An anonymous reader quotes a report from Ars Technica: An analysis of 2,007 damaged or defective hard disk drives (HDDs) has led a data recovery firm to conclude that "in general, old drives seem more durable and resilient than new drives." The statement comes from a Los Angeles-headquartered HDD, SSD, and RAID data recovery firm aptly named Secure Data Recovery that has been in business since 2007 and claims to have resolved more than 100,000 cases. It studied the HDDs it received in 2022. "Most" of those drives were 40GB to 10TB, according to a blog post by Secure Data Recovery spotted by Blocks & Files on Thursday.

Secure Data Recovery's March 8 post broke down the HDDs it received by engineer-verified "power-on hours," or the total amount of time the drive was functional, starting from when its owner began using it and ending when the device arrived at Secure Data Recovery. The firm also determined the drives' current pending sector count, depicting "the number of damaged or unusable sectors the hard drive developed during routine read-and-write operations." The company's data doesn't include HDDs that endured non-predictable failures or damage by unexpected events, such as electrical surges, malware, natural disasters, and "accidental mishandling," the company said.

Among the sample, 936 drives are from Western Digital, 559 come from Seagate, 211 are Hitachi brand, 151 are Toshiba's, 123 are Samsung's, and there are 27 Maxtor drives. Notably, 74.5 percent of the HDDs came from either Western Digital or Seagate, which Secure Data Recovery noted accounted for 80 percent of hard drive shipments in 2021, citing Digital Storage Technology Newsletter data shared by Forbes. The average time before failure among the sample size was 2 years and 10 months, and the 2,007 defective HDDs had an average of 1,548 bad sectors. "While 1,548 bad sectors out of hundreds of millions or even billions of disk subdivisions might seem minuscule, the rate of development often increases, and the risk of data corruption multiplies," the blog said. "We found that the five most durable and resilient hard drives from each manufacturer were made before 2015," says Secure Data Recovery. "On the other hand, most of the least durable and resilient hard drives from each manufacturer were made after 2015." One of the reasons for this may have to do with HDD manufacturers "pushing the performance envelope," adds Ars. "This includes size limits that cut 'allowance between moving parts, appearing to affect mechanical damage and wear resistance.'"

Secure Data Recovery also believes that shingled magnetic recording (SMR) impacts HDD reliability, as the disks place components under "more stress."

"What this study shows is not the average working life of a hard disk drive," notes Blacks & Files. "Instead it provides the average working life if a failed disk drive. Cloud storage provider Backblaze issues statistics about the working life of its disk drive fleet and its numbers are quite different." A recent report of theirs found that SSDs are more reliable than HDDs.

After almost 17 years online, file-hosting veteran Zippyshare will shut down at the end of the month. TorrentFreak: Founded in 2006, Zippyshare was known for its free, no-nonsense, no-frills approach to storing files online. Having changed very little over the years, Zippyshare's operators say the platform is now a dinosaur that costs too much to run in a world where ad-blocking is widespread. Zippyshare said, "Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore."

Liliputing.com has an update about the System76 Meerkat, which they describe as "a compact desktop computer with support for up to 64GB of RAM, up to two storage devices (for as much as 16TB of total storage), and up to an Intel Core i7 mobile processor. It's basically a rebranded Intel NUC." (Escept that System76 offers a choice of Pop!_OS or Ubuntu Linux pre-installed.)

"Previously available with a choice of 10th or 11th-gen Intel Core processor options, the Meerkat now also supports 12th-gen Intel chips." That means there are a total of 9 different processor options available. Prices start at $499 for an entry-level model with a Core i3-10110U processor, 8GB of RAM and a 128GB SSD. The prices rises by $50 if you want to go with a Core i3-1135G4 model, while prices start at $599 for a Meerkat mini PC with a 12th-gen Intel Core processor....

But the biggest difference is that Intel's 12th-gen processors introduce a hybrid architecture that pairs Performance and Efficiency cores, leading to much higher core counts for better multi-core performance.

