013 a flow control valve failed
• The flow control valve regulates the temperature of the ammonia in the loop so that when the ammonia is reintroduced into the heat exchanger on the Harmony node it does not freeze the water also flowing through the exchange
• What Now?
• Spacewalks are now planned on Dec 21, 23 and 25 to replace the pump with an existing spare
• Multimedia
• YouTube | Space Station Malfunction: NASA Explains Cooling System Shutdown | VideoFromSpace
• YouTube |
• Further Reading / In the News
• International Space Station | NASA
• Teams Working Cooling System Issue; Station Crew Carries on With Research | NASA
• NASA Postpones Orbital Launch, Sets Spacewalks to Repair Faulty Pump Module | NASA.gov

China’s Chang’e-3 Moon Rover

• Landing
• China had a successful touchdown of the Chang’e-3 probe with the ‘Yutu’ rover on the surface of the Moon on Dec. 14
• They landed on the lava filled plains of the Bay of Rainbows occurred at about 8:11 am EST or 9:11 p.m. Beijing local time
• The Chang’e-3 lander transmitted its first images of the moon in real time during its approach to the lunar surface during the landing operation
• Rover Rolls Out
• Barely seven hours after the Chang’e-3 mothership touched down on Sunday, Dec. 15, the six wheeled ‘Yutu’, or Jade Rabbit, rover drove straight off a pair of ramps at 4:35 a.m. Beijing local time
• Yutu is nearly the size of a golf cart. It measures about 1.5 m x 1 m on its sides and stands about 1.5 m (nearly 5 feet) tall
• On Dec 15 Chang’e-3 lunar lander and rover beamed back portraits of one another snapped from the Moon’s surface displayed the Chinese national flag
• After rolling all six wheels into the dirt, Yutu, drove to a location about nine meters north of the lander, according to CCTV commentators
• Then turned around so that the red Chinese flag emblazoned on the front side would be facing the lander’s high resolution color cameras for the eagerly awaited portraits of one another
• Instrumentation
• The rover is equipped with eight science instruments including multiple cameras, spectrometers, an optical telescope, ground penetrating radar and other sensors to investigate the lunar surface and composition
• The radar instrument installed at the bottom of the rover can penetrate 100 meters deep below the surface to study the Moon’s structure and composition in unprecedented detail, according to a senior advisor of China’s lunar probe project
• A UV camera will study the earth and its interaction with solar wind and a telescope will study celestial objects and will also investigate the moon’s natural resources for use by potential future Chinese astronauts
  Most of the science instruments are working including at least three cameras and the ground penetrating radar
• The Next Big Challenge
• The rover will hibernate during the two week long lunar night
• The extremely cold lunar night and temperature fluctuations of more than 300 degrees Celsius – a great engineering challenge.
• A radioisotopic heater will provide heat to safeguard the rovers computer and electronics
• Multimedia
• YouTube | China\’s Chang\’e 3 landing on the Moon | Worldnews1
• YouTube | Smoothed Video of Decent | Smooth Video of Chinese Rover Yutu Descending Onto Moon\’s Surface | SpaceVids.tv
• YouTube | Rolls onto the Lunar surface, \’Real-Time\’ | Highlights of Chinese Rover Touching Down & Deploying on the Moon | SpaceVids.tv

• YouTube | Lowered on ramp, and rolls onto the Lunar surface, sped up | Highlights of Chinese Rover Touching Down & Deploying on the Moon | SpaceVids.tv

• Further Reading / In the News

• China Scores Historic Success as Chang\’-3 Rover Lands on the Moon Today | UniverseToday.com
• China\’s Chang\’e-3 Moon Rover Descends to Lower Orbit Sets Up Historic Soft Landing | UniverseToday.com
• China\’s Maiden Lunar Rover \’Yutu\’ Rolls 6 Wheels onto the Moon – Photo and Video Gallery | UniverseToday.com
• Chinese rover & lander beam back Portraits with China\’s Flag shining on Moon\’s Surface | UniverseToday.com

