Paper straw factory to open in Britain as restaurants ditch plastic

No paper straws have been made in Britain for the last several decades. But that is about to change as a group of packaging industry veterans prepare to open a dedicated paper straw production line in Ebbw Vale, Wales, making hundreds of millions of straws a year for McDonald’s and other food companies as they prepare for a ban on plastic straws in the UK.

“We spotted a huge opportunity, and we went for it,” said Mark Varney, sales and marketing director of the newly created paper straw manufacturer Transcend Packaging. “When the BBC’s Blue Planet II was on the telly and the government started talking about the dangers of plastic straws, we saw a niche in the market.”

Varney and his business partners, all stalwarts of the packaging industry, watched as chains including Costa Coffee, Wetherspoons and Pizza Express announced plans to phase out plastic straws in favour of biodegradable paper.

“It is great that all these businesses are phasing out plastic straws, but the problem for them was where to get paper ones from,” Varney said. “Everyone is having to import them from China, and when you look at the carbon footprint of that it kind of defeats the exercise.”

So Varney and his partners set about opening what they reckon will be the only paper straw production plant in Europe. “We set up this company to give the the customers what they actually want: biodegradable paper straws made in the UK,” he said.

Transcend signed a deal last week to supply straws to 1,361 McDonald’s outlets from September. The deal was agreed before Transcend has made its first straw as the company is waiting on delivery of machines from China. McDonald’s uses 1.8m straws a day in the UK. The Northern Irish factory of the Finnish packaging company Huhtamaki will also supply McDonald’s but is understood to not yet have paper straw production capabilities.

Source: Paper straw factory to open in Britain as restaurants ditch plastic | Business | The Guardian

Climate Change Can Be Reversed by Turning Air Into Gasoline

A team of scientists from Harvard University and the company Carbon Engineering announced on Thursday that they have found a method to cheaply and directly pull carbon-dioxide pollution out of the atmosphere.

[…]

the new technique is noteworthy because it promises to remove carbon dioxide cheaply. As recently as 2011, a panel of experts estimated that it would cost at least $600 to remove a metric ton of carbon dioxide from the atmosphere.

The new paper says it can remove the same ton for as little as $94, and for no more than $232. At those rates, it would cost between $1 and $2.50 to remove the carbon dioxide released by burning a gallon of gasoline in a modern car.

[…]

Their technique, while chemically complicated, does not rely on unprecedented science. In effect, Keith and his colleagues have grafted a cooling tower onto a paper mill. It has three major steps.

First, outside air is sucked into the factory’s “contactors” and exposed to an alkaline liquid. These contactors resemble industrial cooling towers: They have large fans to inhale air from the outside world, and they’re lined with corrugated plastic structures that allow as much air as possible to come into contact with the liquid. In a cooling tower, the air is meant to cool the liquid; but in this design, the air is meant to come into contact with the strong base. “CO2 is a weak acid, so it wants to be in the base,” said Keith.

Second, the now-watery liquid (containing carbon dioxide) is brought into the factory, where it undergoes a series of chemical reactions to separate the base from the acid. The liquid is frozen into solid pellets, slowly heated, and converted into a slurry. Again, these techniques have been borrowed from elsewhere in chemical industry: “Taking CO2 out of a carbonate solution is what almost every paper mill in the world does,” Keith told me.

Finally, the carbon dioxide is combined with hydrogen and converted into liquid fuels, including gasoline, diesel, and jet fuel. This is in some ways the most conventional aspect of the process: Oil companies convert hydrocarbon gases into liquid fuels every day, using a set of chemical reactions called the Fischer-Tropsch process. But it’s key to Carbon Engineering’s business: It means the company can produce carbon-neutral hydrocarbons.

What does that mean? Consider an example: If you were to burn Carbon Engineering’s gas in your car, you would release carbon-dioxide pollution out of your tailpipe and into Earth’s atmosphere. But as this carbon dioxide came from the air in the first place, these emissions would not introduce any new CO2 to the atmosphere. Nor would any new oil have to be mined to power your car.