An anonymous reader quotes a report from Ars Technica: The creators of the all-open source MNT Reform laptop are getting nearer to launching its handheld counterpart: The crowdfunding campaign for the 7-inch MNT Pocket Reform has officially launched and is also serving as a de-facto preorder system for the device. The cheapest version of the Pocket Reform starts at $899, and it's also being offered in purple for $969 or in a bundle with a 1TB SSD, carrying case, handbook, and poster for $1,299. All versions are currently slated to ship in mid-October.

Like the full-size Reform, the pocket version uses open source hardware and a mechanical keyboard (buyers can choose either white or red Kalih switches). But the pocket version uses a 7-inch 1920x1200 LCD screen instead of a 12.5-inch version and comes with fewer and smaller ports (two USB-C, one micro HDMI, a microSD port, and one ix industrial mini Ethernet port). Its keyboard also comes with an individually programmable RGB backlight, and its trackball-style pointing device has been downsized to fit into the smaller design. The Pocket Reform also includes built-in Wi-Fi and Bluetooth, 128GB of built-in eMMC storage, and an expansion slot for 4G cellular connectivity. The device will also boot from microSD cards or an NVMe SSD installed in the device's M.2 slot. Its 8000 mAh batteries will allow it to run for about four hours. MNT warns in its blog post that "risks and challenges" could delay the October shipping timeline:

"Pocket Reform has hundreds of electronic components. We tried to pick them so that there will be enough stock when we get around to manufacturing the boards, but it's always possible that there could be a sudden component shortage or increase in price. If that should happen, we would have to re-engineer the affected PCB and exchange the part, causing a delay in continued production. We had to adapt our products several times during the global chip crisis, so we are confident that we'll be able to work around any difficulties. Should any situation arise that would delay the estimated shipping timeline, backers will be informed promptly via project updates."

An anonymous reader shares a report: The Google Pixel Fold could be available as soon as the second week in June, according to WinFuture's Roland Quandt. The reliable leaker tweeted on Tuesday that the phone will come with 256GB base storage and that you'll be able to get it in either a black / dark gray color or white. The foldable has been rumored for a long time, and there have been whispers that it would be announced sometime in the next few months. However, a January report from The Elec threw some cold water on that idea, saying that the screen wasn't even set to go into production until July or August.

Google announced a raft of new artificial intelligence-powered features for customers of its cloud-computing business, as the technology giant jostles for dominance in the burgeoning field with rivals such as Microsoft and startup OpenAI. From a report: As Silicon Valley buzzes about so-called generative AI -- software that can create images, text and video based on user prompts -- Google Cloud offered a glimpse of what it's doing to keep up in the race. In a demonstration, the company showed how cloud customers will be able to use its AI tools to create presentations and sales-training documents, take notes during meetings and draft emails to colleagues. The company also made some of its underlying AI models available to developers so they can build their own applications using Google's technology.

Alphabet-owned Google also said Tuesday it had signed up a flurry of AI startups as customers for its cloud service, including Midjourney, which offers an image-generation system, and AI21, which specializes in technology known as large language models. Google is offering young AI-focused businesses $250,000 in free use of its cloud -- which provides computing horsepower and storage -- for the first year, which the company said is 2 1/2 times what it typically offers. "We believe in having a broad, vibrant partner ecosystem for AI," Thomas Kurian, chief executive officer of Google Cloud, said in an interview.

Politico reports: Governments and businesses have spent two decades rushing to the cloud — trusting some of their most sensitive data to tech giants that promised near-limitless storage, powerful software and the knowhow to keep it safe.

Now the White House worries that the cloud is becoming a huge security vulnerability.

So it's embarking on the nation's first comprehensive plan to regulate the security practices of cloud providers like Amazon, Microsoft, Google and Oracle, whose servers provide data storage and computing power for customers ranging from mom-and-pop businesses to the Pentagon and CIA.... Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry....

