steal

steal materials from the asteroid belt (with a stop at a gas station)

by

We haven’t built yet bases on the Moonbut already there are those who think in that future in which settlements can be built on Mars. If our satellite is a challenge, the red planet is already the pinnacle of complexity. Therefore, although there is still a lot of time for it to be viable, it doesn’t hurt to think about strategies. A good example is the proposal just made by a team of scientists led by aerospace engineer Serena Suriano. His proposal is based on one of the main problems that the space masons: the lack of materials. In the absence of suitable metals for construction there on Mars, they would have to be sought in the vicinity of the red planet. To do this, they propose “looting” the asteroid belt. It’s not that easy. In the asteroid belt There are metallic asteroids that could be mined for necessary metals such as molybdenum. But there is a problem. Traveling to these asteroids to take construction materials to Mars is not like taking the car on a Saturday to go to Ikea. In that case, the biggest handicap is the families that overcrowd the spaces. In the case of asteroids, the main problem is the orbital dance necessary to leave Mars, reach the asteroid and return. Luckily, these scientists consider that the problem could be solved with a couple of pit stops. An (almost) imaginary ship. When making calculations, it is normal to start from the parameters of a ship that actually exists. For this reason, these scientists have made simulations with an imaginary ship that is not the same, but looks like quite to the SpaceX Starship. The most powerful imaginable today. The ship in question weighs 120 tons, can carry a payload of 115 tons and hold up to 1,100 tons of fuel. This would mean a delta-v of 6.4 km/s. And what is that? The delta-v is a measure of the amount of effort necessary to carry out an orbital maneuver. In simpler terms, it is the change in speed that can be achieved by burning all the fuel in a ship. In this case it would be 6.4 km/s. The problem is that to reach the metallic asteroids that could be mined to build on Mars, taking into account the necessary orbital spins, a delta-v of 10 to 12.8 km/s would be needed. It can be solved. These scientists have designed a plan that includes two pit stops. The first would be on the metallic asteroid itself. Once the materials have been extracted, on the way back we would have to stop at a type C asteroid. These contain volatiles such as water and hydrocarbons, which would facilitate a process known as production on site of propellant. In other words, the type C asteroid would be used as a gas station, using its resources as propellant to continue the trip. If these stops are made, the necessary metals could be obtained with a delta-v of 6.4 km/s. The imaginary ship looks like Starship, but it is not the same 22 pairs. In total, there are 22 pairs of metallic asteroids and C-type asteroids in a 20-year window starting in 2040. This means that, from that moment, when it is assumed that trips to Mars and the construction of bases could already be viable, there would be more than 20 mine and gas station options to bring metals to the red planet. In total, 200 tons of metal could be obtained in that period. It may not seem like much if we consider that it is little more than the payload for a single trip. But fuel needs to be optimized. The loading process on site of propellant is carried out at a rate of 2 kg per day. To fill the tank it would take about 1,500 years. Logically, that is not viable, so you have to go with the tank half full and, therefore, adjust the payload. Why 20 years? For the trip to take place, it is necessary that the orbits of Mars and the asteroids are correctly aligned. It’s as if the road to Ikea only opens once every few years. Therefore, many trips could not be made. Building an entire base would take a lot of time, but it’s something you have to take on. A solution. If chemical propulsion is changed to solar propulsion or nuclearit would be much easier to extract metals from asteroids and, possibly, the deadlines would be shorter. However, these scientists have chosen to make their calculations with the only viable technology today. Maybe in the future the trip will be a little shorter than all this. Of course, building a base will continue to be a very, very long process. Many generations of humans would retire looking at those works. Image | NASA | SpaceX In Xataka | Elon Musk says it will take 1,000 Starships and 20 years to build the first sustainable city on Mars

