Berlin Builds a Giant Thermos to Help Heat Homes This Winter

The Associated Press reports on a massive new 150-foot (45-meter) tower going up in Berlin — just to hold 56 million liters (14.8 million gallons) of hot water that “will help heat Berlin homes this winter even if Russian gas supplies dry up…”

“[T]he new facility unveiled Thursday at Vattenfall’s Reuter power station will hold water brought to almost boiling temperature using electricity from solar and wind power plants across Germany. During periods when renewable energy exceeds demand the facility effectively acts as a giant battery, though instead of storing electricity it stores heat…”

“It’s a huge thermos that helps us to store the heat when we don’t need it,” said Tanja Wielgoss, who heads the Sweden-based company’s heat unit in Germany. “And then we can release it when we need to use it…. Sometimes you have an abundance of electricity in the grids that you cannot use anymore, and then you need to turn off the wind turbines,” said Wielgoss. “Where we are standing we can take in this electricity.”

The 50-million-euro ($52 million) facility will have a thermal capacity of 200 Megawatts — enough to meet much of Berlin’s hot water needs during the summer and about 10% of what it requires in the winter. The vast, insulated tank can keep water hot for up to 13 hours, helping bridge short periods when there’s little wind or sun….

Berlin’s top climate official, Bettina Jarasch, said the faster such heat storage systems are built, the better. “Due to its geographic location the Berlin region is even more dependent on Russian fossil fuels than other parts of Germany,” she told The Associated Press. “That’s why we’re really in a hurry here.”
“While it will be Europe’s biggest heat storage facility when it’s completed at the end of this year, an even bigger one is already being planned in the Netherlands.”

Read more of this story at Slashdot.

As TikTok Promises US Servers, FCC Commissioner Remains Critical of Data Privacy

On Tuesday Brendan Carr, a commissioner on America’s Federal Communications Commission,warned on Twitter that TikTok, owned by China-based company ByteDance, “doesn’t just see its users dance videos:
It collects search and browsing histories, keystroke patterns, biometric identifiers, draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. Tiktok’s pattern of misrepresentations coupled with its ownership by an entity beholden to the Chinese Community Party has resulted in U.S. military branches and national security agencies banning it from government devices…. The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.

Today CNN interviewed Carr, while also bringing viewers an update. TikTok’s China-based employees accessed data on U.S. TikTok users, BuzzFeed had reported — after which TikTok announced it intends to move backup data to servers in the U.S., allowing them to eventually delete U.S. data from their servers. But days later Republican Senator Blackburn was still arguing to Bloomberg that “Americans need to know if they are on TikTok, communist China has their information.”

And FCC commissioner Carr told CNN he remains suspicious too:
Carr: For years TikTok has been asked directly by U.S. lawmakers, ‘Is any information, any data, being accessed by personnel back in Beijing?’ And rather than being forthright and saying ‘Yes, and here’s the extent of it and here’s why we don’t think it’s a problem,’ they’ve repeatedly said ‘All U.S. user data is stored in the U.S.,” leaving people with the impression that there’s no access…. This recent bombshell reporting from BuzzFeed shows at least some of the extent to which massive amounts of data has allegedy been going back to Beijing.

And that’s a problem, and not just a national security problem. But to me it looks like a violation of the terms of the app store, and that’s why I wrote a letter to Google and Apple saying that they should remove TikTok and boot them out of the app store… I’ve left them until July 8th to give me a response, so we’ll see what they say. I look forward to hearing from them. But there’s precedence for this. Before when applications have taken data surreptitiously and put it in servers in China or otherwise been used for reasons other than servicing the application itself, they have booted them from the app store. And so I would hope that they would just apply the plain terms of their policy here.

When CNN points out the FCC doesn’t have jurisdiction over social media, Carr notes “speaking for myself as one member” they’ve developed “expertise in terms of understanding how the CCP can effectively take data and infiltrate U.S. communications’ networks. And he points out that the issue is also being raised by Congressional hearings and by Republican and Democrat Senators signing joint letters together, so “I’m just one piece of a broader federal effort that’s looking at the very serious risks that come from TikTok.”
Carr: At the end of the day, it functions as sophisticated surveillance tool that is harvesting vast amounts of data on U.S. users. And I think TikTok should answer point-blank, has any CCP member obtained non-public user data or viewed it. Not to answer with a dodge, and say they’ve never been asked for it or never received a request. Can they say no, no CCP member has ever seen non-public U.S. user data.
Carr’s appearance was followed by an appearance by TikTok’s VP and head of public policy for the Americas. But this afternoon Carr said on Twitter that TikTok’s response contradicted its own past statements:

Today, a TikTok exec said it was “simply false” for me to say that they collect faceprints, browsing history, & keystroke patterns.