So far, cloud providers have haven't done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies. That risk is only growing, said Rob Knake, the deputy national cyber director for strategy and budget. Foreign hackers have become more adept at "spinning up and rapidly spinning down" new servers, he said — in effect, moving so quickly from one rented service to the next that new leads dry up for U.S. law enforcement faster than it can trace them down.

On top of that, U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections — both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money. That practice complicated the federal investigations into the SolarWinds attack, because the agencies that fell victim to the Russian hacking campaign had not paid extra for Microsoft's enhanced data-logging features.... Part of what makes that difficult is that neither the government nor companies using cloud providers fully know what security protections cloud providers have in place. In a study last month on the U.S. financial sector's use of cloud services, the Treasury Department found that cloud companies provided "insufficient transparency to support due diligence and monitoring" and U.S. banks could not "fully understand the risks associated with cloud services."

Slashdot reader beforewisdom shared this report from CNN: Scientists have set out a way to suck planet-heating carbon pollution from the air, turn it into sodium bicarbonate and store it in oceans, according to a new paper. The technique could be up to three times more efficient than current carbon capture technology, say the authors of the study, published Wednesday in the journal Science Advances....

The team have used copper to modify the absorbent material used in direct air capture. The result is an absorbent "which can remove CO2 from the atmosphere at ultra-dilute concentration at a capacity which is two to three times greater than existing absorbents," Arup SenGupta, a professor at Lehigh University and a study author, told CNN. This material can be produced easily and cheaply and would help drive down the costs of direct air capture, he added. Once the carbon dioxide is captured, it can then be turned into sodium bicarbonate — baking soda — using seawater and released into the ocean at a small concentration.

The oceans "are infinite sinks," SenGupta said. "If you put all the CO2 from the atmosphere, emitted every day — or every year — into the ocean, the increase in concentration would be very, very minor," he said. SenGupta's idea is that direct air capture plants can be located offshore, giving them access to abundant amounts of seawater for the process.

Stuart Haszeldine, professor of carbon capture and storage at the University of Edinburgh, who was not involved in the study, told CNN that the chemistry was "novel and elegant." The process is a modification of one we already know, he said, "which is easier to understand, scale-up and develop than something totally new."

williamyf writes: The fine folks at Backblaze have published their first ever report that includes their SSD fleet. To the surprise of no one, SSDs are more more reliable (0.98% AFR) than HDDs (1.64% AFR). The surprising thing thing was how small the difference is (0.66% AFR).

A TL;DR article by well regarded storage reporter Chris Mellor is here. Also worthy of note: S.M.A.R.T. attribute usage among SSD makers is neither standardized, nor very smart:

"Klein notes that the SMART (Self-Monitoring, Analysis, and Reporting Technology) used for drive state reporting is applied inconsistently by manufacturers. "Terms like wear leveling, endurance, lifetime used, life used, LBAs [Logical Block Address] written, LBAs read, and so on are used inconsistently between manufacturers, often using different SMART attributes, and sometimes they are not recorded at all."

That means you can't use such SMART statistics to make valid comparisons between the drives. "Come on, manufacturers. Standardize your SMART numbers."

New submitter sonlas writes: Denmark is inaugurating Project Greensand, the first cross-border CO2 storage site, shipping CO2 from Belgium to store it into a depleted oil field under the Danish North Sea. "With the first injection taking place on Wednesday, the project aims to safely and permanently store up to eight million tons of CO2 every year by 2030, the equivalent of 40% of Denmark's emission reduction target and over 10% of the country's annual emissions," reports Euractiv. However, this is to be put in perspective with global CO2 emissions, which reached a new high of more than 36.8 billions tons in 2022.

A report by Rystad Energy shows that if investments were to quadruple, we should be able to capture 150 million of tons of CO2 per year by 2025, still a drop of water in, or under, the ocean. Furthermore, the whole process of sequestering CO2 underground emits itself ~21% of the amount of CO2 stored, as shown in a study by Australian think tank IEEFA.