steal talent from Ouigo and Iryo

by

Hundreds of train drivers are looking for a position at Renfe. This is to be expected after the company announced the opening of a call to hire 550 new machinists, within its replacement plan and with the aim of expanding its workforce. Although there is no concrete data on the impact on Ouigo and Iryo, previous calls anticipate a flight of workers to the Spanish company. 550 seats. This is the number of train drivers that Renfe expects to hire in the coming months. The call is already underway and is part of a larger employment plan with which it is expected to hire a total of 2,000 workers. The deadline to register ended in March and the process consists of three phases. In the first, it will be verified that the minimum requirements are met and the merits of the candidates will be assessed. The second phase consists of an in-person test and, finally, the third will be a test in a simulator. A flight of train drivers. It is the fear that Ouigo and Iryo can have. Both companies offer higher salaries than Renfe but the stability of a publicly owned company is still very attractive. In fact, it is not the first time that there has been a massive transfer of these companies to the Spanish side. In 2023, Ouigo and Iryo saw how a third of its staff He joined Renfe’s lists, according to the CNMC, after a call to hire new train drivers. This led the regulator to require Renfe to notify of these calls to their rivals a month and a half in advance before making them public and they cannot incorporate new workers into the workforce until three months after the resolution of the process, with the aim that these companies have enough time to replace the possible departure of their machinists. Because? The flight of train drivers is not a question of money. Or, at least, it is not in the short term. And the Spanish company’s machinists earn less starting money than in rival companies, but their future projection does promise more attractive salaries. Furthermore, it must be taken into account that both Ouigo and Iryo can never offer the same stability as Renfe for years to come. And the Spanish company has a greater number of vacancies available throughout the country and, furthermore, it is a public service so You will have to be present no matter what, wherever this obligation binds you.. How much does a machinist earn? As we said, an “entry train driver”, as new train drivers are described, earn less money on Renfe if we talk about base salary. According to the signed agreementa driver starts at 21,973.56 euros to which must be added a supplement of 1,286.64 euros per year for the “driving” concept and another 192.99 euros under the training category. These figures make up a base salary of about 23,500 euros per year to which must be added travel allowances to the place of residence and for minutes worked. Those minutes are paid more expensively the more minutes they have been used. For its part, an Iryo cobra machinistbase, 23,374.78 euros. To this figure we must add a bonus for minutes worked, as in the case of Renfe, or kilometers traveled. If we talk about Ouigothe base salary in this case is 18,000.00 euros and is increased to 21,693.00 euros with two years of seniority, to which bonuses such as days away from home or overtime must be added. It’s not just money. Union representatives point out The Country that the salary differences in favor of the private company (the bonuses are paid better and, therefore, they charge more from the start) are not being sufficient to compete with Renfe since the latter also allows the choice between Medium Distance or Cercanías trains and high-speed trains, so the possibilities within the company are greater. In addition, seniority weighs heavily in the Spanish company, which is why it rises quickly in the salary tables. These improvements due to seniority are reflected in the base salary but, in addition, the bonuses also grow as they add years to the company. So, a level A chief engineer (the highest range) is close to 60,000 euros gross before applying the bonuses for minutes worked. A first (and expensive) filter. Of course, aspiring to be part of the staff of Renfe or any other company in the sector is not easy. Obviously, the new driver must have the required qualifications that are obtained through theoretical and practical tests. But perhaps the biggest filter comes from economic limitations. And the courses to acquire these skills are expensive. The one from Renfe, specifically, It lasts one year and is offered for 21,200 euros. Photo | Andre Marques In Xataka | Iryo already knows what the cost of competing with Renfe on the AVE lines is: losing tens of millions of euros

The board game that was removed for making children steal food rations from Titanic survivors