SCIENCE CALENDAR

Looking back

• Dec 22, 1882 : 131 years ago : Christmas Tree Lights : The first string of electric lights decorating a Christmas tree was created for his home by Edward H. Johnson, an associate of Thomas Edison. Previously, trees had been decorated with wax candles. The Dec 1901 issue of the Ladies\’ Home Journal advertised the Christmas tree lamps, first made commercially by the Edison General Electric Co. of Harrison, N.J. in strings of nine sockets, each with a miniature 2 candlepower, 32-volt, carbon-filament lamp*. Christmas tree lights quickly became the rage among wealthy Americans, but the average citizen didn\’t use them until the 1920s or later. Character light bulbs became popular in the 1920s, bubble lights in the 1940s, twinkle bulbs in the 1950s and plastic bulbs by 1955.
• The First Electric Christmas Tree Lights | TodayInSci.com

Looking up this week

• Keep an eye out for …
• Sat, Dec 21 | The shortest day of the year in the N hemisphere and the longest day in the S hemisphere. Winter officially begins in the N hemisphere at the solstice at 12:11pm EST
• Winter Constellation | Orion | Is in the E-SE right now, when it rises its three belt start are nearly verticle Image
• Planets
• Venus | \”Evening Star\” | Rises in the SW during and after dusk moving lower and lower each day
• Mars | Rises around 12-1 am local, and moves to the high S skies by dawn
• Jupiter | End of Twilight | Rises in the E-NE, and rises to its highest point around 1-2am. The moon will be near Jupiter off and on for now, interesting to know that Jupiter is 1,600 times farther away than the Moon.
• Saturn | Dawn Brightening | Rises in the SE, it is far to the lower left of Mars

SciByte is going on a Holiday break, we will be Back Jan 7, 2014 See you then!

• Further Reading and Resources
• Sky&Telescope
• SpaceWeather.com
• StarDate.org
• For the Southern hemisphere: SpaceInfo.com.au
• Constellations of the Southern Hemisphere : astronomyonline.org
• Royal Astronomical Society of New Zealand : rasnz.org.nz
• AstronomyNow
• HeavensAbove

The post Freshwater Aquifers & Brain Plasticity | SciByte 113 first appeared on Jupiter Broadcasting.

We take a look at habitable zone exoplanets, diabetes treatment advances, water in Jupiter, living on Mars, spacecraft updates, Curiosity news, and as always take a peek back into history and up in the sky this week.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes

Support the Show:

[asa]1613776233[/asa]
[asa]B00B7VZN76[/asa]

Show Notes:

More Habitable Zone Exoplanets

• Astronomers have announced that they have found three new, potentially rocky, planets in the habitable zone of their stars by analyzing nearly three years’ worth of data
• Kepler Space Telescope
• As of April 2013, Kepler data has uncovered more than 2,700 potential planets, with about 120 of them having been confirmed to date
• Mission scientists expect that more than 90 percent of the planets detected are real and not illusions in the data
• Until now planets in the habitable zone were discovered by what is known as the radial velocity method, which gives a lower limit for the planet’s mass, but no information about its radius
• While a small radius (less than 2 Earth radii) is a strong indicator that a planet around is indeed rocky it is difficult to assess whether or not a planet is rocky, like the Earth.
• Finding planets in the habitable zones of larger stars is harder because those planets have relatively long orbits and barely cast a shadow as they pass across the faces of their suns
• Kepler-62
• Kepler62 is a red dwarf star, about two-thirds the size of the sun and several hundred degrees Celsius cooler
• It is only 20 percent as bright as the sun and is about 1,200 light years away and contains five planets currently identified
• Two of the worlds, Kepler-62e and Kepler-62f are the smallest exoplanets yet found in a habitable zone, and they might both be covered in water or ice, depending on what kind of atmosphere they might have
• Life on these worlds would be under water with no easy access to metals, to electricity, or fire for metallurgy
• The biggest uncertainty right now is about both planets composition, early evidence suggests that at least 62f is rocky
• Kepler-62e and Kepler-62f would exhibit distinctly different colors and make our search for signatures of life easier on such planets in the near future
• Kepler-62e
• Orbit is 122 days
• 1.6 times the diameter of Earth
• Kepler-62e would have a bit more clouds than Earth according to computer models to sustain an ocean
• An astronomer at the University of Washington not involved in the research says that Kepler-62e may be too close to its star – and therefore too hot – to sustain life
• If 62e is a rocky planet, it’s almost certainly tidally locked with its star, half of its surface always facing the star, and the other always facing away
• Kepler62-f
• Orbit is 267 days
• 1.4 times the diameter of Earth
• Kepler-62f would need the greenhouse effect from plenty of carbon dioxide to warm it enough to host an ocean
• Kepler-69 System
• Kepler-36 is a sun-like star located 2,700 light-years away,
• The Kepler-69 system contains one known planet in that star\’s habitable zone
• Kepler-69c
• 1.7 times bigger than Earth, sits on the inner edge of the habitable zone and is almost certainly a super-Venus rather than a super-Earth
• Habitable Zone Types
• The \”empirical habitable zone\” is where liquid water can exist on the surface of a planet if that planet has sufficient cloud cover
• The \”narrow habitable zone\” is where liquid water can exist on the surface even without the presence of a cloud cover
• Of Note
• According to the Planetary Habitability Laboratory, there are now nine potential habitable worlds outside of our solar system, with 18 more potentially habitable planetary candidates found by Kepler waiting to be confirmed
• Astronomers predict there are 25 potentially habitable exomoons
• Kepler cannot search for signs of life on worlds like Kepler-62e, Kepler-62f and Kepler-69c, but the telescope is paving the way for future missions that should do just that
• Next-generation missions like the Transiting Exoplanet Survey Satellite, which NASA approved earlier this month for launch in 2017, will take on the task of finding nearer planets that astronomers can study in depth
• Multimedia
• YouTube | Animation of the Kepler 62 Planetary System | UniverseTodayVideos
• YouTube | NASA\’s Kepler Discovers Its Smallest \’Habitable Zone\’ Planets to Date | NASASolarSystem
• Infographic | 3 Potentially Habitable Super-Earth Planets Explained | Space.com
• IMAGE | Diagram compares the planets of the inner solar system to Kepler-69 | Image credit: NASA Ames/JPL-Caltech
• IMAGE | Diagram compares the planets of the inner solar system to Kepler-62 | Image credit: NASA Ames/JPL-Caltech
• IMAGE | Current known potentially habitable exoplanets | Credit: Planetary Habitability Laboratory/University of Puerto Rico, Arecibo.
• IMAGE | The habitable zone for different types of stars | Image: L. Kaltenegger (MPIA)
• YouTube | Full Anouncement | Kepler Makes Discoveries Inside the Habitable Zone | NASAtelevision
• Further Reading / In the News
• Discovered! Most Earth-Like Alien Planet & 2 Other Possibly Habitable Worlds | Space.com
• Most Earthlike planets yet seen bring Kepler closer to its holy grail | Atom & Cosmos | Science News
• Habitable Worlds? New Kepler Planetary Systems in Images | UniverseToday.com
• Kepler Team Finds System with Two Potentially Habitable Planets | UniverseToday.com