Global shutter sensors with no skew or distortion have been promised as the future of cameras for years now, but so far only a handful of products with that tech have made it to market. Now, Raspberry Pi is offering a 1.6-megapixel global shutter camera module to hobbyists for $50, providing a platform for machine vision, hobbyist shooting and more. From a report: The Raspberry Pi Global Shutter Camera uses a 6.3mm Sony IMX296 sensor, and requires a Raspberry Pi board with a CSI camera connector. Like other global shutter sensors, it works by pairing each pixel with an analog storage element, so that light signals can be captured and stored by all pixels simultaneously. By comparison, regular CMOS sensors read and store the light captured by pixels from top to bottom and left to right. That can cause diagonal skew on fast moving subjects, or very weird distortion on rotating objects like propellers.

James Temple reports via MIT Technology Review: In late January, a geothermal power startup began conducting an experiment deep below the desert floor of northern Nevada. It pumped water thousands of feet underground and then held it there, watching for what would happen. Geothermal power plants work by circulating water through hot rock deep beneath the surface. In most modern plants, it resurfaces at a well head, where it's hot enough to convert refrigerants or other fluids into vapor that cranks a turbine, generating electricity. But Houston-based Fervo Energy is testing out a new spin on the standard approach -- and on that day, its engineers and executives were simply interested in generating data.

The readings from gauges planted throughout the company's twin wells showed that pressure quickly began to build, as water that had nowhere else to go actually flexed the rock itself. When they finally released the valve, the output of water surged and it continued pumping out at higher-than-normal levels for hours. The results from the initial experiments -- which MIT Technology Review is reporting exclusively -- suggest Fervo can create flexible geothermal power plants, capable of ramping electricity output up or down as needed. Potentially more important, the system can store up energy for hours or even days and deliver it back over similar periods, effectively acting as a giant and very long-lasting battery. That means the plants could shut down production when solar and wind farms are cranking, and provide a rich stream of clean electricity when those sources flag.

There are remaining questions about how well, affordably, and safely this will work on larger scales. But if Fervo can build commercial plants with this added functionality, it will fill a critical gap in today's grids, making it cheaper and easier to eliminate greenhouse-gas emissions from electricity systems. "We know that just generating and selling traditional geothermal is incredibly valuable to the grid," says Tim Latimer, chief executive and cofounder of Fervo. "But as time goes on, our ability to be responsive, and ramp up and down and do energy storage, is going to increase in value even more."

Unprecedented access to space is leading to all sorts of cool new ideas, including the prospect of storing data on the lunar surface. Cloud computing startup Lonestar Data Holdings announced the results of its latest funding round, taking it one step closer to this very goal. Gizmodo reports: The Florida-based company raised $5 million in seed funding to establish lunar data centers, Lonestar announced in a press release on Monday. Lonestar wants to build a series of data centers on the Moon and establish a viable platform for data storage and edge processing (i.e. the practice of processing data near the source, as a means to reduce latency and improve bandwidth) on the lunar surface. "Data is the greatest currency created by the human race," Chris Stott, founder of Lonestar, said in an April 2022 statement. "We are dependent upon it for nearly everything we do and it is too important to us as a species to store in Earth's ever more fragile biosphere. Earth's largest satellite, our Moon, represents the ideal place to safely store our future."

In December 2021, Lonestar successfully ran a test of its data center on board the International Space Station. The company is now ready to launch a small data center box to the lunar surface later this year as part of Intuitive Machines's second lunar mission, IM-2 (the company's first mission, IM-1, is expected to launch in June). Intuitive Machines is receiving funding from NASA's Commercial Lunar Payload Services program for delivering research projects to the Moon as part of the space agency's Artemis program. The lunar data centers will initially be geared towards remote data storage and disaster recovery, allowing companies to back up their data and store it on the Moon. In addition, the data centers could assist with both commercial and private ventures to the lunar environment.

