AmbiguousProps

The Port of Seattle continues to deal with an ongoing cyberattack that began Saturday and was still affecting various operations through Sunday, including at Seattle-Tacoma International Airport.

The Port detected “unauthorized activity” on its systems Saturday morning in what it believes was a cyberattack, said Lance Lyttle, managing director of aviation for Sea-Tac Airport.

“We can’t yet say when this will be resolved,” Lyttle said at a media press conference Sunday.

I do some freelance on the side and it's getting kind of difficult to properly track my billable hours. Is there an invoice system that I can track them with, along with generating invoices?

Thanks!

Back in 2013, Nvidia introduced a new technology called G-Sync to eliminate screen tearing and stuttering effects and reduce input lag when playing PC games. The company accomplished this by tying your display's refresh rate to the actual frame rate of the game you were playing, and similar variable refresh-rate (VRR) technology has become a mainstay even in budget monitors and TVs today.

The issue for Nvidia is that G-Sync isn't what has been driving most of that adoption. G-Sync has always required extra dedicated hardware inside of displays, increasing the costs for both users and monitor manufacturers. The VRR technology in most low-end to mid-range screens these days is usually some version of the royalty-free AMD FreeSync or the similar VESA Adaptive-Sync standard, both of which provide G-Sync's most important features without requiring extra hardware. Nvidia more or less acknowledged that the free-to-use, cheap-to-implement VRR technologies had won in 2019 when it announced its "G-Sync Compatible" certification tier for FreeSync monitors. The list of G-Sync Compatible screens now vastly outnumbers the list of G-Sync and G-Sync Ultimate screens.

According to the documents, Cellebrite could not unlock any iPhones running iOS 17.4 or newer as of April 2024, labeling them as “In Research.” For iOS versions 17.1 to 17.3.1, the company could unlock the iPhone XR and iPhone 11 series using their “Supersonic BF” (brute force) capability. However, iPhone 12 and newer models running these iOS versions were listed as “Coming soon.”

The Android support matrix showed broader coverage for locked Android devices, though some limitations remained. Notably, Cellebrite could not brute force Google Pixel 6, 7, or 8 devices that had been powered off. The document also specifically mentioned GrapheneOS, a privacy-focused Android variant reportedly gaining popularity among security-conscious users.

Links to the docs:

iPhone

Android

GrapheneOS has a thread about this on Mastodon, which adds a bit more detail:

Cellebrite was a few months behind on supporting the latest iOS versions. It's common for them to fall a few months behind for the latest iOS and quarterly/yearly Android releases. They've had April, May, June and July to advance further. It's wrong to assume it didn't change.

404media published an article about the leaked documentation this week but it doesn't go into depth analyzing the leaked information as we did, but it didn't make any major errors. Many news publications are now writing highly inaccurate articles about it following that coverage.

The detailed Android table showing the same info as iPhones for Pixels wasn't included in the article. Other news publications appear to be ignoring the leaked docs and our thread linked by 404media with more detail. They're only paraphrasing that article and making assumptions.

We received Cellebrite's April 2024 Android and iOS support documents in April and from another source in May before publishing it. Someone else shared those and more documents on our forum. It didn't help us improve GrapheneOS, but it's good to know what we're doing is working.

It would be a lot more helpful if people leaked the current code for Cellebrite, Graykey and XRY to us. We'll report all of the Android vulnerabilities they use whether or not they can be used against GrapheneOS. We can also make suggestions on how to fix vulnerability classes.

In April, Pixels added a reset attack mitigation feature based on our proposal ruling out the class of vulnerability being used by XRY.

In June, Pixels added support for wipe-without-reboot based on our proposal to prevent device admin app wiping bypass being used by XRY.

In Cellebrite's docs, they show they can extract the iOS lock method from memory on an After First Unlock device after exploiting it, so the opt-in data classes for keeping data at rest when locked don't really work. XRY used a similar issue in their now blocked Android exploit.

GrapheneOS zero-on-free features appear to stop that data from being kept around after unlock. However, it would be nice to know what's being kept around. It's not the password since they have to brute force so it must be the initial scrypt-derived key or one of the hashes of it.

The China National Space Administration (CNSA) has released a video of its concept for a lunar base to be developed across the next couple of decades.

CNSA unveiled the video on Wednesday (April 24) as part of the country's annual space day celebrations. The project is known as the International Lunar Research Station (ILRS) and was jointly announced in 2021 by China and Russia.

China is now leading the moon base initiative and attempting to attract international partners for the endeavor. So far, alongside China, Russia, Venezuela, Pakistan, Azerbaijan, Belarus, South Africa, Egypt, Thailand and Nicaragua have joined the initiative, according to Space News.

One curious detail of the video is the presence of a retired NASA Space Shuttle appearing to lift off from a launch pad in the background.

Tesla has seen its profits more than halve this year, and says it will bring forward the launch of new models after announcing thousands of job cuts to try to reverse its fortunes.

Despite plans to bring forward new models originally planned for next year the firm is cutting its workforce.

Tesla said it would lose 3,332 jobs in California and 2,688 positions in Texas, starting mid-June.

The cuts in Texas represent 12% of Tesla's total workforce of almost 23,000 in the area where its gigafactory and headquarters are located.

Google fired 28 employees in connection with sit-in protests at two of its offices this week, according to an internal memo obtained by The Verge. The firings come after 9 employees were suspended and then arrested in New York and California on Tuesday.

In a memo sent to all employees on Wednesday, Chris Rackow, Google’s head of global security, said that “behavior like this has no place in our workplace and we will not tolerate it.”

He also warned that the company would take more action if needed: “The overwhelming majority of our employees do the right thing. If you’re one of the few who are tempted to think we’re going to overlook conduct that violates our policies, think again. The company takes this extremely seriously, and we will continue to apply our longstanding policies to take action against disruptive behavior — up to and including termination.”

Is there an easy way to do this? I suppose I could just copy the files manually but is there a better option? Thanks!

Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency.

"At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer.

"We've heard from you, our diners, that trust and transparency are important when looking at reviews."

"To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.

When leaving reviews on OpenTable, members specify a "Review display name" that will be shown in the review, allowing feedback to be left anonymously.

Under this new policy change, a member's first name and profile picture will now be displayed in new and past reviews.