by

There have always been games with a morbid theme, but they are certainly not a thing of today. Already in 1975, board game creators were racking their brains to come up with the darkest and most impactful idea for the whole family. And what better way to spend an afternoon of harmless fun in the company of loved ones that one of the greatest tragedies in the history of modern locomotion. It sinks. When in 1975 Ideal Toy Corporation put on the shelves ‘The Sinking of the Titanic’the slogan printed on the box left no room for imagination (or interpretation): “Play while the ship sinks… and then face the dangers of the open sea.” From 8 years and older, be careful. The controversy, of course, was immediate, the game was withdrawn from the market, and although it was reissued under different names, today it is a sought-after piece for collectors of classic board games. How to play. The game has two phases. First, players are ship’s officers who must navigate the cabins of the Titanic rescuing passengers and stocking up on food and water rations as the ship sinks. In the second phase, with the liner already under water, survivors in boats race to reach the rescue ship. The first to arrive with two passengers, two rations of food and two of water wins. What does it look like? The board is cleverly articulated into two pieces joined by clips. Every time someone rolls a 1 or 6 with the dice, the board “sinks” into the bar, and more and more squares of the ship’s hull disappear under the water. If an empty lifeboat touches the water, it is removed, and if the player cannot find a place in any boat, he loses. In 1975, the idea was very ingenious: a board that is transformed. Ideal itself had already explored these possibilities with a previous success, ‘Mouse Trap‘, in 1963. Storms and cannibals. But the real morbidity (and, let’s face it, the distancing from historical facts) came with the modifying cards that threw the players against “violent storms, cannibals, the cruel sea and each other,” as the instructions. Actually, the game has little to do with what happened on the Titanic, and in that sense it is quite modest: there are no mention of real passengers and the tropical islands with cannibals have nothing to do with the frigid North Atlantic where the real ship sank. The controversy. Ideal received criticism for turning tragedy into entertainment. The game was withdrawn from the market and re-released under the name ‘Abandon Ship’, with all references to the Titanic eliminated, something not difficult because as we have said, the game had few authentic elements, except perhaps the unmistakable silhouette of the cruise ship on the box. Because of this, the original version of ‘The Sinking of the Titanic’ has been revalued and It is easy for it to reach approximately 150 euros on websites like eBay. Too soon. The Titanic sank in April 1912 and Ideal recovered from the tragedy 63 years later. What is significant is that the remains of the ship, located by oceanographer Robert Ballard in 1985, had not yet been found. The 1,500 bodies that lay four kilometers deep certified, with bodies included, the magnitude of the tragedy. But ten years before, after the sinking of the Titanic, there were only ghosts missing in the sea, a myth about the unfathomable dangers of the ocean. In 1975 you could still make a board game about it. In Xataka | AI is so good at chess that it is changing something: the way humans play it

When he finishes he will steal the last advantage that the US had left

by

It is estimated that around more than 80% of the planet’s oceans remains to be mapped in detail, and in many areas we know less about the seabed than about the surface of the Moon. Still, that unknown environment is key to some of the world’s most advanced technologies. Also for war. The invisible map. I had a few days ago in a extensive Reuters report that China has been mapping the planet’s ocean floor for some time and that, when it is finished, it will have the last tactical advantage that the United States had left: knowing better than anyone else the terrain where the quietest war of all will be fought. For decades, American superiority under the sea rested not just on more advanced submarines, but on something much more intangible: a deep knowledge of the ocean environment. Now that balance starts to change because Beijing is building, step by step, a detailed image of that invisible world that conditions every movement underwater. A global network. What at first glance seems like oceanographic research is actually a global scale operation which combines dozens of vessels, hundreds of sensors and years of data accumulated in the Pacific, Indian Ocean and Arctic. These ships travel repeated routes, scanning the seabed and collecting key information on temperature, salinity and currents, factors that determine how sound propagates underwater. It is not a trivial detail, it is crucial because, in underwater combat, seeing does not matter so much: what is really key is listening better than your opponent and hiding from them. The “transparent ocean”. Here is possibly the crux of the whole thing. radiography that Beijing is carrying out. Because the heart of the strategy is the idea of ​​creating a species of “transparent ocean”a network of sensors capable of monitoring what happens beneath the surface with an unprecedented level of precision. The reason: although not everything is in real time, even delayed data allows build models that anticipateFor example, where a submarine can hide or how to detect it. In other words, China not only wants to sail better, but reduce uncertainty which has always protected these ships, transforming the ocean into a much less opaque and much more controllable space. Military power. They remembered in Reuters that one of the keys to the Chinese advance is how it is using universities, scientific institutes and civilian ships to build this knowledge base without openly resorting to military means. This fusion between civil and military allows it to operate more freely in international waters, accumulating strategic information without raising the same level of alert that a direct naval presence would cause… although the result is the same: a database that can be translated into operational advantages in the event of conflict. The end of a historic advantage. There is no doubt, all this effort aims to a clear objective: erode one of the greatest strategic advantages the United States has had, its dominance of the underwater environment. If China manages to match (or even surpass) that knowledge, it will be able, a priori, deploy your submarines more effectively, detect those of the adversary and monitor critical routes such as the approaches to the Pacific or the Strait of Malacca. It is therefore not a race of boats, but of information, and in this field the one who best understands the bottom of the ocean will have the initiative. A new balance. Taken together, the Chinese strategy reveals a profound change in the nature of naval power: one where it is no longer enough to have more ships or better weapons, but rather dominate the environment in which they operate. By systematically mapping the seafloor and deploying sensors at key points, Beijing is preparing the ground for a competition in which the advantage will not be visible, but yes decisive. And if that process is completed, the United States could find itself for the first time in decades without its traditional superiority in the most difficult domain to control: the one that cannot be seen. Image | RawPixel, Youth Daily News In Xataka | There are two global superpowers fighting to gain a foothold on the coast of Peru: the United States and China. In Xataka | It’s not that China is serious in the Pacific, it’s that space has revealed the size of a dizzying naval domain

