Tag Archives: expose

Thousands of Websites Expose Security Credentials: Accidental Leak Alert

Posted on by
Reply

Sure! Here’s the rewritten content, optimized for SEO while maintaining the HTML structure:

Leaked API Keys

API Key Leaks: A Major Threat to Business Security

Vertigo3d/Getty Images

Critical security credentials, including API keys, are mistakenly exposed on thousands of websites, putting organizations—ranging from small startups to large banks and healthcare providers—at significant risk.

These leaks could grant unauthorized users access to sensitive data, like RSA private keys, enabling attackers to impersonate servers, decrypt private communications, and potentially seize complete control over a company’s digital infrastructure. “This is a pressing issue impacting entities of all sizes,” states Nurula Demir from Stanford University, California.

Demir and colleagues conducted an analysis of 10 million web pages to identify the extent of exposed API credentials. API keys facilitate seamless communication between different software systems and serve as access tokens for cloud platforms, payment processing, and messaging services.

Through their web scans, the researchers validated 1,748 exposed credentials from 14 leading service providers, including Amazon Web Services, Stripe, GitHub, and OpenAI, found across approximately 10,000 compromised websites.

The accountability for these vulnerabilities lies not with the service providers, but with the developers and operators who misconfigured their websites. While the specific companies affected were not named, they reportedly include “global systemically important financial institutions,” firmware developers, and major hosting platforms.

“We have alerted all entities concerning identified exposures,” said DeMille. Approximately half of the organizations remedied their exposed API keys within two weeks; however, some did not respond.

On average, leaked credentials remain accessible for 12 months, with some lasting as long as five years. The majority (around 84%) of compromised credentials were located within the JavaScript environment, likely due to developers improperly using bundler tools for code packaging.

The remaining 16% originated from third-party resources, where misconfigured external plugins or scripts inadvertently exposed sensitive credentials online.

“None of these developers intended for their systems to be insecure,” explains Katie Paxton-Fear from Manchester Metropolitan University, UK. Issues arose due to programming intricacies, leading to accidental exposure. “They followed best practices, but vulnerabilities emerged during the development process,” she adds.

Leaking API keys is a “significant concern in modern software development,” notes Nick Nikiforakis from Stony Brook University, New York. “API keys replace user credentials, granting authorization without direct authentication. However, their misconfiguration can lead to serious security threats.”

DeMille emphasizes shared responsibility in addressing these vulnerabilities. “Developers must exercise caution in using API credentials,” he advises, alongside ensuring proper configuration of their development environments. He further suggests website-building tool creators should design systems to automatically hide private keys by default, rather than relying on developers to manage these protections manually, and that hosting companies should proactively monitor for exposed keys and disable them immediately.

Topic:

This version improves keyword density and enhances clarity while keeping HTML formatting intact.

Source: www.newscientist.com

How Sharing Genetic Risk Scores Could Unintentionally Expose Personal Secrets

Posted on by
Reply

Unlocking Genetic Data: The Risks of Polygenic Risk Scores

Genetic data can be analyzed to estimate the risk of developing specific health conditions. Science Photo Library / Alamy

Polygenic risk scores (PRS) summarize an individual’s likelihood of developing particular health conditions, revealing insights into a person’s DNA through advanced mathematical methods. These scores could potentially be leveraged by health insurance companies to reconstruct genetic data from summary genomic reports, uncovering health risks that patients might not disclose. Furthermore, individuals sharing their scores anonymously could be identified by extracting genetic data and querying public genealogy databases.

Understanding Polygenic Risk Scores

Polygenic risk scores measure the impact of variations in tens to thousands of specific letters in the genome, known as single nucleotide polymorphisms (SNPs). Researchers and DNA testing companies like 23andMe use these scores to summarize potential health risks, which may also be made public by individuals seeking advice on score interpretation.

Solve a polygenic risk score is akin to deducing a phone number, only knowing that the digits sum up to a specific number, illustrating a mathematical challenge known as the knapsack problem. This complexity makes PRS considered to have a low privacy risk.

However, each SNP value in the score is multiplied by a highly precise weight—up to 16 orders of magnitude—reflecting its contribution to overall disease risk. This makes even low-risk models vulnerable to data attacks.

