Rep. Dana Rohrabacher on November 6, 2018, in Costa Mesa, California, just before he learned he had lost his seat to a Democratic challenger. Rohrabacher, the most Putin-friendly member of Congress, visited with Julian Assange in 2017 to offer him a pardon in exchange for proof that Seth Rich, not Russian intelligence, had leaked the DNC emails.
Enlarge / Rep. Dana Rohrabacher on November 6, 2018, in Costa Mesa, California, just before he learned he had lost his seat to a Democratic challenger. Rohrabacher, the most Putin-friendly member of Congress, visited with Julian Assange in 2017 to offer him a pardon in exchange for proof that Seth Rich, not Russian intelligence, had leaked the DNC emails.

A former California congressman confirmed in an interview with Yahoo News’ Michael Isikoff that he did offer to broker a pardon for Julian Assange in exchange for information that would exonerate Russia from the theft of emails from the Democratic National Committee and members of the Hillary Clinton presidential campaign organization. Republican Dana Rohrabacher was seeking to prove that the emails were leaked by DNC staffer Seth Rich, who was murdered in July 2016—and were not the product of a hacking campaign by Russian intelligence organizations.

Rohrabacher, who lost his seat in 2018, was a long-time cheerleader in Washington for Russian President Vladimir Putin’s government. Using information provided to him directly by the Kremlin, Rohrabacher personally promoted an effort to remove the name of Sergei Magnitsky from the Russia and Moldova Jackson–Vanik Repeal and Sergei Magnitsky Rule of Law Accountability

Image of a collection of ancient skulls.
Enlarge / OK, which one of you is the father?

Shortly before the publication of the first Neanderthal genome, a number of researchers had seen hints that there might be something strange lurking in the statistics of the human genome. The publication of the genome erased any doubts about these hints and provided a clear identity for the strangeness: a few percent of the bases in European and Asian populations came from our now-extinct relatives.

But what if we didn’t have the certainty provided by the Neanderthal genome? That’s the situation we find ourselves in now, as several studies have recently identified “ghost lineages“—hints of branches in the human family tree for which we have no DNA sequence but find their imprint on the genomes of populations alive today. The existence of these ghost lineages is based on statistical arguments, so it’s very dependent upon statistical methods and underlying assumptions, which are prone to being the subject of disagreement within the community that studies human evolution.

Now, researchers at the University of Utah are arguing that they have evidence of a very old ghost lineage contributing to Neanderthals and Denisovans (and so, indirectly, possibly to us). This is

Closeup photo of a hand holding the iPhone 11

Samuel Axon

Apple is seriously considering the possibility of allowing users to change the default apps for Web browsing, mail, or music on their iPhones. The company might also allow users to listen to Spotify or other music streaming services besides Apple Music via Siri on the iPhone or on the HomePod smart speaker.

These revelations were outlined in a report by Bloomberg’s Mark Gurman this morning, who cited multiple people familiar with Apple’s internal plans.

While Apple’s plans are not final, the changes could go into effect as soon as Apple’s iOS 14 release later this year, which means they would likely be introduced during Apple’s developer conference this June.

Currently, iOS users can download third-party applications for mail or Web browsing like Outlook or Firefox, but they cannot set them to be the default apps that the system opens when a link or email address is tapped in another application, for example. Apple does allow users to do these things in some cases with its macOS software for desktops and laptops, even though it’s not possible on the company’s mobile platforms.

This could help Apple’s iOS platform compete with Google’s Android, which has the dominant position in the

A maze of gas pipelines.

A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.

Tuesday’s advisory from the DHS’ Cybersecurity and Infrastructure Security Agency, or CISA, didn’t identify the site except to say that it was a natural gas-compression facility. Such sites typically use turbines, motors, and engines to compress natural gas so it can be safely moved through pipelines.

The attack started with a malicious link in a phishing email that allowed attackers to pivot from the facility’s IT network to the facility’s OT network, which is the operational technology hub of servers that control and monitor physical processes of the facility. With that, both the IT and OT networks were infected with what the advisory described as “commodity ransomware.”

The infection didn’t spread to programmable logic controllers, which actually control compression equipment, and it didn’t cause the facility to lose control of operations, Tuesday’s advisory said. The advisory explicitly said that “at no time did the threat actor obtain the ability to control or manipulate operations.”

Still, the attack did knock out crucial control

The complex web of software and hardware components and their licensing schemes makes it difficult for healthcare organizations to upgrade or patch systems that prove to be vulnerable.
Enlarge / The complex web of software and hardware components and their licensing schemes makes it difficult for healthcare organizations to upgrade or patch systems that prove to be vulnerable.

Universal Images Group / Getty Images

When your family opened up that brand-new computer when you were a kid, you didn’t think of all of the third-party work that made typing in that first BASIC program possible. There once was a time when we didn’t have to worry about which companies produced all the bits of licensed software or hardware that underpinned our computing experience. But recent malware attacks and other security events have shown just how much we need to care about the supply chain behind the technology we use every day.

The URGENT/11 vulnerability, the subject of a Cybersecurity and Infrastructure Security Agency advisory issued last July, is one of those events. It forces us to care because it affects multiple medical devices. And it serves as a demonstration of how the software component supply chain and availability of support can affect the ability of organizations to update devices to fix security bugs—especially in the embedded computing space.

URGENT/11 is a vulnerability in the Interpeak Networks TCP/IP stack

Anatomy of a dumb spear-phish: Hitting librarians up for Zelle, CashApp cash

Here’s a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time.

Yesterday, the outgoing chair of the Young Adult Library Services Association’s Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA’s board. The email asked, “Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise.”

There were a few things off about the email. First of all, while the first half of the email address that the message came from matched the email address of her colleague, the domain name was very phishy: Reagan.com, a site that offers “secure private email” to users who want to “keep President Ronald Reagan’s legacy alive.” The purported sender of the message was, to put it mildly, not a big fan of President Reagan’s legacy. (Ars attempted to reach the operators of the Reagan.com site for comment, but they are very privacy-minded.)

Want a trusted domain name to send your spear-phish emails from for just $33 a year? Look no further.
Enlarge / Want a trusted domain name to send your spear-phish emails from for just $33 a year? Look no