It took a hacker two and a half hours to steal thousands of personal data from Endesa customers. Endesa took a week to notify

by

Endesa Energy has confirmed a cyberattack on its trading platform that has exposed critical information of millions of customers. The breach includes identity documents, bank accounts and data from electricity and gas contracts, which places those affected at risk of fraud and identity theft. What exactly happened. A cybercriminal has managed to circumvent the security measures of Endesa’s commercial platform and access sensitive customer information related to their energy contracts. According to has recognized the company in communications sent to those affected, during the security breach contact information, ID and IBAN numbers from bank accounts would have been extracted. The company ensures that the access passwords have not been compromised. The magnitude of the incident. The hacker responsible, who identifies himself as “Spain,” posted on January 4 on BreachForums, a popular forum in the dark webdetails of the attack claiming to have obtained more than 1 TB of information corresponding to more than 20 million people, according to reported the Digital Shield medium. The cybercriminal assured this medium that he had gained access in less than two and a half hours, and has gone so far as to leak data samples from a thousand clients to demonstrate the authenticity of the stolen information. What type of data is at stake. The hacker claims to have obtained basic personal data (names, surnames, postal addresses and contact information), financial information (IBAN, billing data and account history), energy data (CUPS, active electricity and gas contracts, supply point information) and regulatory data. The risks for clients. Although Endesa considers it “unlikely” that the theft will result in “a high-risk impact on the rights and freedoms of users,” the company warns of several real dangers in its official statement. Cybercriminals could try to impersonate customers, post the data on digital forums, or use it for phishing and spam campaigns. Josep Albors, Director of Research and Awareness at ESET Spain, explains that “the risk does not end with the notification of the breach” and that the exposed information can be reused for months or years to launch targeted fraud. Endesa’s response. The energy company has taken almost a week to publicly acknowledge the incident since the leak became known. The company claims to have immediately activated security protocols, blocked compromised access and notified the competent authorities of the case. In addition, it has enabled telephone lines to resolve doubts: 800 760 366 for Endesa Energía customers and 800 760 250 for those of Energía XXI, its distributor in the regulated market. We have contacted the company to find out more information about it, so we will update the article in case of news. What should those affected do? The problem with this security breach is that the data is surely used for advertising campaigns. phishing and targeted spam. As explained by ESET, the first thing we should keep in mind as affected parties is to distrust any communication that appears to come from Endesa and that includes links, attachments or urgent requests, always contacting the company through official channels. This has not been the case, but it never hurts to frequently review bank accounts to detect unauthorized movements and change passwords, even if the company claims that they have not been compromised, activating security protocols whenever possible. two factor authentication. Free and useful websites like ‘Have I Been Pwned‘ allow us to check if the data has appeared in other known breaches by entering our email. The extortion attempt. According to account According to Escudo Digital, the hacker has tried to negotiate directly with Endesa through emails, although at the moment he has not set a specific ransom figure. The cybercriminal, who says he is not affiliated with any group of ransomware known, has received offers from third parties of up to $250,000 for half of the database, although he claims to have not sold anything yet. “I prefer to wait for Endesa to decide,” he told the media. A worrying trend. Just like they count From the media Expansión, this attack places Endesa on the growing list of large Ibex 35 companies that have suffered cyberattacks in recent months. Companies such as Iberdrola, Iberia, Repsol and Banco Santander have been victims of similar incidents that have compromised customer data. And they have not been the only ones, since cyberattacks and data leaks They are now much more common. In the case of Endesa it seems that we will have to wait for the company to offer more information on the matter. Cover image | Endesa In Xataka | OpenAI just assumed an uncomfortable truth about AI browsers: there is one type of attack that is impossible to block

