The Common Vulnerability and Exposures, or CVE , repository holds the answers to some of information security's most vital questions. Namely, which security issue are we talking about, exactly, and how does it work?

The 25-year-old CVE program, an essential part of global cybersecurity, is cited in nearly any discussion or response to a computer security issue, including Ars posts. CVE was at real risk of closure after its contract was set to expire on April 16. The nonprofit MITRE runs CVE and related programs (like Common Weakness Enumeration, or CWE) on a contract with the US Department of Homeland Security (DHS). A letter to CVE board members sent Tuesday by Yosry Barsoum, vice president of MITRE, gave notice of the potential halt to operations.

"If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum wrote.

Read full article

Comments

A New Mexico man is facing federal charges for two separate incidents of alleged arson—one at an Albuquerque Tesla showroom and one at the New Mexico Republican Party’s office—according to a Monday press release from the Department of Justice.

Jamison Wagner, 40, was charged with allegedly setting fire to a building or vehicle used in interstate commerce. The charge can apply to goods manufactured and sold in different states and the facilities that house them—like the Tesla showroom or the Republican office, which also sells MAGA merchandise. DOJ spokesperson Shannon Shevlin tells WIRED that Wagner’s arrest happened on Saturday.

“Let this be the final lesson to those taking part in this ongoing wave of political violence,” Attorney General Pam Bondi said in the Monday press release. “We will arrest you, we will prosecute you, and we will not negotiate. Crimes have consequences.”

Read full article

Comments

In the AI world, a vulnerability called "prompt injection" has haunted developers since chatbots went mainstream in 2022. Despite numerous attempts to solve this fundamental vulnerability—the digital equivalent of whispering secret instructions to override a system's intended behavior—no one has found a reliable solution. Until now, perhaps.

Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content.

Prompt injection has created a significant barrier to building trustworthy AI assistants, which may be why general-purpose big tech AI like Apple's Siri doesn't currently work like ChatGPT. As AI agents get integrated into email, calendar, banking, and document-editing processes, the consequences of prompt injection have shifted from hypothetical to existential. When agents can send emails, move money, or schedule appointments, a misinterpreted string isn't just an error—it's a dangerous exploit.

Read full article

Comments

There is a signal, born in the earliest days of the cosmos. It’s weak. It’s faint. It can barely register on even the most sensitive of instruments. But it contains a wealth of information about the formation of the first stars, the first galaxies, and the mysteries of the origins of the largest structures in the Universe.

Despite decades of searching for this signal, astronomers have yet to find it. The problem is that our Earth is too noisy, making it nearly impossible to capture this whisper. The solution is to go to the far side of the Moon, using its bulk to shield our sensitive instruments from the cacophony of our planet.

Building telescopes on the far side of the Moon would be the greatest astronomical challenge ever considered by humanity. And it would be worth it.

Read full article

Comments

The rate of autism in a group of 8-year-olds in the US rose from 2.76 percent (1 in 36) in 2020 to 3.22 percent (1 in 31) in 2022, according to a study out Tuesday in the Morbidity and Mortality Weekly Report , a journal published by the Centers for Disease Control and Prevention.

The report's authors—researchers at the CDC and academic institutions across the country— suggest that the slight uptick is likely due to improved access to evaluations in underserved groups, including Black, Hispanic, and low-income communities.

The data comes from the CDC-funded Autism and Developmental Disabilities Monitoring (ADDM) Network. The national network has been tracking the prevalence of autism spectrum disorder (ASD) in 8-year-olds at a handful of sites since 2000, publishing estimates every two years. In 2000, ASD prevalence was 1 in 150, with white children from high-income communities having the highest rates of the developmental disability. In 2020, when the rate hit 1 in 36, it was the first year in which higher ASD rates were seen in underserved communities. That year, researchers also noted that the link between ASD and socioeconomic status evaporated in most of the network.

Read full article

Comments

Google has announced that yet another AI model is coming to Gemini, but this time, it's more than a chatbot. The company's Veo 2 video generator is rolling out to the Gemini app and website, giving paying customers a chance to create short video clips with Google's allegedly state-of-the-art video model.

Veo 2 works like other video generators, including OpenAI's Sora —you input text describing the video you want, and a Google data center churns through tokens until it has an animation. Google claims that Veo 2 was designed to have a solid grasp of real-world physics, particularly the way humans move. Google's examples do look good, but presumably that's why they were chosen.

Prompt: Aerial shot of a grassy cliff onto a sandy beach where waves crash against the shore, a prominent sea stack rises from the ocean near the beach, bathed in the warm, golden light of either sunrise or sunset, capturing the serene beauty of the Pacific coastline.

Read full article

Comments

The Trump White House is proposing to eliminate most federal funding for National Public Radio (NPR) and the Public Broadcasting Service (PBS) and issued a statement yesterday alleging that NPR and PBS "spread radical, woke propaganda disguised as 'news.'"

"The NPR, PBS grift has ripped us off for too long," the White House statement said.

White House budget director Russ Vought drafted a memo for a rescission plan that would eliminate funding already approved by Congress, according to multiple news reports. This includes $1.1 billion for the Corporation for Public Broadcasting (CPB), or about two years' worth of funding for the nonprofit group that provides money to public broadcasting stations.

Read full article

Comments

More than 45 million people in the US are fans of bowling, with national competitions awarding millions of dollars. Bowlers usually rely on instinct and experience, earned through lots and lots of practice, to boost their strike percentage. A team of physicists has come up with a mathematical model to better predict ball trajectories, outlined in a new paper published in the journal AIP Advances. The resulting equations take into account such factors as the composition and resulting pattern of the oil used on bowling lanes, as well as the inevitable asymmetries of bowling balls and player variability.

The authors already had a strong interest in bowling. Three are regular bowlers and quite skilled at the sport; a fourth, Curtis Hooper of Longborough University in the UK, is a coach for Team England at the European Youth Championships. Hooper has been studying the physics of bowling for several years, including an analysis of the 2017 Weber Cup, as well as papers devising mathematical models for the application of lane conditioners and oil patterns in bowling.

The calculations involved in such research are very complicated because there are so many variables that can affect a ball's trajectory after being thrown. Case in point: the thin layer of oil that is applied to bowling lanes, which Hooper found can vary widely in volume and shape among different venues, plus the lack of uniformity in applying the layer, which creates an uneven friction surface.

Read full article

Comments

Infamous Internet imageboard and wretched hive of scum and villainy 4chan was apparently hacked at some point Monday evening and remains mostly unreachable as of this writing. DownDetector showed reports of outages spiking at about 10:07 pm Eastern time on Monday, and they've remained elevated since.

Posters at Soyjack Party , a rival imageboard that began as a 4chan offshoot, claimed responsibility for the hack. But as with all posts on these intensely insular boards, it's difficult to separate fact from fiction. The thread shows screenshots of what appear to be 4chan's PHP admin interface, among other screenshots, that suggest extensive access to 4chan's databases of posts and users.

Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities . Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version.

Read full article

Comments