The miniature data center weighs about 2 pounds (1 kilogram) and has a capacity of 16 terabytes, Stott told SpaceNews. He said the first data center will draw power and communications from the lander, but the ones that will follow (pending its success) will be standalone data centers that the company hopes to deploy on the lunar surface by 2026. The test is only supposed to last for the duration of the IM-2 mission, which is expected to be around 11-14 days, an Intuitive Machines spokesperson told SpaceNews.

An anonymous reader quotes a report from Bloomberg: The US can stop Twitter from releasing details about the government's demands for user information in national security investigations, a court ruled (PDF), in the same week House Republicans are to grill national security officials over surveillance. Twitter had protested the government's redactions to a 2014 "transparency report" that featured a numerical breakdown of national security-related data requests from the previous year. The US appeals court in San Francisco on Monday agreed with a lower-court judge that the Justice Department had shown a "compelling" interest in keeping that information secret. Based on classified and unclassified declarations provided by government officials, the court was "able to appreciate why Twitter's proposed disclosure would risk making our foreign adversaries aware of what is being surveilled and what is not being surveilled -- if anything at all," US Circuit Judge Daniel Bress wrote for the three-judge panel.

Although the case is almost a decade old, the ruling comes just as lawmakers and US national security agencies gear up for a bruising fight over making changes to a key surveillance program. Section 702 of the Foreign Intelligence Surveillance Act, described by intelligence officials as a key authority, expires on Dec. 31 unless Congress votes to renew it. US agencies use the authority to compel internet and technology companies to turn over information about suspected foreign terrorists and spies. Changes to Section 702 could include altering what companies like Twitter are required to do in response to government demands. "The case at issue in Monday's decision involved efforts by Twitter to share information about two types of federal law enforcement demands on the social media company: 'national security letters' for subscriber information, which would cover metadata but not the substance of any electronic communications, and orders under FISA, which could include content," adds Bloomberg.

Judge Daniel Bress wrote: "The government may not fend off every First Amendment challenge by invoking national security. But we must apply the First Amendment with due regard for the government's compelling interest in securing the safety of our country and its people."

Researchers have announced a major cybersecurity find -- the world's first-known instance of real-world malware that can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. From a report: Dubbed BlackLotus, the malware is what's known as a UEFI bootkit. These sophisticated pieces of malware hijack the UEFI -- short for Unified Extensible Firmware Interface -- the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC's device firmware with its operating system, the UEFI is an OS in its own right. It's located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to run malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

As appealing as it is to threat actors to install nearly invisible and unremovable malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit. The second thing standing in the way of UEFI attacks is UEFI Secure Boot, an industry-wide standard that uses cryptographic signatures to ensure that each piece of software used during startup is trusted by a computer's manufacturer. Secure Boot is designed to create a chain of trust that will prevent attackers from replacing the intended bootup firmware with malicious firmware. If a single firmware link in that chain isn't recognized, Secure Boot will prevent the device from starting.

The auction house Sotheby's is celebrating the 30th anniversary of Neal Stephenson's Snow Crash in a big way, reports Forbes. Stephenson teamed with special effects and prop company Weta Workshop to create "a bespoke piece, a cultural and historical artifact, stemming from the unique mythology of his new and coming Snow Crash universe." "The sword took us a year to create and is one of the finest pieces of craftsmanship WETA has created," said Sir Richard Taylor, founder of WETA workshop. "The whole collection is then housed in a crate from a fictitious gaming company that in theory has owned this sword that has now come up for auction. It is an insane, inworld fusion of ancient craft with the digital age." Taylor adds that "the swords Tansu storage case itself is an, automated, internally driven, magnetically activated, very unique box, with hidden compartments, secret items, coded messages and other inworld special nods to the world Neal authored."