The countries of northern Europe are full of offshore wind. So they’ve started to steal the wind from each other

by

The world has thrown itself into the arms of renewables to meet the goals of decarbonization. Each country is developing its strategy And, if in some the photovoltaic takes the lead, in others it is the wind that splits the cod. The problem is the commitments: fill the plate field implies that crops receive less sunlight. And fill the world with wind turbines – apart from visual impact, for fishing and for the birds-, is causing something as curious as it is problematic. Countries that are stealing the wind from their neighbors. Wake effect. When the wind hits the wind turbine bladesthese rotate, generating kinetic energy and electricity. The wind continues its path, but after passing through a wind turbine, it does so with less force. Multiply that by fields full of these mills and we have what is known as the ‘wake effect‘ or ‘wake effect’. This air that has already passed through a wind turbine station does so with a lower speed and greater turbulence. And if this is important, it is because the wind takes time to recover: the wakes can extend more than 100 kilometers after crossing a field of windmills. wind thieves. These facilities are usually far from each other to better take advantage of the currents, but if under certain circumstances they extend tens of kilometers, and up to the aforementioned hundred, imagine the consequences for the wind turbines that remain behind that installation that receives the first “hit” of wind. It is not an assumption: there is measurements by SAR satellite that confirm that, if a wind farm is built upwind of another, the wind speed it receives is 9% lower, causing it to have a reduction between 10% and 20% compared to that first installation. This is what is known as “wind theft,” a colloquial term for something that is easy to understand, but not so easy to fix. This GIF of The Telegraph illustrates it perfectly: Princess Elisabeth. As we read in BBCthe lawyer Eirik Finseras, specialized in offshore wind energy, “is a somewhat misleading term because you cannot steal something that you cannot own. Nobody owns the wind” – del Sol, yes, a Galician -. But of course, the fact that no one owns the wind does not exempt that park on the windward side from suffering the effects of the park built on the leeward side. In the North Sea, this is already becoming a problembecause the denser and larger the wind farm, the more intense the wake effect will be. Belgium is building Princess Elisabeth, a huge park that will add a whopping 3.5 GW of offshore wind capacity to the country’s accounts. It is a really huge offshore facilitybut although it will allow the addition of those 3.5 GW, it will also affect the existing Belgian parks due to a wake that will extend 55 kilometers beyond the installation. According to the accounts of the University of Leuven, the oldest Belgian facilities located to the east will experience: An 8.5% reduction in annual electricity production. Losses of up to 15% on very windy days. Impact. That in Belgian parks, but of course, it is also an international problem because the wind does not understand borders. By 2030, it is estimated that the current capacity of offshore wind energy in the North Sea will triple. This implies that thousands of turbines will be erected in a very short time with Belgium, Germany, Denmark and the Netherlands willing to obtain, in total, 65 GW of offshore wind energy. The problem is knowing what will happen to these trails, since it is estimated that the 1,400 MW installation in the Dutch area of Borssele will cause a reduction of 2.7% on average in some Belgian wind farms. It is a very clear case of how the Netherlands is “stealing” the wind from Belgium. It is logical to understand the interest in offshore wind Bigger blades. In a report by BBCPablo Ouro, a civil engineering researcher at the University of Manchester, points out that they have been seeing wake effects for years, but that “the problem is that, to achieve emissions neutrality, we will need to triple offshore wind capacity and some of these new turbines will operate very close to those already in operation. There will be more and more crowds and the wake effects will have a greater impact.” And it is no longer a question of the number of mills, but of their dimensions. In the North Sea we are seeing efforts to achieve both greater heights for the mills themselves (to take advantage of other currents that are not being taken advantage of right now, such as larger blades that receive even more force from the wind. They are imposing mega-constructions that will also affect this wake effect, aggravating the problem. Solutions? Different countries are doing calculations. For example, in the United States, esteem that the planned offshore wind farms will produce a devastating wake effect: losses in the annual electricity production of other farms by up to 48.5 TWh per year. And there are already accusations: the Netherlands says that Belgium takes advantage of its wind, Germany says that the Netherlands is harming them… and the United Kingdom’s offshore parks stealing wind each other. The solution? Nothing simple, especially when many of these parks have either already been built or are under construction, but even so, research is being carried out to optimize the facilities. For example, adjusting turbine angles and optimizing the space between them, manufacturing higher power turbines to produce more with less or creating buffer zones between parks And, perhaps, the most difficult thing: that countries cooperate to carry out joint studies to place their facilities in the most efficient way for everyone. Images | ESMAP, G B_NZ In Xataka | In the great battle for wind turbines, Spain goes against Europe: it wants them further away than ever