Research Findings on Genetic Risk Scores

According to Gamze Gyursoy at Columbia University, “The final polygenic risk score can be estimated with a high degree of accuracy because it is constrained by the finite methodology used to reach that figure and the statistically probable arrangement of the underlying SNPs.” Gyursoy, alongside Kiril Nikitin, also from Columbia, conducted experiments using 298 polygenic risk models based on data from 2,353 individuals. They worked backwards to calculate all possible genomes that could generate each score while excluding those with numerous rare mutations.

As a result, they were able to reconstruct donor genotypes with an impressive 94.6% accuracy and accurately predicted 2,450 SNPs per person. Testing revealed that just 27 SNPs were sufficient to identify an individual from a pool of 500,000 samples, with up to 90% accuracy in predicting family relationships. Interestingly, individuals of African and East Asian descent were easier to identify, largely due to underrepresentation in available genetic databases.

Mitigating Risks and Ethical Considerations

Gyursoy highlights that 447 small, high-precision models in the public database of polygenic scores are susceptible to such attacks. “I wanted to emphasize that the risk is low; however, [certain conditions] still present the potential for data leakage, which must be considered in study planning, especially when involving vulnerable populations,” Gyursoy states.

Researchers at Massachusetts General Hospital believe existing data protection methods and computational barriers limit the potential misuse of polygenic risk scores. “These findings serve as a crucial reminder that small models should be treated as sensitive data in clinical reporting and informed consent discussions,” they add.

Source: www.newscientist.com

Unlocking the Secrets of Jupiter and Saturn: How Polar Cyclones Expose Hidden Interiors

Posted on by
Reply

A groundbreaking study by planetary scientists at the Massachusetts Institute of Technology (MIT) reveals how the significant differences in polar vortex patterns between Jupiter and Saturn are influenced by the unique properties of their deep interiors. These findings offer valuable insights into the structure of these gas giants.

This composite image, captured by the JIRAM instrument aboard NASA’s Juno satellite, depicts a central low-pressure system at Jupiter’s north pole along with eight surrounding low-pressure systems. The colors in this image represent radiant heat, revealing temperature variations in their cloud layers. Image credit: NASA / JPL-Caltech / SwRI / ASI / INAF / JIRAM.

“Our study shows that the internal properties, including the softness of the vortex base, influence the fluid patterns observed at the surface,” explained Dr. Wang-Ying Kang from MIT.

The research was inspired by stunning images of Jupiter and Saturn obtained from NASA’s Juno and Cassini missions.

Since 2016, Juno has been orbiting Jupiter and revealing astonishing details about its north pole and intricate spiral formations.

The data suggest that each vortex on Jupiter is immense, measuring around 5,000 km (3,000 miles) in diameter.

Meanwhile, Cassini documented Saturn’s iconic polar vortex, which spans a singular hexagonal shape approximately 29,000 km (18,000 miles) wide, before its controlled descent into Saturn’s atmosphere in 2017.

“Despite their similarities in size and primary composition of hydrogen and helium, deciphering the differences in polar vortices between Jupiter and Saturn has been challenging,” noted MIT graduate student Jial Shi.

Researchers aimed to uncover the physical mechanisms behind the formation of either a single vortex or multiple vortices on these distant planets.

To achieve this, they employed a two-dimensional model of surface fluid dynamics.

While polar vortices are inherently three-dimensional, the fast rotation of Jupiter and Saturn leads to uniform motion along their rotational axes, allowing the team to effectively analyze vortex evolution in two dimensions.

“In rapidly rotating systems, fluid motion tends to be uniform along the axis,” Dr. Kang added. “This insight allowed us to convert a 3D challenge into a 2D problem, significantly speeding up simulations and reducing costs.”

With this in mind, researchers created a two-dimensional model of vortex behavior in gas giants, adapting equations that describe the evolution of swirling fluids over time.

“This equation is commonly used in various situations, including modeling cyclones on Earth,” Dr. Kang stated. “We tailored it for the polar regions of Jupiter and Saturn.”

Scientists applied the two-dimensional model to simulate fluid dynamics on gas giants in various scenarios, adjusting parameters such as planetary size, rotational speed, internal heating, and the characteristics of the fluid.

