Audio Posts In Russian

Беспилотник уничтожен над Энгельсом в Саратовской области

Пострадавших и разрушений инфраструктуры при падении обломков, по предварительным данным, нет.

Audio Posts In Russian

Япония санкциями запретила экспорт в Россию 164 категорий товаров

Под ограничения попали моторные масла, литий-ионные аккумуляторы, яхты и другие суда.

Audio Posts In Russian

Режим ЧС ввели в одном из районов Хабаровска на фоне повышенной радиации

Специалисты хабаровского комбината «Радон» проводят работы по определению природы источника радиации, его изъятию, транспортировке и захоронению.

Audio Posts In Russian

Дети с диабетом из Белгорода пройдут реабилитацию в Подмосковье


Первая группа из 20 человек с сахарным диабетом первого типа вместе с родителями приехала в Центр реабилитации и образования Департамента труда и социальной защиты населения Москвы, который находится в живописном месте недалеко от подмосковной Истры. В течение трех недель дети пройдут курс реабилитации без отрыва от учебы, их проконсультируют и, если нужно, скорректируют лечение ведущие эндокринологи.

Audio Posts In English

TikTok poses private data threat: FCC commissioner

(NewsNation) — As the app faces a potential ban, FCC Commissioner Brendan Carr says that TikTok poses a private data threat.

“The problem with TikTok isn’t the video platform itself. It’s the fact that it pulls all this very sensitive data from U.S. users … The threat is those data flow back to China,” Carr said.

TikTok and its ownership came up as a topic of conversation in a recent call between Joe Biden and Chinese President Xi Jinping, the White House said, adding that Biden raised American concerns about the app’s ownership.

Carr says he supports Biden on this topic and that he’s confident the Senate will approve a ban.

“This is a bipartisan issue where the Biden administration has been clear. And Republicans have been, as well,” Carr said. “I’m very confident this will pass the Senate, as well.”

Last month, the House approved a bill that would ban TikTok in the U.S. if Chinese parent company ByteDance doesn’t sell the social media app.

TikTok’s fate now lies in the hands of the Senate.

“I want to make sure that America is protected,” said Rep. Bob Latta, R-Ohio, co-sponsor of the bill. “This is not a ban. ByteDance can divest themselves of this, but the Communist Chinese want our information.”

Meanwhile, TikTok claims it contributed $24.2 billion to U.S. gross domestic product last year and drove $14.7 billion in small-business owners’ revenue, according to a report paid by the app, The Washington Post reported.

“TikTok provides an opportunity for [small and medium-size businesses] to grow by allowing them to market themselves both organically and/or through investing in paid advertising and creator marketing,” the study said.

Audio Posts In English

Oregon lawmaker concerned over drug recriminalization law

(NewsNation) — An Oregon lawmaker said the state’s measure to recriminalize the possession of small amounts of drugs still has a long way to go before it can be successful and effective in treating the state’s addiction crisis. 

GOP Oregon State Rep. Ed Diehl voted against a bill that makes minor drug possession a misdemeanor crime again and gives local governments the ability to opt into diversion programs that encourage treatment before a person found with drugs is booked into jail.

Diehl told “NewsNation Now” that while the law is good on many fronts, it “misses the mark” in a lot of ways, which is why he opposed it. 

“Where it fails the mark and what my concern is … is the financial aspect of it,” he said.

Diehl said the oversight and accountability council that oversees cannabis money that was supposed to go to drug enforcement, drug addiction treatment and recovery during decriminalization does not believe in the new law, which could cause problems for funding. 

“We will not succeed unless we have continued funding for the programs that Oregonians know we need, so I wanted to raise that flag, that we’re not out of the woods yet on this,” he said. “We need to make sure we get the money in place to fund these programs that law enforcement needs to get people clean.”

In 2020, Oregon became the first state in the country to approve a measure decriminalizing the possession of small amounts of hard drugs. But after a surge in opioid deaths between 2019 and 2022, the state decided to reverse course and recriminalize them.

Oregon’s Democratic Gov. Tina Kotek on Monday signed House Bill 4002 into law, which recriminalizes the possession of small amounts of drugs. 

The new law makes personal use possession a misdemeanor punishable by up to six months in jail. It also establishes ways for treatment to be offered as an alternative to criminal penalties by encouraging law enforcement agencies to create deflection programs that would divert people to addiction and mental health services instead of the criminal justice system.

Measure 110, approved by voters with 58% support in 2020, made the personal use possession of illicit drugs such as heroin, cocaine and methamphetamine only punishable by a ticket and a maximum fine of $100. 

The law directed hundreds of millions of dollars of the state’s cannabis tax revenue toward addiction services.

But the money was delayed due to the pandemic, and the state was hit with a fentanyl crisis that prompted a reverse course for lawmakers. 

“With ballot Measure 110, the legislature put it in place without any systems in place to handle the fallout, and we see it on our streets every day,” Diehl said. 

But Diehl said the new law does have positive aspects, including making it easier for police to arrest drug dealers and creating a new class D and E misdemeanor that would send a drug offender to treatment or jail.

