Using high-speed lasers, researchers have created "5D" data storage technology that could allow 500 TB of data to be written to a CD-sized glass disc, according to The Optical Society. The technique uses higher writing speeds that might finally make it feasible to use the technology for archival and other purposes. 

With 5D optical storage, each file uses three layers of nanoscale dots. The dots' size, orientation, and position within the three standard dimensions, make up the five "dimensions." The dots change the polarization of light travelling through the disc, which is read using a microscope and polarizer.

We've seen 5D optical storage before, but there were several problems—particularly the slow writing speeds that made the technology impractical. It has huge upsides for (extremely) long-term storage, though. It's been estimated that the storage medium could withstand temperatures up to 1,000 degrees C and last 13.8 billion years at room temperature without degrading. 

To overcome the speed problem, researchers used a femtosecond laser with a high repetition rate. Rather than writing directly in the glass, they used the laser to produce a phenomenon called near-field enhancement, that creates tiny structures using a few weak light pulses. Those can enhance the circular voids generated by a more powerful, single-pulse "micro-explosion." This technique "minimized the thermal damage that has been problematic for other approaches that use high-repetition-rate lasers," according to the paper.

Using the new technique, the team could write 5GB of text data onto a silica glass disc the size of a conventional CD with nearly 100 percent readout accuracy. "With the writing density available from the method, the disc could hold 500 terabytes of data," the researchers said. They could also write at speeds of a million voxels per second, or about 230 KB per second. 
​
That might sound slow, but by introducing parallel writing, you could feasibly fill a 500TB disc in about 60 days. That could provide a way to back up reams of valuable data, essentially forever. "With the current system, we have the ability to preserve terabytes of data, which could be used, for example, to preserve information from a person’s DNA," said research team leader Peter G. Kazansky.

Last year a hacker group used a bit of malicious code it hid in a software update by the company SolarWinds to launch an immense cyberattack against U.S. government agencies and corporations—see Issues 7-27, 7-36, and 7-38.

The group behind the attack, Nobelium, is reportedly being directed by the Russian intelligence service. And they're at it again.

According to Microsoft, one victim of the SolarWinds hack, the group is targeting technology companies that resell and provide cloud services for customers.

"Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," Tom Burt, Microsoft's Corporate Vice President of Customer Security & Trust, said in a blog post on the company's website.

"We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers," he added.
​
The hacker group hasn't tried to ferret out vulnerabilities in software, Burt said, but has been using techniques like phishing and password spray to gain entry to the targeted networks.

As people ventured out from their pandemic cocoons this year, they gobbled up more electricity than they did before COVID-19 shut the world down. But there still isn’t enough clean energy to meet rising demand, so coal is making a comeback. Global electricity demand climbed 5% above pre-pandemic levels in the first six months of 2021, according to an analysis published recently by London think tank Ember. Electricity grids turned to more coal to meet that demand, and power sector carbon pollution rose 5% compared to the first half of 2019.

“Catapulting emissions in 2021 should send alarm bells across the world. We are not building back better, we are building back badly,” Dave Jones, global program lead at Ember, said in a statement. “The electricity transition is happening but with little urgency: emissions are going in the wrong direction.”

China drove 90% of the rise in electricity demand and most of the uptick in coal. While China is already the biggest carbon emitter in the world, that’s been mitigated because its per capita emissions are less than half that of the US, which is currently the second biggest climate polluter. But China’s per capita electricity demand is also rising rapidly, Ember’s report shows. That highlights how important it will be for the planet for China to get its emissions in check. 

None of the 63 countries Ember analyzed, which account for 87% of the global electricity production, saw a “green recovery” in the first half of 2021. Ember’s criteria for “green recovery” included lower power sector emissions and higher electricity demand, a sign that more electricity was being generated by clean energy sources like solar and wind. Some countries, like the US, had slightly cleaner power sectors compared to 2019, as electricity demand stayed relatively flat, but their emissions are expected to rise again with demand. 

Renewable energy had a growth spurt in the early part of 2021. Together, wind and solar generated more than a tenth of the world’s electricity—doubling their share in 2015 and surpassing nuclear power plants for the first time this year. But solar panels and wind turbines were still only able to meet 57% of the rise in electricity demand, leaving coal—the dirtiest-burning fossil fuel—to provide the rest.

A clean power sector is one of the most crucial steps to achieving global climate goals. Countries are working together under the framework of the Paris climate agreement to limit global warming to about 1.5 degrees Celsius above preindustrial temperatures, which could significantly limit the damage we’re already beginning to see because of climate change.