Source: Climate Change Can Be Reversed by Turning Air Into Gasoline – The Atlantic

Customer Rewards get a lot weirder if you think of them as seperate transactions

Source: xkcd: Customer Rewards

Giant African baobab trees die suddenly after thousands of years

Some of Africa’s oldest and biggest baobab trees have abruptly died, wholly or in part, in the past decade, according to researchers.

The trees, aged between 1,100 and 2,500 years and in some cases as wide as a bus is long, may have fallen victim to climate change, the team speculated.

“We report that nine of the 13 oldest … individuals have died, or at least their oldest parts/stems have collapsed and died, over the past 12 years,” they wrote in the scientific journal Nature Plants, describing “an event of an unprecedented magnitude”.

“It is definitely shocking and dramatic to experience during our lifetime the demise of so many trees with millennial ages,” said the study’s co-author Adrian Patrut of the Babeș-Bolyai University in Romania.

Among the nine were four of the largest African baobabs. While the cause of the die-off remains unclear, the researchers “suspect that the demise of monumental baobabs may be associated at least in part with significant modifications of climate conditions that affect southern Africa in particular”.

Further research is needed, said the team from Romania, South Africa and the United States, “to support or refute this supposition”.

Between 2005 and 2017, the researchers probed and dated “practically all known very large and potentially old” African baobabs – more than 60 individuals in all. Collating data on girth, height, wood volume and age, they noted the “unexpected and intriguing fact” that most of the very oldest and biggest trees died during the study period. All were in southern Africa – Zimbabwe, Namibia, South Africa, Botswana, and Zambia.

The baobab is the biggest and longest-living flowering tree, according to the research team. It is found naturally in Africa’s savannah region and outside the continent in tropical areas to which it was introduced. It is a strange-looking plant, with branches resembling gnarled roots reaching for the sky, giving it an upside-down look.

Source: Giant African baobab trees die suddenly after thousands of years | World news | The Guardian

A.I. Can Track Human Bodies Through Walls Now, With Just a Wifi Signal

A new piece of software has been trained to use wifi signals — which pass through walls, but bounce off living tissue — to monitor the movements, breathing, and heartbeats of humans on the other side of those walls. The researchers say this new tech’s promise lies in areas like remote healthcare, particularly elder care, but it’s hard to ignore slightly more dystopian applications.

[…]

“We actually are tracking 14 different joints on the body … the head, the neck, the shoulders, the elbows, the wrists, the hips, the knees, and the feet,” Katabi said. “So you can get the full stick-figure that is dynamically moving with the individuals that are obstructed from you — and that’s something new that was not possible before.”

RF-Pose A.I. using turning machine learning and a wifi signal into X-ray vision
An animation created by the RF-Pose software as it translates a wifi signal into a visual of human motion behind a wall.

The technology works a little bit like radar, but to teach their neural network how to interpret these granular bits of human activity, the team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) had to create two separate A.I.s: a student and a teacher.

[…]

the team developed one A.I. program that monitored human movements with a camera, on one side of a wall, and fed that information to their wifi X-ray A.I., called RF-Pose, as it struggled to make sense of the radio waves passing through that wall on the other side.

 

Source: A.I. Can Track Human Bodies Through Walls Now, With Just a Wifi Signal | Inverse

A machine has figured out Rubik’s Cube all by itself – using a reverse technique called autodictic iteration

In these scenarios, a deep-learning machine is given the rules of the game and then plays against itself. Crucially, it is rewarded at each step according to how it performs. This reward process is hugely important because it helps the machine to distinguish good play from bad play. In other words, it helps the machine learn.

But this doesn’t work in many real-world situations, because rewards are often rare or hard to determine.

For example, random turns of a Rubik’s Cube cannot easily be rewarded, since it is hard to judge whether the new configuration is any closer to a solution. And a sequence of random turns can go on for a long time without reaching a solution, so the end-state reward can only be offered rarely.

In chess, by contrast, there is a relatively large search space but each move can be evaluated and rewarded accordingly. That just isn’t the case for the Rubik’s Cube.