“Steal everything from grandmothers”

by

GoogleXcoder is the alias from the 25-year-old Brazilian arrested in Cantabria a couple of weeks agoaccused of directing the largest operation of phishing banking that Spain has suffered. His group, ‘Team GXC’, cloned 35 financial institutions and emptied the accounts of thousands of clients. The Civil Guard arrested him along with six other members of the network after more than a year of monitoring. Why is it important. This case marks a turning point in Spanish cybercrime. The GXC did not only steal: according to a report by The Worldthey also rented their tools to other criminals for up to 900 euros a day. The multiplier effect turned each day into dozens of banks supplanted and millions stolen. His name on Telegram sums up the philosophy: “Steal everything from grandmothers.” The method. They combined phishing traditional with malware for Android, a double scam that nullified any security barrier: First, they captured bank details through fake websites. The malware then collected additional documents, digital signatures, and passwords. With that arsenal, they emptied accounts without leaving any apparent trace. The investigation. Group-IB, a cybersecurity firm that collaborates with Interpol, detected the threat in 2023. Anton Ushakovhis head of investigations in Europe, alerted the UCO of the Civil Guard when he confirmed that Spain was the epicenter. For months they tracked IP addresses bouncing around global servers until they located the mastermind: a digital nomad who changed provinces every few weeks. GoogleXcoder used stolen identities for its phone lines and cards. He lived with his family, constantly moving between provinces, believing himself to be invulnerable. The agents followed him while they gathered enough evidence. They hunted him in San Vicente de la Barquera, a town with less than 4,000 inhabitants, with their devices full of evidence as well as wads of cash. The UCO has published both the moment of his arrest and a recording of the tool used: The scope. The network operated from Spain but its tentacles reached Slovakia, the United Kingdom, the United States and South America. Six people directly linked fell in simultaneous operations in Valladolid, Zaragoza, Barcelona, ​​Palma, San Fernando and La Línea. The forensic analysis of their cryptocurrencies took more than a year due to the complexity of the network. The collaboration between Group-IB and the UCO sets a precedent: Until now, private cybersecurity companies mainly worked with Europol or Interpol. This time, identifying a specific threat against Spain, they shared findings directly with national forces. The result: one of the largest operations against cybercrime in our country, as recognized by the UCO itself. In Xataka | They seemed like useful tools for WhatsApp Web, but they were part of a large spam campaign Featured image | UCO