This auction will not only celebrate Stephenson's legacy and the lore of Snow Crash but could also serve as a springboard to expand the Snow Crash universe further. [Taylor adds that Stephenson is exploring "future transmedia developments".] For Taylor, they are at the cusp of creating a body of creative work that blurs the line between the physical and the digital, which we have been affectionately calling 'Masterworks for the Metaverse'.
The sword will, of course, have its own unique NFT "capturing every detail of its physical twin," and someone's already bid $60,000 for it.

Also up for auction are two original manuscripts for Snow Crash and the painting used as the original edition's cover art — but also two forgotten artifacts from the book's afterlife:

• "The only surviving materials from the original graphic novel concept for Snow Crash titled Dioxin Posse, ca. 1989"

• "The leather jacket meant to be worn by Y.T. in the original graphic novel concept for Snow Crash, featuring the 'Elmo' logo used by her group, the "Dioxin Posse," ca. 1989."

Zoom has sacked its president, Greg Tomb, a former Google employee who only began working at the company around 10 months ago. Insider reports: Zoom said in a filing with the Securities and Exchange Commission that Tomb's termination was effective as of Friday. He will receive severance benefits in line with his employment arrangements, which are payable upon a "termination without cause," according to the SEC filing. The filing was signed off by Aparna Bawa, the chief operating officer at Zoom.

It is unclear who will take over Tomb's position as president of Zoom. A spokesperson from Zoom told Insider the company won't find a replacement for Tomb and declined to comment further. Tomb's LinkedIn profile shows that he joined Zoom as president in June 2022. Before this, he worked at Google for more than a year as the vice president of sales for Google Workspace, Security, and Geo Enterprise. Tomb was also previously a president at software firm SAP and computer programming provider Vivido Labs, according to LinkedIn. He is a member of the board of Pure Storage, a tech company, his LinkedIn profile said.

The first PCIe 5.0 SSDs are slated to ship this year with massive heatsinks and predictably high prices. Tom's Hardware reports: There are multiple M.2 PCIe 5.0 SSDs slated to ship this year, and the first model looks to be the Gigabyte Aorus Gen5 10000, which as the name inventively implies can deliver up to 10,000 MB/s. Earlier rumors suggested the drive would be able to hit 12,000 MB/s reads and 10,000 MB/s writes, so performance was apparently reigned in while getting the product ready for retail. The Gigabyte Aorus SSD uses the Phison E26 controller, which will be common on a lot of the upcoming models. Silicon Motion is working on its new SM2508 controller that may offer higher overall performance, but it's a bit further out and may not ship this year. The other thing to note with the Aorus is the massive heatsink that comes with the drive, which seems to be the case with all the other Gen5 SSD prototypes we've seen as well. Clearly, these new drives are going to get just a little bit warm.

The Gigabyte drive is currently listed on Amazon and Newegg, though the latter is currently sold out while the former is only available via a third-party marketplace seller -- at a whopping $679.89 for the 2TB model. That's almost certainly not the MSRP or a reflection of what MSRP might end up being once the drive becomes more widely available, which should happen in the coming month or two.

The other PCIe 5.0 M.2 SSD that's now available is the Inland TD510 2TB, available at Microcenter for just $349.99 -- assuming you have a Microcenter within driving distance. Inland is Microcenter's own brand of drive, and while the cooler that comes with the SSD isn't quite as large as the Aorus, it does feature a small fan for active cooling. Word is that the fan can be quite loud for something this small, so not a great feature in other words. Like the Aorus 10000, the Inland TD510 uses the Phison E26 controller and has the same 10,000 MB/s reads and 9,500 MB/s writes specification. Where Gigabyte doesn't currently list random read/write speeds, the Microcenter page lists up to 1.5 million IOPS read and 1.25 million IOPS write for the Inland drive. Both drives also have an endurance rating of 1,400 TBW, with read/write power use of around 11W.

wiredmikey shares a report from SecurityWeek: Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. LastPass on Monday fessed up a "second attack" where an unnamed threat actor combined data stolen from an August breach with information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated attack. [...]