— NEWS BYTE —

New Possible Diabetes Treatment Option

• Researchers have discovered a hormone that holds promise for a dramatically more effective treatment of type 2 diabetes and believe that the hormone might also have a role in treating type 1, or juvenile, diabetes
• Type 1 Diabetes
• While betatrophin primarily as a treatment for type 2 diabetes, it is believed it might play a role in the treatment of type 1 diabetes as well
• Perhaps boosting the number of beta cells and slowing the progression of that autoimmune disease when it\’s first diagnosed
• Type 2 Diabetes
• Type 2 diabetes is usually caused by a combination of excess weight and lack of exercise and causes patients to slowly lose beta cells and the ability to produce adequate insulin
• Provide this hormone, the type 2 diabetic will make more of their own insulin-producing cells, and this will slow down, if not stop, the progression of their diabetes
• Betatrophin
• The hormone, called betatrophin, causes mice to produce insulin-secreting pancreatic beta cells at up to 30 times the normal rate
• In addition the new beta cells only produce insulin when called for by the body, offering the potential for the natural regulation of insulin
• The researchers know that the hormone exists in human plasma; betatrophin definitely exists in humans
• The Research
• The team wasn\’t just looking at what happens when an animal doesn\’t have enough insulin, they were able to find this a gene that had largely gone unnoticed before
• Another hint came from studying what happens during pregnancy, when there are more beta cells needed, and it turns out that this hormone goes up
• When a woman gets pregnant, her carbohydrate load, her call for insulin, can increase an enormous amount because of the weight and nutrition needs of the fetus
• The Future
• Betatrophin could be in human clinical trials within three to five years, an extremely short time in the normal course of drug discovery and development
• If it works as they hope it will it could eventually mean that instead of taking insulin injections three times a day, you might take an injection of this hormone once a week or month, or even year
• The researchers who discovered betatrophin caution that much work remains to be done before it could be used as a treatment in humans
• Multimedia
• YouTube | Potential Diabetes Breakthrough | Harvard
• Further Reading / In the News
• Potential diabetes breakthrough: Researchers discover new hormone spurring beta cell production | MedicalXPress.com

Soaking up Venom in Blood

• A tiny sponge camouflaged as a red blood cell could soak up toxins ranging from anthrax to snake venom, new research suggests
• Bacteria and Poisons
• One of the mainstay strategies of bacteria and poison is to poke holes in cells, disrupting their internal chemical balance and causing them to burst
• So far, researchers haven\’t had much success creating all-purpose treatments to exploit this vulnerability
• Nanosponges
• Researchers created a tiny spherical core of a lactic acid byproduct, which forms naturally during metabolism in the human body
• To get the outer skin of red blood cells, they used a difference in particle concentration inside and outside the cells to cause them to burst, and then collected their outer membranes
• They then wrapped the cores in the outer surface of the red blood cell
• The nanoparticles, also called nanosponges, act as decoys that lure and inactivate the deadly compounds
• The entire ensemble became a tiny nanosponge, which was about 85 nanometers in diameter, or 100 times smaller than a human hair
• The sponges\’ tiny size means a small amount of blood, for camouflage, can be used to make an effective dose
• In cell cultures, the camouflaged sponges act as decoys, luring the toxins from the bacteria that causes strep throat and bee venom
• The toxins then bind to the structure the \”poisons\” normally use to poke through cells
• When they stick onto the nanosponge, that particular damaging structure gets preoccupied, since the sponges are so small they can circulate freely through blood vessels, and then the body can digest the entire particle
• Experiment
• The team injected 18 mice with a lethal dose of a MRSA, Methicillin-resistant Staphylococcus aureus, toxin. Half the mice then got a dose of the nanosponges
• Whereas all the mice in the control group died, all but one that received the treatment survived
• When injected into mice, the tiny decoys protect mice against lethal doses of a toxin produced by methicillin-resistant Staphylococcus aureus, or MRSA.
• The Future
• The researchers want to see whether the method works in human blood, and against other toxic chemicals, such as scorpion venom and anthrax, which use similar attack strategies
• Because so many bacteria use the same pore-forming strategy, the nanosponges could be used as a universal treatment option when doctors don\’t know exactly what is causing an illness
• Further Reading / In the News
• Tiny Sponge Soaks Up Venom in Blood | Scientific American