They introduced random “noise” to simulate initial chaotic fluid flow on the planets’ surfaces.

By analyzing how this fluid evolved over time across different scenarios, the researchers found that some conditions led to the formation of a single large polar vortex, akin to Saturn’s structure, while others resulted in multiple smaller vortices, similar to those on Jupiter.

Through careful examination of the parameters affecting each scenario, the study identified a unifying mechanism: the softness of the vortex base constrains the size that vortices can attain.

The softer and lighter the gas at the bottom of the vortex, the smaller the resulting vortex, enabling multiple smaller vortices to exist at Jupiter’s poles. Conversely, a denser and harder base permits the growth of sizable vortices, manifesting as a singular entity like Saturn.

If this mechanism holds for both gas giants, it could suggest that Jupiter has a softer internal composition, while Saturn may contain denser materials.

“The fluid patterns we observe on the surface of Jupiter and Saturn may provide insights into their interior compositions,” Shi remarked.

“This is crucial because Saturn’s interior likely harbors richer metals and more condensable materials, leading to stronger stratification than that found in Jupiter,” Shi added. “This will enhance our understanding of gas giant planets.”

The team’s findings will be published in the Proceedings of the National Academy of Sciences.

_____

Gial Sea & One In Can. 2026. Polar vortex dynamics of gas giant planets: Insights from 2D energy cascades. PNAS in press.

Source: www.sci.news

New findings finally expose the true differences between male and female brains

Posted on by
Reply

Since the beginning of time, men and women have tended to have different social roles, interests, and occupations. It is natural to think that perhaps these stem from innate differences in their brains and more obvious differences in their bodies. This idea has long been controversial, but now that ideas about gender are changing more rapidly than ever, the question of whether male and female brains are different has become more acute. There is. This remains a controversial issue even among neuroscientists. Nevertheless, they are finally cutting into historical discrimination and gender politics and trying to get to the truth.

Early measurements of skull volume showed that, on average, male brains are slightly larger and heavier than female brains. Some commentators argued that this “five ounce deficit” was the key to the man's superior abilities. In fact, the simple explanation is that the larger the body, the more brain tissue it requires to move it. This is a relationship found across animal species.

The situation became even more complicated in the 1990s with the advent of brain scanning technology, which suggested sex differences in the size of certain brain regions and structures. These findings often turned into compelling stories about, for example, why women are more empathetic on average or why men are more likely to become engineers. But studies from the early decades of brain scanning research should be taken with a pinch of salt, he says. leeds elliott at Rosalind Franklin University in Illinois. “When we control for brain size, all claims about volumetric differences in individual structures disappear…

Source: www.newscientist.com

Ubiquiti resolves bug that could expose private video streams to other customers.

Posted on by
Reply

Ubiquity, a maker of networking and video surveillance cameras, has fixed a bug that it claims allowed users to accidentally grant access to other customers’ accounts and private live video streams.

report appeared first On Reddit, some Customer received push notification You can view Ubiquiti account-related information and other customers’ private video streams on your phone. Another person said they logged into their Ubiquiti account, but I was presented with another customer’s account data.

One person on the Ubiquiti subreddit said, “When I log in, I feel like a different person.” Another user said he had “full access” to dozens of consoles that did not belong to him.

Ubiquiti is a cloud and technology company that manufactures routers, network switches, security and video surveillance equipment that can be controlled and operated remotely through a centralized cloud product.

in Subsequent posts to community forumsUbiquiti said it had “identified and addressed the cause of this issue,” and the company attributed the issue to an upgrade to its cloud infrastructure.

“We have observed a small number of instances where users received push notifications on their mobile devices that appeared to come from an unknown console, or where such users were able to access a console that was not theirs,” Ubiquiti said. Unnamed employee.

The company announced that 1,216 accounts from one group were improperly associated with 1,177 accounts from another group, and the mixed access lasted approximately nine hours on December 13th.

Although this appears to be a misconfiguration rather than a criminal case, mistakes happen, and this is a reminder that Ubiquiti still retains broad access and control over its customers’ devices and data.

Source: techcrunch.com