“The whole goal is to get people into treatment,” he said. 

Audio Posts In English

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks


HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks.

HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to the target implementation. Many HTTP/2 implementations don’t correctly address limiting or sanitizing the amount of CONTINUATION frames sent within a single stream. An attacker can exploit this issue by sending a stream of CONTINUATION frames. These frames may not be appended to the header list in memory but will still be processed and decoded by the server, potentially causing an out-of-memory (OOM) crash.

The attack technique was named HTTP/2 CONTINUATION Flood, the researcher Bartek Nowotarski reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.

“HTTP/2 CONTINUATION frames are used to continue a sequence of field block fragments. They are utilized in order to split header blocks across multiple frames. The other two types of header block fragments are HEADERS or PUSH_PROMISE. CONTINUATION frames can be utilized to continue a header block fragment that could not be transmitted by the HEADERS or PUSH_PROMISE frames. A header block is considered completed when the server receives a set END_HEADERS flag.” reads the advisory published by CERT/CC. “This is intended to denote that there are no further CONTINUATION, HEADERS, or PUSH_PROMISE frames. A vulnerability has been discovered within multiple implementations that does not limit the amount of CONTINUATION frames that can be sent within a single stream.”

Nowotarski explained that the CONTINUATION Flood is a class of vulnerabilities within numerous HTTP/2 protocol implementations. Compared to the Rapid Reset, CONTINUATION Flood has a more severe impact on a single machine. The researchers pointed out that it has the potential to disrupt server availability, causing server crashes and performance degradation.

Below are the flaw impacting different implementations.

CVE-2024-27983 – An attacker can make the Node.js HTTP/2 server unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

CVE-2024-27919 – Envoy’s oghttp codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption.

CVE-2024-2758 – Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.

CVE-2024-2653 – amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the END_HEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they’re used with an unpatched version of amphp/http. Early versions of amphp/http-client with HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected.

CVE-2023-45288 – The Go packages net/http and net/http2 packages do not limit the number of CONTINUATION frames read for an HTTP/2 request, which permits an attacker to provide an arbitrarily large set of headers for a single request, that will be read, decoded, and subsequently discarded, which may result in excessive CPU consumption.

CVE-2024-28182 – An implementation using the nghttp2 library will continue to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream, resulting in a DoS.

CVE-2024-27316 – HTTP/2 CONTINUATION frames without the END_HEADERS flag set can be sent in a continuous stream by an attacker to an Apache Httpd implementation, which will not properly terminate the request early.

CVE-2024-31309 – HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.

CVE-2024-30255 – HTTP/2 protocol stack in Envoy versions 1.29.2 or earlier are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoys HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoys header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic.

CERT/CC highlighted that it may be difficult to analyze incoming traffic to detect exploitation attempts as the HTTP request is not properly completed.

“Analysis of raw HTTP traffic may be necessary to determine an attack utilizing this vulnerability.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, HTTP/2 CONTINUATION Flood)

Audio Posts In English

‘Ukraine Will Become a NATO Member,’ Blinken Says in Brussels


Kuleba stresses that this should happen “sooner rather than later.”

Audio Posts In English

US official talks AUKUS expansion ahead of summit with Japan

washington — U.S. Deputy Secretary of State Kurt Campbell has suggested that the U.S.-U.K.-Australia trilateral security partnership known as AUKUS may soon be expanded to include other Indo-Pacific nations.

AUKUS was established in 2021 in the face of China’s increasingly assertive presence in the Indo-Pacific. Talks about other countries joining the group or participating in what is called Pillar 2 have been circulating for more than a year.

“It was always believed when AUKUS was launched that, at some point, we would welcome new countries to participate, particularly in Pillar 2,” Campbell said while speaking Wednesday at an event hosted by the Center for a New American Security (CNAS).

The first pillar of AUKUS was to provide Australia with a conventionally armed, nuclear-powered submarine fleet, and the second pillar is to collaborate on advanced capabilities such as artificial intelligence, quantum technology, advanced network capabilities, hypersonic capabilities, electronic warfare and underwater capabilities.

Campbell added that other countries have expressed interest in participating in AUKUS when the time was right.

“I think you’ll hear that we have something to say about that next week,” he said.

Trilateral summit next

Next week, U.S. President Joe Biden will host a trilateral summit with Japan and the Philippines. Biden will also have a bilateral summit with Japanese Prime Minister Fumio Kishida.

Campbell said the summit with Japan is expected to “historically” upgrade security cooperation relations, including the joint development of defense supplies.

According to Nikkei Asia, Campbell revealed on March 21 that the U.S.-Japan talks are expected to discuss technical cooperation between Japan and AUKUS.

According to the report, Campbell said Japan had made it “very clear” that it had no interest in participating in the AUKUS nuclear-powered submarine project. But, he said, “there are clearly areas that Japan could bring substantial capacity to bear in security and technological pursuits that advance common goals in the Indo-Pacific.”

Campbell told Nikkei Asia that those areas include advanced robotics, cyber initiatives and some work in anti-submarine warfare.