— TWO-BYTE NEWS —

Water in Jupiter\’s Clouds

• How Did It Get There?
• In July 1994, the comet Shoemaker-Levy 9 plowed into Jupiter leaving behind millions of gallons of water.
• Water from the impact still makes up at least 95 percent of the water in the planet’s upper atmosphere
• Telescopes had previously spotted water in Jupiter’s upper atmosphere, some 100 kilometers above the planet’s ammonia cloud tops, but those surveys could not determine where the water came from
• Now astronomers have created a high-resolution map of water vapor distribution throughout Jupiter’s atmosphere
• They found that the concentration of water peaked in the planet’s southern hemisphere, right in the region where the comet struck
• More water also appeared at higher altitudes around the planet, which supports the comet as its origin.
• Water from other sources such as Jupiter’s icy moons would likely spread out more evenly around the planet and would gradually filter down to lower altitudes
• Multimedia
• Comet Shoemaker Levy 9 – How The Universe Works | DiscoveryTV
• Further Reading / In the News
• News in Brief: Comet\’s water still hanging around on Jupiter | Atom & Cosmos | Science News

MarsOne and Life on Mars and Science

• Mars colony project will do its best to avoid disturbing potential Red Planet life rather than aggressively hunt it down
• Science and Life
• The Netherlands-based nonprofit Mars One opened its astronaut-selection process on April 22
• They plan to land four people on the Red Planet in 2023 to make a permanent human colony on the Red Planet, with new crews arriving every two years thereafter
• Human explorers will doubtless contaminate whatever site is chosen for the settlement, so the organization will try to pick a place unlikely to host indigenous life to localize the pollution
• Mars One is working with experts to minimize the risks its colonization effort may pose to potential Red Planet lifeforms
• While Mars One hasn\’t picked a precise location for its settlement yet, the organization is targeting a swath of the Red Planet between 40 and 45 degrees north latitude
• Mars One astronauts will not necessarily be scientists
• Anyone over the age of 18 is eligible to apply, with the selection committee prizing traits such as intelligence, resourcefulness, determination and psychological stability over academic background
• Science is not the main focus of what we are doing; although, crewmembers will take some scientific gear with them
• Mars One officials won\’t dictate what the experiments should be, but there will be a budget for equipment that they want to take for scientific research
• Multimedia
• Mars 2023 – Inhabitants wanted | MarsOneProject
• YouTube Channel | Mars One – Human Settlement of Mars
• Further Reading / In the News
• Mars One
• Private Mars Colony Won\’t Seek Martian Life | Mars One | Space.com

— VIEWER FEEDBACK—

Peter, AKA \”Korlus\” | Check This Out!

• On April 4, 2012 he Fermi spacecraft almost ended it\’s mission to map the highest-energy light in the universe because of a collision with a dead Cold-War spy satellite
• What Happened?
• An automatically generated report arrived from NASA\’s Robotic Conjunction Assessment Risk Analysis (CARA) team based at NASA\’s Goddard Space Flight Center was sent to the FERMI team just one week away from an unusually close encounter with Cosmos 1805, a defunct spy satellite dating back to the Cold War.
• The two objects, speeding around Earth at thousands of miles an hour in nearly perpendicular orbits, were expected to miss each other by a mere 700 feet
• An update days later indicated the satellites would occupy the same point in space within 30 milliseconds of each other
• Using thrusters for use at the end of Fermi\’s operating life designed to take it out of orbit and allow it burn up in the atmosphere they were able to adjust the orbit just slightly enough to evade a collision
• The U.S. Space Surveillance Network continues to keep tabs on every artificial object larger than 4 inches across in Earth orbit. Of the 17,000 objects currently tracked, only about 7 percent are active satellites
• Multimedia
• YouTube | Near Miss – Dead Russian Spy Satellite Forces NASA Probe Move | VideoFromSpace
• YouTube | Animation of Earth with Near-Earth Orbital Debris [HD] | TheMarsUnderground
• Further Reading / In the News
• Mars One
• Private Mars Colony Won\’t Seek Martian Life | Mars One | Space.com