Enter Stephen McAleer and colleagues from the University of California, Irvine. These guys have pioneered a new kind of deep-learning technique, called “autodidactic iteration,” that can teach itself to solve a Rubik’s Cube with no human assistance. The trick that McAleer and co have mastered is to find a way for the machine to create its own system of rewards.

Here’s how it works. Given an unsolved cube, the machine must decide whether a specific move is an improvement on the existing configuration. To do this, it must be able to evaluate the move.

Autodidactic iteration does this by starting with the finished cube and working backwards to find a configuration that is similar to the proposed move. This process is not perfect, but deep learning helps the system figure out which moves are generally better than others.

Having been trained, the network then uses a standard search tree to hunt for suggested moves for each configuration.

The result is an algorithm that performs remarkably well. “Our algorithm is able to solve 100% of randomly scrambled cubes while achieving a median solve length of 30 moves—less than or equal to solvers that employ human domain knowledge,” say McAleer and co.

That’s interesting because it has implications for a variety of other tasks that deep learning has struggled with, including puzzles like Sokoban, games like Montezuma’s Revenge, and problems like prime number factorization.

Indeed, McAleer and co have other goals in their sights: “We are working on extending this method to find approximate solutions to other combinatorial optimization problems such as prediction of protein tertiary structure.”

Source: A machine has figured out Rubik’s Cube all by itself – MIT Technology Review

Bitcoin Price: ‘Bloody Sunday’ Not Caused by Coinrail Hack

As CCN reported, the little-known Coinrail became the latest cryptocurrency exchange to fall prey to hackers, who are said to have made off with approximately $40 million worth of tokens, a fairly pedestrian figure relative to some of the hacks seen over the years.

Later that day, the bitcoin price began to careen downwards, taking every other major cryptocurrency with it. This led some observers to draw the conclusion that the two events were linked.

Writing in market commentary made available to CCN, Greenspan said that “there is absolutely no reason why this smash and grab job at a local boutique should have sent bitcoin down by $1,000.”

While the bitcoin price did experience a small decline in the immediate aftermath of the report that an exchange had been hacked, Greenspan noted that the bulk of the decline came more than 15 hours later and that the scale of the pullback was entirely disproportionate to both the size of the hack and Coinrail’s significance in the cryptocurrency ecosystem.

bitcoin price
The bitcoin price declined after the Coinrail hack was first reported (circled), but the major drop occurred more than 15 hours later. | Source: eToro

He argued that the decline was instead a technical correction, as most of it occurred immediately after the bitcoin price broke beneath its long-term trendline and moved closer to two key support levels.

“Though the CoinRail hack may have set us off-track, I don’t think that this will have very significant ramifications in the long run,” he said. “The industry has certainly seen much bigger hacks before and other than a technical price level, this doesn’t change much for the path of the industry over the next five years.”

Source: Bitcoin Price: ‘Bloody Sunday’ Not Caused by Coinrail Hack

Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today.

The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545.

The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service —such as a mineror wallet application that users or companies have set up for mining or managing funds.

Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner’s personal details.

As such, this interface comes disabled by default in most apps, and is usually accompanied by a warning from the original app’s developers not to turn it on unless properly secured by an access control list (ACL), a firewall, or other authentication systems.

Almost all Ethereum-based software comes with an RPC interface nowadays, and in most cases, even when turned on, they are appropriately configured to listen to requests only via the local interface (127.0.0.1), meaning from apps running on the same machine as the original mining/wallet app that exposes the RPC interface.

Some users don’t like to read the documentation

But across the years, developers have been known to tinker with their Ethereum apps, sometimes without knowing what they are doing.

This isn’t a new issue. Months after its launch, the Ethereum Project sent out an official security advisory to warn that some of the users of the geth Ethereum mining software were running mining rigs with this interface open to remote connections, allowing attackers to steal their funds.

But despite the warning from the official Ethereum devs, users have continued to misconfigure their Ethereum clients across the years, and many have reported losing funds out of the blue, but which were later traced back to exposed RPC interfaces.

Source: Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular among smaller coins

Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.