Planet-heating carbon dioxide emissions from the power sector need to fall by 57% this decade to meet that goal, regardless of a rise in electricity demand, according to a recent analysis by the International Energy Agency. Much of that reduction could come from completely cutting out coal—but the Ember analysis shows that the opposite is happening.

In the future, clean power grids could also translate to clean transportation, housing, and building sectors. All-electric vehicles, homes, and buildings are one way city planners and policymakers have sought to bring down greenhouse gas emissions. But the power sector has a long way to go to provide them all with carbon pollution-free energy. 
​
During the height of the pandemic last year, carbon dioxide emissions fell across the board for electricity, transportation, and other energy-hungry industries. That clearly hasn’t been enough to stave off climate change-fueled disasters like worsening droughts, explosive wildfires, record-smashing heatwaves, and severe storms. Moving forward, CO2 cuts will have to come from intentional changes to how the world does business—not because a pandemic put things on pause.

Office 365 users are now in cybercriminals' crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate, with display names that mimic bona fide services to dodge email filters.
Microsoft cautioned cybercriminals are going above and beyond to use detection-evasion techniques that are convincing and authentic-looking.

"An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to slip through email filters," MSI explained on Twitter.

The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as "Price Books," "Bonuses" and "Staff Reports."

The phishing emails use a tactic called "typosquatting," which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.

If users fall for the bait and click on the "Open" link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they're on a trustworthy path to a legitimate website.

MSI kept emphasizing how authentic these phishing emails looked. Employers may not be able to rely on their employees' good judgment to identify suspicious-looking emails. That's why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software "detects and blocks" these emails.
​
Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.

​Microsoft and Google have reportedly ended a six-year truce on legal battles. The Financial Times reports that Microsoft and Google formed an unusual truce in 2015, which expired in April. The pact was reportedly forged to avoid legal battles and complaints to regulators. It meant we haven’t seen Microsoft and Google complaining publicly about each other since the days of Scroogled, a campaign that attacked Google’s privacy policies.

Now the gloves appear to be off once again, and we’ve seen some evidence of that recently. Google slammed Microsoft for trying to “break the way the open web works” earlier this year, after Microsoft publicly supported a law in Australia that forced Google to pay news publishers for their content. Microsoft also criticized Google’s control of the ad market, claiming publishers are forced to use Google’s tools that feed Google’s revenues.

The rivalry between the two has been unusually quiet over the past five years, thanks to this legal truce. Microsoft was notably silent during the US government’s antitrust suit against Google last year, despite being the number two search engine.

The Financial Times reports that the agreement between Microsoft and Google was also supposed to improve cooperation between the two firms, and Microsoft was hoping to find a way to run Android apps on Windows. That obviously didn’t pan out, and Microsoft has turned to Amazon instead to get Android apps running on Windows 11.

Some battles between Microsoft and Google were intense before this agreement, and they’re likely to get heated once again. During the height of Windows Phone in 2013, there was a bitter battle between Microsoft and Google over YouTube. Months later, Microsoft was out selling anti-Google mugs and T-shirts, and acting rather nervous about Chromebooks.
​
A lot has changed for both Microsoft and Google since the days of Scroogled — including new leadership on both sides — but Google’s scathing attack on Microsoft earlier this year proves that these tech giants are ready to battle once more.

Microsoft Corp. said the hackers behind the SolarWinds cyberattack recently compromised a new trio of victims using access to one of the company’s customer support agents.

The hacked portal used by the individual agent contained information for a “small number of customers,” which the attackers used to launch a “highly targeted attack,” Microsoft said Friday in a blog post. The company said it has since removed the attackers and secured the compromised device.

Microsoft didn’t identify the victims but said it had alerted the hacked entities through its nation-state notification process. Microsoft’s Threat Intelligence Center attributed the attack to a group called “Nobelium.” That’s the same group of state-sponsored Russian hackers who used sophisticated intrusion techniques in 2020 to infect with malware 18,000 customers of the Texas-based software company, SolarWinds Corp.
​
Microsoft said Nobelium targeted IT companies, governments, non-profits, think tanks and financial services entities across 36 countries during the recent attack. “The activity was largely focused on U.S. interests, about 45%, followed by 10% in the U.K., and smaller numbers from Germany and Canada,” the Redmond, Washington-based software maker said in the blog.

The biggest change to Microsoft’s Office documents in decades is coming to life soon, as the company’s Fluid framework arrives in Microsoft Teams, OneNote, Outlook, and Whiteboard. Microsoft first unveiled Fluid last year, showing how the framework allows blocks of Office content to live independently across the web. That idea is now becoming a reality, with collaborative content that can be copied, pasted, and shared with others.

Instead of tables, graphs, and lists that are static and bound to specific documents, Fluid components are collaborative modules that exist across different applications. They will begin showing up in Microsoft Teams first this summer, embeddable in meetings and chats. 