— SPACECRAFT UPDATE—

New Atlantis Exhibit Prep

• The Space shuttle Atlantis is set to go on public display June 29 at NASA\’s Kennedy Space Center Visitor Complex in Florida
• Shuttle Reveal
• It was revealed Friday, April 26 after workers spent two days peeling off its protective shrink-wrap cover of the past five months.
• Workers began carefully cutting back the 16,000 square feet (1,486 square meters) of shrink wrap that protected Atlantis as its $100 million exhibition building was completed around it
• By the end of the first day, the shuttle\’s nose, tail, aft engines and left wing were exposed, the workers completed the process the next day, revealing Atlantis\’ right wing and its 60-foot-long (18 meter) payload bay
• Opening the payload bay is set to begin in May, will take about two weeks, as the doors are very slowly hoisted open, one by one.
• Atlantis has been mounted. Thirty feet (9 meters) in the air, the space shuttle has been tilted 43.21 degrees, such that its left wing extends toward the ground.
• Atlantis will appear to be back in space – an effect that will be enhanced by lighting and a mural-size digital screen that will project the Earth\’s horizon behind the shuttle
• Multimedia
• YouTube Clip | Uncovering the Nose
• YouTube Clip | Uncovering a Wing
• YouTube Clip | Peeling Back the Layers
• YouTube | Shuttle Atlantis Unwrapped & Revealed at Kennedy Visitor Center | SpaceVidsNet
• Further Reading / In the News
• Atlantis Exposed: Space Shuttle Fully Unwrapped for NASA Exhibit | Kennedy Space Center | Space.com

SpaceShipTwo

• Last Time on SciByte
• SciByte 91 | Apollo 13 and Brain Training | Virgin Galactic Test Flight
• Lights Hybrid Rocket Engines
• Virgin Galactic’s SpaceShipTwo (SS2) commercial spaceliner named “Enterprise” lit up her hybrid rocket engines in flight and reached supersonic speeds for the first time in history on
• The Breakdown
• Once SpaceShipTwo is operational, WhiteKnightTwo will carry the vehicle up to an altitude of about 50,000 feet (15,240 meters) before releasing it.
• After separation, SpaceShipTwo will accelerate to 2,500 mph (4,000 km/h) and eventually pass an altitude of 62 miles (100 kilometers), the point at which passengers are considered astronauts
• The spaceship will reach a peak altitude of 68 miles (110 km), giving the six passengers and two pilots about five minutes of weightlessness
• Upon re-entry, SpaceShipTwo will be able to land on a conventional runway
• A seat on board a SpaceShipTwo flight costs $200,000. More than 550 people have put down deposits to reserve a spot
• Multimedia
• YouTube Clip | Release and Rocket Start
• YouTube Clip | In Orbit
• YouTube Clip | Weightless M-M\’s
• YouTube | Virgin Galactic 8 5min video
• Further Reading / In the News
• SpaceShipTwo Fires Rocket Engines for First Ever Supersonic Test Flight- Photos & Video | UniverseToday.com

Opportunity Rover Back Fron Glitch

• Mars rover Opportunity has overcome a glitch that put the robot into standby mode late last month
• What Happened?
• Opportunity apparently put itself into standby auto mode, in which it maintains power balance but waits for instructions from the ground, on April 22, after sensing a problem during a routine camera check, mission officials said.
• The rover\’s handlers didn\’t notice the problem until April 27, when Opportunity got back in touch after a nearly three-week communications moratorium
• They then prepared a new set of commands on April 29 designed to get things back to normal, and the fix has apparently worked
• Further Reading / In the News
• Mars Rover Opportunity Back in Action After Glitch | Mars Solar Conjunction | Space.com