At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that’s perhaps the crypto equivalent of a bank heist.

More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.

While there have been some instances of such attacks working successfully in the past, they haven’t exactly been all that common. They’ve been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It’s too costly and they wouldn’t get all that much money out of it.

But that doesn’t seem to be the case anymore.

NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment.

One conclusion he drew? These attacks were likely to increase. And, it turns out he was right.

“Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk,” he told CoinDesk, adding:

“Even I didn’t think it would start happening this soon.”

Inside the attacks

Stepping back, cryptocurrencies aim to solve a long-standing computer science issue called the “double spend problem.”

Essentially, without creating an incentive for computers to monitor and prevent bad behavior, messaging networks were unable to act as money systems. In short, they couldn’t prevent someone from spending the same piece of data five or even 1,000 times at once (without trusting a third party to do all the dirty work).

That’s the entire reason they work as they do, with miners (a term that denotes the machines necessary to run blockchain software) consuming electricity and making sure no one’s money is getting stolen.

To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can’t do anything they want when they’ve racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.

It wouldn’t make sense to amass all this expensive hashing power to double spend a $3 transaction on a cup of coffee. An attacker will only benefit from this investment if they’re able to steal thousands or even millions of dollars.

As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That’s why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.

By amassing more than half of the network’s hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.

Through three successful attacks of zencash (a lesser-known cryptocurrency that’s a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.

Though, the attack on verge was a bit different since the attacker exploited insecure rules to confuse the network into giving him or her money. Though, it’s clear the attacks targeted verge’s lower protocol layer, researchers are debating whether they technically constitute 51% attacks.

Small coins at risk

But, if these attacks were uncommon for such a long time, why are we suddenly seeing a burst of them?

In conversation with CoinDesk, researchers argued there isn’t a single, clear reason. Rather, there a number of factors that likely contributed. For example, it’s no coincidence smaller coins are the ones being attacked. Since they have attracted fewer miners, it’s easier to buy (or rent) the computing power necessary needed to build up a majority share of the network.

Further, zencash co-creator Rob Viglione argued the rise of mining marketplaces, where users can effectively rent mining hardware without buying it, setting it up and running it, has made it easier, since attackers can use it to easily buy up a ton of mining power all at once, without having to spend the time or money to set up their own miners.

Meanwhile, it’s grown easier to execute attacks as these marketplaces have amassed more hashing power.

“Hackers are now realizing it can be used to attack networks,” he said.

As a data point for this, someone even erected a website Crypto51 showing how expensive it is to 51% attack various blockchains using a mining marketplace (in this instance, one called NiceHash). Attacking bytecoin, for example, might cost as little as $719 to attack using rented computing power.

“If your savings are in a coin, or anything else, that costs less than $1 million a day to attack, you should reconsider what you are doing,” tweeted Cornell professor Emin Gün Sirer.

On the other hand, larger cryptocurrencies such as bitcoin and ethereum are harder to 51% attack because they’re much larger, requiring more hashing power than NiceHash has available.

“Bitcoin is too big and there isn’t enough spare bitcoin mining capacity sitting around to pull off the attack,” Bonneau told CoinDesk.

Source: Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular – Telegraph

EU Copyright law could put end to net memes

Memes, remixes and other user-generated content could disappear online if the EU’s proposed rules on copyright become law, warn experts.

Digital rights groups are campaigning against the Copyright Directive, which the European Parliament will vote on later this month.

The legislation aims to protect rights-holders in the internet age.

But critics say it misunderstands the way people engage with web content and risks excessive censorship.

The Copyright Directive is an attempt to reshape copyright for the internet, in particular rebalancing the relationship between copyright holders and online platforms.

Article 13 states that platform providers should “take measures to ensure the functioning of agreements concluded with rights-holders for the use of their works”.

Critics say this will, in effect, require all internet platforms to filter all content put online by users, which many believe would be an excessive restriction on free speech.

There is also concern that the proposals will rely on algorithms that will be programmed to “play safe” and delete anything that creates a risk for the platform.

A campaign against Article 13 – Copyright 4 Creativity – said that the proposals could “destroy the internet as we know it”.