At Wednesday’s event, Campbell noted that several countries in the Indo-Pacific region are undertaking critical research and development in areas Pillar 2 focuses on, including hypersonic capabilities, long-range strikes, undersea capabilities and cyber.


As China’s provocative actions have escalated in recent years, AUKUS has begun to set its sights on more countries.

During a “2+2” meeting between Japan and Australia in December 2022, Australian Defense Minister Richard Marles said that AUKUS could involve Japan.

In August 2023, the Foreign Affairs Committee of the British House of Commons stated that AUKUS should invite Japan and South Korea to join.

Last November, former Japanese Prime Minister Taro Aso suggested during a visit to Australia that Japan join the group, which could be named JAUKUS. He said that would help send a unified signal on the Taiwan issue.

Australia and New Zealand also raised the possibility of New Zealand joining the second pillar of AUKUS after a ministerial meeting between the two countries in February.

Malcolm Davis, a senior analyst in defense strategy and capability at the Australian Strategic Policy Institute, or ASPI, said the second pillar of AUKUS could draw on the strengths of Japan, New Zealand, Canada and even South Korea, but not necessarily as full members.

“Rather than bringing in these states as full AUKUS members, it’s better to bring them in on a project-by-project basis within pillar two areas of priority — for example, robotics and A.I., autonomous systems, advanced undersea warfare, electronic warfare, quantum technologies, and hypersonics,” Davis told VOA via email.

“It also opens up opportunities to add in some new priority areas — for example, space-related areas, where these states can make a great contribution.”

Bronte Munro, an analyst in the ASPI office in Washington, told VOA that Japan is an increasingly suitable candidate for joining AUKUS, noting major changes in its defense policy in response to the perceived Chinese threat. These include amendments to laws prohibiting the export of lethal weapons.

Munro said Japan’s manufacturing of advance semiconductors is critical for technology leadership, and the inclusion of Japan can help “secure semiconductor supply chains more explicitly for AUKUS partners.”

However, there are doubts in some circles about the wisdom of expanding AUKUS in view of the risks involved in sharing and transferring advanced technologies.

Andrew Hastie, the shadow defense minister of the Australian opposition party, told the U.S. media outlet Breaking Defense on March 28 that AUKUS’ focus should remain with the three countries already involved to ensure a seamless “transfer of the very sensitive secrets and intellectual property that’s involved with the heart of Pillar 1 and Pillar 2.”

When asked at the CNAS event whether Japan has established a security architecture to integrate into the second pillar of AUKUS, Campbell pointed out that the U.S. has been involved in “a series of engagements with Japan both on the intelligence side and in security spheres to encourage Japan to take on increasingly more strenuous activities that protect their intellectual property, that hold government officials accountable for the secrets they are trusted with.”

“It’s fair to say that Japan has taken some of those steps, but not all of them,” he said. “And we believe that ultimately, it is in our interest to share as much information and other technologies … with close partners like Japan to allow for a deeper, more fundamental alliance,” said Campbell.

He announced that “One of the things that I think you’ll see next week are steps, for the first time, that will allow the United States and Japan to work more collaboratively on joint development and potentially co-production of vital military and defense equipment.

“The U.S.-Japan Alliance is the cornerstone of our engagement in the Indo-Pacific.”

Adrianna Zhang contributed to this report.

Audio Posts In English

Donald Trump has all caps meltdown as Jack Smith closes in on Aileen Cannon


Donate to Democratic candidate Adam Frisch.

Donate to Palmer Report.

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now


Attention Palmer Report readers: sign up for our free mailing list here

Well, it’s happened as we all knew that it would. Donald Trump has melted down, launching a furious tirade on the only platform that receives him with love — the stale, pathetic, unwanted, pitiful wreckage called truth social.


“Should be sanctioned or censured for the way he is attacking a highly respected Judge, Aileen Cannon.”

HIGHLY RESPECTED? Oh, how funny.

“He is a lowlife who is nasty, rude and condescending and obviously trying to play the ref.”

Play the Ref? What an ODD term for Trump to use. Perhaps, after all, he is not writing his own truth social screeds. I’d not expect him to know what “Play the ref” actually means. So, this angry screed is a perfect example of projection.

Trump accusing someone else of going after a Judge is hilarious to me. The fact is, Trump likes Cannon because he knows she’s sympathetic to him. The fact that Cannon is probably not long for this case doesn’t seem to have penetrated that distorted and warped orange that is his stream of consciousness.

Trump wants and needs an outlet to vent his putrid form of rage. After all, it isn’t like he has friends who might be interested in listening.

Of course, Trump hates anyone who doesn’t fawn over him. Perhaps he thought, at the beginning, that he’d be able to wrap Jack Smith around his toxic little pinkie finger. That proved to be impossible. So now Trump, in our cowardly fashion, lashes out at anyone and everyone who sees through his garbage.

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now


Attention Palmer Report readers: sign up for our free mailing list here

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now


Attention Palmer Report readers: sign up for our free mailing list here

The post Donald Trump has all caps meltdown as Jack Smith closes in on Aileen Cannon appeared first on Palmer Report.