LastPass worked with incident response experts at Mandiant to perform forensics and found that a DevOps engineer's home computer was targeted to get around security mitigations. The attackers exploited a remote code execution vulnerability in a third-party media software package and planted keylogger malware on the employee's personal computer. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," the company said. "The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups," LastPass confirmed. LastPass originally disclosed the breach in August 2022 and warned that "some source code and technical information were stolen."

SecurityWeek adds: "In January 2023, the company said the breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information."

Atomic weapons are complex, sensitive, and often pretty old. With testing banned, countries have to rely on good simulations to trust their weapons work. From a report: Flattened cities, millions of people burnt to death, and yet more tortured by radioactive fallout. That harrowing future may seem outlandish to some, but only because no nation has detonated a nuclear weapon in conflict since 1945. Countries including the US, Russia, and China wield hefty nuclear arsenals and regularly squabble over how to manage them -- only last week, Russia suspended participation in its nuclear arms reduction treaty with the US. Thankfully, nuclear warheads mostly just sit there, motionless and silent, cozy in their silos and underground storage caverns. If someone actually tried to use one, though, would it definitely go off as intended? "Nobody really knows," says Alex Wellerstein, a nuclear weapons historian at the Stevens Institute of Technology. The 20th century witnessed more than 2,000 nuclear tests -- the vast majority carried out by the US and the Soviet Union. And while these did prove the countries' nuclear capabilities, they don't guarantee that a warhead strapped to a missile or some other delivery system would work today.

Surprisingly, as far as we know, the US has only ever tested a live nuclear warhead using a live missile system once, way back in 1962. It was launched from a submarine. The Soviet Union had performed a similar test the previous year, and China followed in 1966. No nation has ever tested a nuclear warhead delivered by an intercontinental ballistic missile. The missile could blow up on the launchpad, explains Wellerstein. No one wants to clean that mess up. Russia's invasion of Ukraine has, sadly, brought the specter of nuclear weaponry to the fore once again. In February, Russian President Vladimir Putin claimed new strategic nuclear weapons systems had been placed on combat duty, and he threatened to resume nuclear testing. Russia's former defense minister, Dmitry Medvedev, has been particularly vocal about his country's readiness to use nuclear weapons -- including against Ukraine. Russia has around 4,500 non-retired nuclear warheads, according to the Federation of American Scientists, a nonprofit that focuses on security. Roughly 2,000 are considered "tactical" -- smaller warheads that could be used on, for example, a foreign battlefield. To our knowledge, Russia has not begun "mating" those tactical warheads to delivery systems, such as missiles. Doing so involves certain safety risks, notes Lynn Rusten of the Nuclear Threat Initiative, a think tank: "It would be really worrisome if we saw any indication that they were moving those warheads out of storage."

If they were brought into operation, multiple things could in theory go wrong with these weapons. For one thing, the delivery systems themselves might not be reliable. Mark Schneider, formerly of the US Department of Defense's senior executive service, has written about the many problems Russia has faced with its missiles so far during the war with Ukraine. Last spring, US officials said between 20 and 60 percent of Russian missiles were failing, either in terms of not launching or not hitting the intended target. That doesn't necessarily matter, though, notes Schneider. When firing a nuclear warhead with a big explosive yield, "accuracy is much less relevant," he says. Russia certainly has enough missiles to get a nuclear weapon more or less to where it wants -- even if it takes more than one attempt. But what about the warheads themselves? Modern thermonuclear devices are complex bits of machinery designed to initiate a specific explosive sequence, sometimes called a fission-fusion-fission reaction, which releases a massive amount of energy. Wellerstein points out that some warheads designed decades ago are still part of nuclear arsenals. Over time, their parts must be carefully checked for degradation and refurbished or replaced. But certain components can become unavailable due to changes in manufacturing capabilities.