“Should Article 13 of the Copyright Directive be adopted, it will impose widespread censorship of all the content you share online,” it said.

It is urging users to write to their MEP ahead of the vote on 20 June.

Jim Killock, executive director of the UK’s Open Rights Group, told the BBC: “Article 13 will create a ‘Robo-copyright’ regime, where machines zap anything they identify as breaking copyright rules, despite legal bans on laws that require ‘general monitoring’ of users to protect their privacy.

“Unfortunately, while machines can spot duplicate uploads of Beyonce songs, they can’t spot parodies, understand memes that use copyright images, or make any kind of cultural judgement about what creative people are doing. We see this all too often on YouTube already.

Source: Copyright law could put end to net memes – BBC News

Cisco Removes Backdoor Account, Fourth in the Last Four Months

For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

Harcoded SNMP community string

This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.

[…]

The string came to light by accident, while security researcher Aaron Blair from RIoT Solutions was researching another WaaS vulnerability (CVE-2018-0352).

This second vulnerability was a privilege escalation in the WaaS disk check tool that allowed Blair to elevate his account’s access level from “admin” to “root.” Normally, Cisco users are permitted only admin access. The root user level grants access to the underlying OS files and is typically reserved only for Cisco engineers.

By using his newly granted root-level access, Blair says he was able to spot the hidden SNMP community string inside the /etc/snmp/snmpd.conf file.

“This string can not be discovered or disabled without access to the root filesystem, which regular administrative users do not have under normal circumstances,” Blair says.

Source: Cisco Removes Backdoor Account, Fourth in the Last Four Months

The first 3D printed houses will be built in the Netherlands this year

The city of Eindhoven soon hopes to boast the world’s first commercially-developed 3D-printed homes, an endeavor known as Project Milestone.

Artist's rendering of 3D printed home neighborhood.
Artist’s rendering of 3D printed home neighborhood. (3dprintedhouse.nl)

Construction on the first home begins this year and five houses will be on the rental market by 2019, project organizers say. Within a week of releasing images of the new homes, 20 families expressed interest in dwelling in these postmodern pods, according to the project website.

“The first aim of the project is to build five great houses that are comfortable to live in and will have happy occupants,” developers say. Beyond that, they hope to promote 3D concrete printing science and technology so that printed housing “will soon be a reality that is widely adopted.”

3D printed concrete.
3D printed concrete. (3dprintedhouses.nl)

The “printer” in this case is a big robotic arm that will shape cement of a light, whipped-cream consistency, based on an architect’s design. The cement is layered for strength.

Source: The first 3D printed houses will be built in the Netherlands this year — Quartz

Facebook gave some companies special access to data on users’ friends

Facebook granted a select group of companies special access to its users’ records even after the point in 2015 that the company has claimed it stopped sharing such data with app developers.

According to the Wall Street Journal, which cited court documents, unnamed Facebook officials and other unnamed sources, Facebook made special agreements with certain companies called “whitelists,” which gave them access to extra information about a user’s friends. This includes data such as phone numbers and “friend links,” which measure the degree of closeness between users and their friends.

These deals were made separately from the company’s data-sharing agreements with device manufacturers such as Huawei, which Facebook disclosed earlier this week after a New York Times report on the arrangement.

Source: Facebook gave some companies special access to data on users’ friends

Ticketfly exposes data on 27m customers in hack

  • Ticketfly was the target of a malicious cyber attack last week
  • In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed.
  • However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. It’s important to note that many people purchase tickets with multiple email accounts, so the number of individuals impacted is likely lower.
  • We take privacy and security very seriously and upon first learning about this incident we took swift action to secure the data of our clients and fans.
  • Ticketfly.com, Ticketfly Backstage, and the vast majority of temporary venue/promoter websites are back online.

Source: Ticketfly | Ticketfly Cyber Incident Update

The hits keep coming for Facebook: Web giant made 14m people’s private posts public

about 14 million people were affected by a bug that, for a nine-day span between May 18 and 27, caused profile posts to be set as public by default, allowing any Tom, Dick or Harriet to view the material.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time,” Facebook chief privacy officer Erin Egan said in a statement to The Register.