The launch of Fluid documents coincides with employees returning to their offices and the rise of a new hybrid work experience. “We were excited about going hard and fast with Fluid, and then the pandemic hit,” says Jared Spataro, head of Microsoft 365. “So we largely put a lot of our energy onto Teams, and we think of Teams as the scaffolding that creates the connection, but now as we move back to hybrid, we increasingly believe we need more innovation in what I call the canvas that gets collaboration done.”

What Microsoft has created with Fluid is the biggest change to Office in decades. While Fluid seemed like a great future-facing concept during its reveal last year, watching Microsoft demonstrate it recently has really highlighted how transformative this could be. 

Every Microsoft Teams meeting will soon come with a built-in notes experience that’s collaborative. Notes will show up within a Teams meeting or in an Outlook calendar, and anyone on the invite can just start typing away in real time. If you add a task, it immediately syncs to your other tasks across Microsoft 365, and the meeting notes are automatically synced to your Outlook calendar where you can also edit them in real time.

“We want collaboration to be able to start before the meeting starts, so as soon as the invite goes out,” explains Ron Pessner, a director of program management working on Fluid at Microsoft. As the meeting notes in this example are live and real time, you can even copy them into an app like OneNote and you’ll still see everyone making edits to them.

This living Fluid component has the potential to shift how everyone gets work done across Microsoft Teams and Office. It’s impressively quick, with no sync time, just like Google Docs. Microsoft has had similar collaboration tools in Office for a while now, but they’ve been restricted to static documents and nothing on this level of freedom.

“We’re going to be launching the components in Teams this summer,” says Pessner. The meeting notes experience will be available in preview later this year, alongside some tests integrating it into the desktop version of Outlook. It’s likely that as we see Fluid components roll out, they’ll appear first in Teams and on the web parts of Office before making their way to desktop.

Microsoft is also transforming its Whiteboard app into a canvas to host Fluid components. Whiteboard has long existed as Microsoft’s first big collaborative tool, and this summer it’s being overhauled with the help of Fluid.

New collaboration cursors will appear in Whiteboard, letting you see coworkers’ additions to a document in real time. There’s even a new virtual laser pointer that you can use to get people’s attention, or reaction stickers to make the Whiteboard canvas feel a little more alive.

Fluid components like tables or task lists can also be embedded into Whiteboard, and the entire app will now look and feel the same across all devices and platforms. With Whiteboard, you could almost use the app as a dashboard to watch colleagues editing Fluid components in real time.
​
This is just the start of Fluid making its way to Microsoft 365, and we expect to see more throughout this year and beyond. It will be interesting to see how Microsoft integrates Fluid more deeply into both Teams and Outlook, the main communications tools used by businesses that rely on the Office suite. If Microsoft gets the integration of Fluid right, it will forever change the way documents are created, shared, and, ultimately, how work gets done.

The Defense Advanced Research Projects Agency (DARPA) wants to invest in new materials and processes that could enable manufacturing in space and on the moon’s surface.

To that end, the agency is launching the Novel Orbital and Moon Manufacturing, Materials and Mass-efficient Design program, or NOM4D.

“NOM4D’s vision is to develop foundational materials, processes, and designs needed to realize in-space manufacturing of large, precise, and resilient Defense Department systems,” said Bill Carter, program manager in DARPA’s Defense Sciences Office.

DARPA said it is launching the program in response to the natural limitations of rocket launches in placing larger structures and systems in orbit. While the launch industry has expanded significantly in recent years, with dozens of new launch providers entering the fray, rocket launches are inherently limited – even the largest rockets have weight and volume restrictions. The solution? Place smaller pieces of a structure on-orbit with multiple launches, and then assemble them in space. Or better yet, collect materials from the moon to build with.

“We will explore the unique advantages afforded by on-orbit manufacturing using advanced materials ferried from Earth,” Carter said. “Large structures such as antennas and solar panels can be substantially more weight-efficient and potentially much more precise. We will also explore the unique features of in-situ resources obtained from the moon’s surface as they apply to future defense missions.”

Manufacturing in space could also enable more flexibility in designing space systems. Today, most satellites are designed to be as compact as possible to be integrated with and launched on rockets. But by assembling systems in space, systems can be designed without some of those volume restrictions, allowing them to be more mass efficient.

“We’re looking for proposers to come up with system designs that are so mass efficient that they can only be built off-earth, and with features that enable them to withstand maneuvers, eclipses, damage, and thermal cycles typical of space and lunar environments” Carter said. “Given the constraints of ground test, launch, and deployment, the traditional approach to designing space structures is not likely to result in dramatic improvements in mass efficiency. To take the next step, we’ve got to go about materials, manufacturing, and design in a completely new way.”