Thus it is possible to steal information from companies without anyone knowing

by

Notion’s new 3.0 version is updated with quite interesting changesalso introducing the fashionable now, Artificial Intelligence Agents that can execute complex tasks autonomously. However, it also opens the door to a critical vulnerability. And it is that those who come with not very good intentions can take advantage of a simpler technique than it seems to extract and send confidential data to external servers with the help of those same AI agents. The background problem. As they point out from Codeintegritymodern AI agents combine three elements that make them a potential threat: ability to use tools on their own, autonomous planning of actions and access to sensitive corporate information. In this way, when an attacker manages to manipulate the agent’s instructions, he can execute chains of complex actions that can end up dodging traditional security controls of companies. Image: Codeintegrity How the attack works. Through article Published by Codeintegrity, its researchers have shown that the process can end up being very simple. First, the attacker creates an apparently harmless PDF document. However, within the archive hide a text with malicious instructions that deceive the agent of the “important routine task” of the internal system. An invisible trap. The malicious text uses psychological manipulation techniques, presenting itself as a critical task that must be completed to avoid “consequences” in the company, also using technical terminology to seem legitimate and implying that the action is “pre -authorized” by safety. When the user asks the notion agent to summarize the document, he reads the hidden instructions and interprets them as genuine orders of the system. Data leakage. Once activated, the agent seeks confidential information in the user’s notion pages, as the Prompt had sent it, and concatena in a malicious URL previously described. Then use the system web search tool to send a query that contains all that sensitive information to a server controlled by the attacker, where the data is recorded. Scope of the problem. The most worrying thing is that this vulnerability It is not limited to PDF files Uploaded manually. Notion 3.0 integrates connectors with multiple business services such as Github, Gmail or Gira, any of which could be used to inject malicious instructions without the user suspect. Even advanced AI models such as Claude Sonnet 4considered among the safest in the market, have proven to be susceptible to this type of attack. What does it mean for companies. The techniques of ‘Prompt Injection‘They can question the security of any company that manipulates or manages diverse AI agents, since they can execute and plan actions autonomously. Therefore, companies that embrace AI, must also rethink their security protocols and establish new specific controls to tackle these types of problems. Cover image | Zan Lazarevic and generated by AI with Gemini In Xataka | Mark Zuckerberg doesn’t care to lose $ 200,000 million in AI. The real risk would not be betting on it, ensures

how it works and how to avoid this scam to steal money by earning your trust

by

Let’s explain What is the Like Scama new type of online deception that already Police and Civil Guard have warned. It is a scam that is being given in instantaneous messaging applications such as Telegram and social networks, and that will lead you to steal money after earning your trust. We are going to start the article explaining the mechanics and the procedure of this deception with which thieves earn your trust before Timing you. Then we will give you A series of tips To avoid falling into the trap. How is this scam First, scammers are going to contact you through different platforms, from Telegram to social networks. There, they will propose to you perform simple online tasks in exchange for moneysomething apparently easy that will not take you long. These tasks are things like Give and receive likes on social networksfollow profiles, etc. In exchange for this, they promise you small economic amounts for your time. With this they will feed both your trust and your greed. The tempting of all this is that At first they may pay you In exchange for what you are doing, they will give you small amounts of money. That is when your trust will be gained. When they have already convinced that they can help you earn money with little effort, they will rise to “higher groups”, where they will propose make investments in exchange for a lot of money. When you make these investments, cybercounts will simply disappear keeping your money. In addition, they will also stop paying for any task. And what is worse, the personal data you have given them to make the first payments are also possible to use them to Open bank accounts in your name and get more money at your expense. In addition, there are times when they can ask for money in exchange for continuing with these methods of winning, money that will also take. How to avoid falling this scam The first thing you should always do is distrust any method to earn fast moneysince everyone is usually deception online. It is sweet to be able to win some euros with simple tasks such as giving likes in accounts, but it is also a very common deception. Besides, suspect you who are asking for money or perform major actions. It doesn’t matter if you have been paid something, they are still people who do not know, so if you easily ascend in their ranges to be able to do greater actions, you have to suspect. Another important thing is Never give bank or personal dataand if they ask you right away you must be alert. Finally, no one with good intentions will ask you for money to continue working, even if it is an alleged “bargain” job. You must also suspect est. In Xataka Basics | Scam of the false winner on Facebook: how this scam works when you participate in competitions and how to avoid it