Source: The hits keep coming for Facebook: Web giant made 14m people’s private posts public • The Register

VPNFilter router malware is a lot worse than everyone thought

ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly-named by Cisco’s Talos Intelligence as being exploited by the malware scum running the VPNFilter attacks, and the attack’s been spotted hitting endpoints behind vulnerable kit.

As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and now sports a “poison pill” to destroy an infected device if necessary.

When first discovered, VPNFilter was spotted in half a million devices – but only SOHO devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP storage kit.

As well as the six new vendors added to the list, Talos said more devices from Linksys, MikroTik, Netgear, and TP-Link are affected. Talos noted that to date, all the vulnerable units are consumer-grade or SOHO-grade.

All in all, it seems the early VPNFilter attacks amounted to a dry run to see if there were enough vulnerable boxen to make the effort worthwhile.

Source: VPNFilter router malware is a lot worse than everyone thought • The Register

How programmers addict you to social media, games and your mobile phone

If you look at the current climate, the largest companies are the ones that hook you into their channel, whether it is a game, a website, shopping or social media. Quite a lot of research has been done in to how much time we spend watching TV and looking at our mobiles, showing differing numbers, all of which are surprisingly high. The New York Post says Americans check their phones 80 times per day, The Daily Mail says 110 times, Inc has a study from Qualtrics and Accel with 150 times and Business Insider has people touching their phones 2617 times per day.

This is nurtured behaviour and there is quite a bit of study on how they do this exactly

Social Networking Sites and Addiction: Ten Lessons Learned (academic paper)
Online social networking sites (SNSs) have gained increasing popularity in the last decade, with individuals engaging in SNSs to connect with others who share similar interests. The perceived need to be online may result in compulsive use of SNSs, which in extreme cases may result in symptoms and consequences traditionally associated with substance-related addictions. In order to present new insights into online social networking and addiction, in this paper, 10 lessons learned concerning online social networking sites and addiction based on the insights derived from recent empirical research will be presented. These are: (i) social networking and social media use are not the same; (ii) social networking is eclectic; (iii) social networking is a way of being; (iv) individuals can become addicted to using social networking sites; (v) Facebook addiction is only one example of SNS addiction; (vi) fear of missing out (FOMO) may be part of SNS addiction; (vii) smartphone addiction may be part of SNS addiction; (viii) nomophobia may be part of SNS addiction; (ix) there are sociodemographic differences in SNS addiction; and (x) there are methodological problems with research to date. These are discussed in turn. Recommendations for research and clinical applications are provided.

Hooked: How to Build Habit-Forming Products (Book)
Why do some products capture widespread attention while others flop? What makes us engage with certain products out of sheer habit? Is there a pattern underlying how technologies hook us?

Nir Eyal answers these questions (and many more) by explaining the Hook Model—a four-step process embedded into the products of many successful companies to subtly encourage customer behavior. Through consecutive “hook cycles,” these products reach their ultimate goal of bringing users back again and again without depending on costly advertising or aggressive messaging.

7 Ways Facebook Keeps You Addicted (and how to apply the lessons to your products) (article)

One of the key reasons for why it is so addictive is “operant conditioning”. It is based upon the scientific principle of variable rewards, discovered by B. F. Skinner (an early exponent of the school of behaviourism) in the 1930’s when performing experiments with rats.

The secret?

Not rewarding all actions but only randomly.

Most of our emails are boring business emails and occasionally we find an enticing email that keeps us coming back for more. That’s variable reward.

That’s one way Facebook creates addiction

Behavioral Game Design (article)

Every computer game is designed around the same central element: the player. While the hardware and software for games may change, the psychology underlying how players learn and react to the game is a constant. The study of the mind has actually come up with quite a few findings that can inform game design, but most of these have been published in scientific journals and other esoteric formats inaccessible to designers. Ironically, many of these discoveries used simple computer games as tools to explore how people learn and act under different conditions.