Except, I was quoting directly from TikTok’s own disclosures.

TikTok’s concerning pattern of misrepresentations about U.S. user data continues.
toay

Read more of this story at Slashdot.

How Bug Bounty Platform HackerOne Handled Its Own ‘Internal Threat’ Actor

Bug bounty platform HackerOne has “a steadfast commitment to disclosing security incidents,” according to a new blog post, “because we believe that sharing security information far and wide is essential to building a safer internet.”

But now they’ve had an incident of their own:
On June 22nd, 2022, a customer asked us to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform. The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer. Additionally, the submitter’s disclosure was similar to an existing disclosure previously submitted through HackerOne… Upon investigation by the HackerOne Security team, we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.

This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate.

The blog post includes a detailed timeline of HackerOne’s investigation. (They remotely locked the laptop, later taking possession of it for analysis, along with reviewing all data accessed “during the entirety of their two and a half months of employment” and notification of seven customers “known or suspected to be in contact with threat actor.”)

“We are confident the insider access is now contained,” the post concludes — outlining how they’ll respond and the lessons learned. “We are happy that our previous investments in logging enabled an expedient investigation and response…. To ensure we can proactively detect and prevent future threats, we are adding additional employees dedicated to insider threats that will bolster detection, alerting, and response for business operations that require human access to disclosure data….”

“We are allocating additional engineering resources to invest further in internal models designed to identify anomalous access to disclosure data and trigger proactive investigative responses…. We are planning additional simulations designed to continuously evaluate and improve our ability to effectively resist insider threats.”

Read more of this story at Slashdot.

How the Higgs Boson Particle Ruined Peter Higgs’s Life

93-year-old Peter Higgs was awarded a Nobel Prize nine years ago after the Large Hadron Collider experiments finally confirmed of the existence Higgs boson particles he’d predicted back in 1964. “This discovery was a seminal moment in human culture,” says physicist Frank Close, who’s written the new book Elusive: How Peter Higgs Solved the Mystery of Mass .

But Scientific American reports there’s more to the story:
For years, the significance of the prediction was lost on most scientists, including Higgs himself. But gradually it became clear that the Higgs boson was not just an exotic sideshow in the particle circus but rather the main event. The particle and its associated Higgs field turned out to be responsible for giving all other particles mass and, in turn, creating the structure of galaxies, stars and planets that define our universe and enable our species… Yet the finding, however scientifically thrilling, pushed a press-shy Peter Higgs into the public eye. When he shared the Nobel Prize in Physics the next year, Higgs left his home in Edinburgh and camped out at a pub across town on the day of the announcement so the prize committee wouldn’t be able to reach him.

Physicist Close shares more details in an interview with Scientific American:

Close: One of the biggest shocks I had when I was interviewing him was when he said the discovery of the boson “ruined [his] life.” I thought, “How can it ruin your life when you have done some beautiful mathematics, and then it turns out you had mysteriously touched on the pulse of nature, and everything you’ve believed in has been shown to be correct, and you’ve won a Nobel Prize? How can these things amount to ruin?” He said, “My relatively peaceful existence was ending. My style is to work in isolation and occasionally have a bright idea.” He is a very retiring person who was being thrust into the limelight.

That, to my mind, is why Peter Higgs the person is still elusive to me even though I’ve known him for 40 years…

Higgs had spent two to three years really trying to understand a particular problem. And because he had done that hard work and was still trying to deepen his understanding of this very profound concept, when a paper turned up on his desk posing a related question, Higgs happened to have the answer because of the work he’d done. He sometimes says, “I’m primarily known for three weeks of my life.” I say, “Yes, Peter, but you spent two years preparing for that moment.”

Q: The discovery of the Higgs boson came nearly 50 years after Higgs’s prediction, and he said he never expected it to be found in his lifetime. What did it mean to him that the particle was finally detected?

He said to me that his first reaction was one of relief that it was indeed confirmed. At that moment he knew [the particle existed] after all, and he felt a profound sense of being moved that that was really the way it was in nature — and then panic that his life was going to change.

Read more of this story at Slashdot.

Google Launches Advanced API Security To Protect APIs From Growing Threats

Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that’s designed to detect security threats as they relate to APIs. TechCrunch reports: Built on Apigee, Google’s platform for API management, the company says that customers can request access starting today. Short for “application programming interface,” APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they’re also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. […] With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. “Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources,” Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. “Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards… Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.”

Read more of this story at Slashdot.