Having an AI browser that does things for you sounds good. Until a hacker uses it to steal all your money

by

Ask the AI ​​to make a summary of that article that you just saw in Reddit can be very expensive. It is what They just revealed Those responsible for Brave, who have discovered a surprisingly simple way to hack the browser of the perplexity comet to do not only what the user asks, but what an attacker has managed to convince him to do. The danger of leaving everything in the hands of AI is evident. What happened. Brave’s experts, a browser that competes with Chrome or Firefox and also has AI functions, wanted to analyze the risk of using an agetic browser like the one It offers perplexity right now with Comet. And what if they have done it. The browsers with ia promise a lot. Thanks to tools like Comet – Openai too has its chatgpt agentheir of Operator-, It is possible that the browser becomes a kind of digital butler and do things for us autonomously when visiting websites. Thus, you can summarize a news, tell you which song appears in that YouTube video, look for offers, answer emails or complete purchase processes. A priori the advantages are huge, but be careful, because there are also important risks. But be careful to let go of the steering wheel. However, delegating everything in the browser can raise a real threat to the safety and privacy of our data. If we trust them too much, these browsers may have access to all our data, since theoretically they will benefit from access to our email, but also to banking and financial data and even health. What happens if the amazing model or makes mistakes? Or worse: What happens if someone modifies the content in a malicious and invisible way for ia agents to follow malicious instructions? Having the AI. That is just what They discovered in Brave When trying a simple technique. They published a malicious comment on a Reddit thread, and then asked Comet to summarize the article. When they went to do it they verified how Comet did not know whether the content of that thread could or not contain malicious instructions: he simply met them and followed them. And in thread, as can be seen in the video, there were some simple instructions that stole the credentials of their perplexity account and even intercepted the verification code that the platform sent to the user to log in the service. Result: Automatic account by the attacker thanks to the AI. How the attack works. As Brave experts explain, the problem is that the way of hacking this type of browse is not hacking the browsers, but hacking the content, something that is very, very simple. The steps are the following: Configuration: An attack writes Malicious instructions in some content on the web. If you control that site, you can hide instructions using blank text if the background is also white, or in comments or other invisible elements. They can also do it directly “injecting” those instructions through comments in publications on social networks such as Reddit or Facebook. Activation: A user sails to that website and uses the browser with AI. If you do something simple as “Summarize this page“Or ask that certain information be extracted, these malicious instructions are activated. Injection: As the AI ​​processes the information on the page, see those malicious instructions and follow them. It is not able to distinguish whether the content has a malicious purpose or not, and considers everything as part of what you should do at the request of the user. Exploitation: these malicious commands and instructions indicate to the navigator’s tools to perform various actions, such as navigating the user’s bank account, Extract stored passwords In the browser or collect information to a remote server controlled by the attacker. Possible solutions. Those responsible for the study indicate that to protect themselves from these types of problems, agricultural browsers must first differentiate between what the user has asked for and what the user content is. The content of a website “should always be treated as non -reliable.” In addition, the browser with AI should necessarily ask for the user’s interaction to perform certain actions, how to access passwords or perhaps send an email. Restrict permissions to the agetic browser and make good use of Two -step verification systems “With mobile applications such as Google Authenticator, for example,” are also adequate ways to mitigate a problem that can put in many problems the deployment of these tools. Outstanding image | Perplexity, Xataka with mockuuups studio In Xataka | I have tried day, the browser that replaces ARC and bets everything to AI. It hasn’t come out as expected

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.