The techniques that I’ll discuss in this article generally fall under the heading of behavioral psychology. Best known for the work done on animals in the field, behavioral psychology focuses on experiments and observable actions. One hallmark of behavioral research is that most of the major experimental discoveries are species-independent and can be found in anything from birds to fish to humans. What behavioral psychologists look for (and what will be our focus here) are general “rules” for learning and for how minds respond to their environment. Because of the species- and context-free nature of these rules, they can easily be applied to novel domains such as computer game design. Unlike game theory, which stresses how a player should react to a situation, this article will focus on how they really do react to certain stereotypical conditions.

What is being offered here is not a blueprint for perfect games, it is a primer to some of the basic ways people react to different patterns of rewards. Every computer game is implicitly asking its players to react in certain ways. Psychology can offer a framework and a vocabulary for understanding what we are already telling our players.

5 Creepy Ways Video Games Are Trying to Get You Addicted (article)

The Slot Machine in Your Pocket (brilliant article!)

When we get sucked into our smartphones or distracted, we think it’s just an accident and our responsibility. But it’s not. It’s also because smartphones and apps hijack our innate psychological biases and vulnerabilities.

I learned about our minds’ vulnerabilities when I was a magician. Magicians start by looking for blind spots, vulnerabilities and biases of people’s minds, so they can influence what people do without them even realizing it. Once you know how to push people’s buttons, you can play them like a piano. And this is exactly what technology does to your mind. App designers play your psychological vulnerabilities in the race to grab your attention.

I want to show you how they do it, and offer hope that we have an opportunity to demand a different future from technology companies.

If you’re an app, how do you keep people hooked? Turn yourself into a slot machine.

There is also a backlash to this movement.

How Technology is Hijacking Your Mind — from a Magician and Google Design Ethicist

I’m an expert on how technology hijacks our psychological vulnerabilities. That’s why I spent the last three years as a Design Ethicist at Google caring about how to design things in a way that defends a billion people’s minds from getting hijacked.

Humantech.com

Technology is hijacking our minds and society.

Our world-class team of deeply concerned former tech insiders and CEOs intimately understands the culture, business incentives, design techniques, and organizational structures driving how technology hijacks our minds.

Since 2013, we’ve raised awareness of the problem within tech companies and for millions of people through broad media attention, convened top industry executives, and advised political leaders. Building on this start, we are advancing thoughtful solutions to change the system.

Why is this problem so urgent?

Technology that tears apart our common reality and truth, constantly shreds our attention, or causes us to feel isolated makes it impossible to solve the world’s other pressing problems like climate change, poverty, and polarization.

No one wants technology like that. Which means we’re all actually on the same team: Team Humanity, to realign technology with humanity’s best interests.

What is Time Well Spent (Part I): Design Distinctions

With Time Well Spent, we want technology that cares about helping us spend our time, and our lives, well – not seducing us into the most screen time, always-on interruptions or distractions.

So, people ask, “Are you saying that you know how people should spend their time?” Of course not. Let’s first establish what Time Well Spent isn’t:

It is not a universal, normative view of how people should spend their time
It is not saying that screen time is bad, or that we should turn it all off.
It is not saying that specific categories of apps (like social media or games) are bad.

EFAIL: PGP and S/MIME (encrypted email) are no longer safe

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.
Email is a plaintext communication medium whose communication paths are partly protected by TLS (TLS). For people in hostile environments (journalists, political activists, whistleblowers, …) who depend on the confidentiality of digital communication, this may not be enough. Powerful attackers such as nation state agencies are known to eavesdrop on email communications of a large number of people. To address this, OpenPGP offers end-to-end encryption specifically for sensitive communication in view of these powerful attackers. S/MIME is an alternative standard for email end-to-end encryption that is typically used to secure corporate email communication.

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

 

Direct Exfiltration

There are two different flavors of EFAIL attacks. First, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails. These vulnerabilities can be fixed in the respective email clients. The attack works like this. The attacker creates a new multipart email with three body parts as shown below. The first is an HTML body part essentially containing an HTML image tag. Note that the src attribute of that image tag is opened with quotes but not closed. The second body part contains the PGP or S/MIME ciphertext. The third is an HTML body part again that closes the src attribute of the first body part.