The idea of assembling systems and structures in space isn’t exactly new. Famously, the International Space System was assembled in space using several components individually launched into space.

“People have been thinking about on-orbit manufacturing for some time, so we expect to demonstrate new materials and manufacturing technologies by the program’s end,” Carter added.

With NOM4D, DARPA will work with participants over three 18-month phases to develop precise, mass efficient structures that could be used for on-orbit construction. Each phase will focus on one of three applications: Large solar arrays, large radio frequency reflector antennas, and segmented infrared reflective optics.
​
The agency is hosting a proposers day webinar on Feb. 26 and expects to release a Broad Agency Announcement (BAA) solicitation later in the month.

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via Short Message Service (SMS) and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been advocating on Microsoft's behalf, urging users to embrace and enable MFA for their online accounts.

In a blog post last year, citing internal Microsoft statistics, Weinert said that users who enabled multi-factor authentication (MFA) ended up blocking around 99.9% of automated attacks against their Microsoft accounts.

But in a follow-up blog post, Weinert says that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.

The Microsoft exec cites several known security issues, not with MFA, but with today's state of the telephone networks.

Weinert says that both SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.

SMS-based one-time codes are also phishable via open source and readily-available phishing tools like Modlishka, CredSniper, or Evilginx.

Further, phone network employees can be tricked into transferring phone numbers to a threat actor's SIM card – in attacks known as SIM swapping – allowing attackers to receive MFA one-time codes on behalf of their victims.

On top of these, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall, which, in turn, prevents users from authenticating on their account in moments of urgency.

SMS and voice calls are the least secure MFA method today.

All of these make SMS and call-based MFA "the least secure of the MFA methods available today," according to Weinert.

The Microsoft exec believes that this gap between SMS & voice-based MFA "will only widen" in the future.
As MFA adoption increases overall, with more users adopting MFA for their accounts, attackers will also become more interested in breaking MFA methods, with SMS and voice-based MFA naturally becoming their primary target due to its extensive adoption.

Weinert says that users should enable a more robust MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.

But if users want the best, they should go with hardware security keys, which Weinert ranked as the best MFA solution in a blog post he published last year.
​
This preference for app or security key alternatives for MFA shouldn't mean that users should disable SMS or voice-based MFA for their accounts without substituting another MFA approach. SMS MFA is still way better than no MFA at all.

In the UK, all Internet of Things (IoT) and smart consumer devices will need to adhere to specific security requirements, under new government proposals.

The legislation aims is to help protect citizens and businesses from the threats posed by cybercriminals increasingly targeting Internet of Things devices.

By hacking IoT devices, cybercriminals can build an army of devices that can be used to conduct DDoS attacks to take down online services, while poorly secured IoT devices can also serve as an easy way for hackers to get into networks and other systems across a network.

The proposed measures from the Department for Culture, Media and Sport (DCMS) have been developed in conjunction with the UK's National Cyber Security Centre (NCSC) and come following a consultation period with information security experts, product manufacturers and retailers and others.

"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," said Matt Warman, minister for digital and broadband at DCMS.

They also follow on from the previously suggested voluntary best practice requirements. Still, the legislation would require that IoT devices sold in the UK must follow three particular rules to be allowed to sell products in the UK. They are:

• All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
• Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability, and it will be acted on promptly.
• Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in-store or online.

It is currently unclear how these rules will be enforced under any future law. While the government has said that its "ambition" is to introduce legislation in this area, and said this would be done "as soon as possible," there is no detail on when this would take place. A DCMS spokesperson said that the department would be working with retailers and manufacturers as the proposals move forward.

Many connected devices are shipped with simple, default passwordswhich in many cases can't be changed. At the same time, some IoT product manufacturers often lack a means of being contacted to report vulnerabilities – especially if that device is produced on the other side of the world.

In addition to this, it's been known for IoT products to stop receiving support from manufacturers suddenly, and by providing an exact length of time that devices will be supported will allow users to think about how secure the product will be in the long-term.

If products don't follow these rules, the new law proposes that these devices could potentially be banned from sale in the UK.

"Whilst the UK Government has previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that strong cybersecurity is built into these products by design," said Warman.

"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers from threatening people's privacy and safety. It will mean robust security standards are built-in from the design stage and not bolted on as an afterthought," he added.

"Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed," said Nicola Hudson, Policy and Communications Director at the NCSC.

"It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past."
​
The UK isn't alone in attempting to secure the Internet of Things – ENISA, the European Union's cybersecurity agency, is also working towards legislation in this area. At the same time, the US government is also looking to regulate IoT to protect against cyber-attacks.