— CURIOSITY UPDATE —

• Smithsonian Award
• The team in charge of successfully landing NASA\’s Mars rover Curiosity has received the Smithsonian National Air and Space Museum\’s highest group honor
• The award is for Current Achievement honors outstanding achievements in the fields of aerospace science and technology
• Several NASA planetary mission teams have won the award in previous years, including last year, when NASA\’s Cassini mission to Saturn
• Haiku to Mars
• NASA is inviting members of the public to submit their names and a personal message online for a DVD to be carried aboard a spacecraft that will study the Martian upper atmosphere
• Information in the show was not all correct, corrected information to come next week
• Conjunction
• YouTube | Mars in a Minute: What Happens When the Sun Blocks our Signal? | JPLnews
• Multimedia
• YouTube | Current Achievement Trophy Award 2013: Mars Science Laboratory Entry, Descent and Landing (EDL) Team | airandspace
• YouTube Curiosity Rover Report JPLnews
• Image Galleries at JPL and Curiosity Mulimedia
• Social Media
• Curiosity Rover @MarsCuriosity
• Further Reading / In the News
• National Air and Space Museum’s Trophy Awarded to Joseph Sutter and the Mars Science Laboratory EDL Team | Smithsonian National Air and Space Museum Press Release
• Curiosity Wins National Air and Space Museum Trophy | https://mars.jpl.nasa.gov
• NASA Wants To Send Your Haiku To Mars | Popular Science

SCIENCE CALENDAR

Looking back

• May 01, 1958 : 55 years ago : Van Allen radiation belts : The discovery of the powerful Van Allen radiation belts that surround Earth was published in the Washington Evening Star. The article covered the report made by their discoverer James. A. Van Allen to the joint symposium of the National Academy of Sciences and the American Physical Society in Washington DC. He used data from the Explorer I and Pioneer III space probes of the earth\’s magnetosphere region to reveal the existence of the radiation belts – concentrations of electrically charged particles. Van Allen (born 7 Sep 1914) was also featured on the cover of the 4 May 1959 Time magazine for this discovery. He was the principal investigator on 23 other space probes

Looking up this week

• Keep an eye out for …
• Thurs | May 9 | New Moon is around 8:28pm EDT in the NW
• Fri | May 10 | ~30 min after sunset you might be able to see a very thin crescent moon near Venus
• Fri | May 10 | An annular eclipse of the Sun crosses parts of Australia and the central Pacific. The eclipse is partial for all of Australia, Indonesia, and Hawaii Map and details
• Sat | May 11 | Evening twilight in the W you can see the crescent moon below Jupiter
• Planets
• Venus | About 15-20 min after sunset in the W-NW it i starting to appear in the evening
• Jupiter | The first \”star\” to come out in the W after sunset, appearing a little lower each day and moving towards the horizon over the course of each night

• Saturn | Was at opposition last week, but still glows bright in the lower E-SE skies in late twilight

• Further Reading and Resources

• Sky&Telescope
• SpaceWeather.com
• StarDate.org
• For the Southern hemisphere: SpaceInfo.com.au
• Constellations of the Southern Hemisphere : astronomyonline.org
• Royal Astronomical Society of New Zealand : rasnz.org.nz
• AstronomyNow
• HeavensAbove

The post Habitable Exoplanets & Diabetes | SciByte 92 first appeared on Jupiter Broadcasting.

We take a look at house calls for ear infections, ig-nobel awards, distant galaxies, UK’s fireball, updates on the Jupiter Impact, Red Bull Stratos, the Shuttle Endeavour, Alcubierre “Warp Drive”, Curiosity updates and as always take a peek back into history and up in the sky this week.

Direct Download:

MP3 Download | Ogg Download | Video | YouTube

RSS Feeds:

MP3 Feed | Ogg Feed | iTunes Feed | Video Feed

Support the Show:

[asa]B001KVZ6HK[/asa]
[asa]0760339414[/asa]
[asa]0813033845[/asa]