The attacker now sends this email to the victim. The victim’s client decrypts the encrypted second body part and stitches the three body parts together in one HTML email as shown below. Note that the src attribute of the image tag in line 1 is closed in line 4, so the URL spans over all four lines.

The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.

The direct exfiltration EFAIL attacks work for encrypted PGP as well as S/MIME emails.

The CBC/CFB Gadget Attack

Second, we describe the novel CBC/CFB gadget attacks which abuse vulnerabilities in the specification of OpenPGP and S/MIME to exfiltrate the plaintext. The diagram below describes the idea of CBC gadgets in S/MIME. Because of the specifics of the CBC mode of operation, an attacker can precisely modify plaintext blocks if she knows the plaintext. S/MIME encrypted emails usually start with “Content-type: multipart/signed” so the attacker knows at least one full block of plaintext as shown in (a). She can then form a canonical plaintext block whose content is all zeros as shown in (b). We call the block pair X and C0 a CBC gadget. In step (c), she then repeatedly appends CBC gadgets to inject an image tag into the encrypted plaintext. This creates a single encrypted body part that exfiltrates its own plaintext when the user opens the attacker email. OpenPGP uses the CFB mode of operation, which has the same cryptographic properties as CBC and allows the same attack using CFB gadgets.

The difference here is that any standard-conforming client will be vulnerable and that each vendor may cook their own mitigations that may or may not prevent the attacks. Thus, in the long term, it is necessary to update the specification to find and document changes that fix the underlying root causes of the vulnerabilities.

While the CBC/CFB gadget attacks on PGP and S/MIME are technically very similar, the requirements for a successful attack differ substantially. Attacking S/MIME is straightforward and an attacker can break multiple (in our tests up to 500) S/MIME encrypted emails by sending a single crafted S/MIME email to the victim. Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts. The reason is that PGP compresses the plaintext before encrypting it, which complicates guessing known plaintext bytes. We feel that this is not a fundamental limitation of the EFAIL attacks but more a technical hitch and that attacks become more efficient in future research.

Mitigations

Here are some strategies to prevent EFAIL attacks:

Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

Short term: Disable HTML rendering. The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc. Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL. Note that there are other possible backchannels in email clients which are not related to HTML but these are more difficult to exploit.

Medium term: Patching. Some vendors will publish patches that either fix the EFAIL vulnerabilities or make them much harder to exploit.

Long term: Update OpenPGP and S/MIME standards. The EFAIL attacks exploit flaws and undefined behavior in the MIME, S/MIME, and OpenPGP standards. Therefore, the standards need to be updated, which will take some time.

Source: EFAIL

Uh oh! Here’s yet more AI that creates creepy fake talking heads

Video Machine-learning experts have built a neural network that can manipulate facial movements in videos to create fake footage – in which people appear to say something they never actually said.

It could be used to create convincing yet faked announcements and confessions seemingly uttered by the rich and powerful as well as the average and mediocre, producing a new class of fake news and further separating us all from reality… if it works well enough, naturally.

It’s not quite like Deepfakes, which perversely superimposed the faces of famous actresses and models onto the bodies of raunchy X-rated movie stars.

Instead of mapping faces onto different bodies, though, this latest AI technology controls the target’s face, and manipulates it into copying the head movements and facial expressions of a source. In one of the examples, Barack Obama acts as the source and Vladimir Putin as the target. So it looks as though a speech given by Obama was instead given by Putin.

obama_putin_AI

Obama’s facial expressions are mapped onto Putin’s face using this latest AI technique … Image credit: Hyeongwoo Kim et al

A paper describing the technique, which popped up online at the end of last month, claims to produce realistic results. The method was developed by Hyeongwoo Kim, Pablo Garrido, Ayush Tewari, Weipeng Xu, Justus Thies, Matthias Nießner, Patrick Pérez, Christian Richardt, Michael Zollhöfer, and Christian Theobalt.

The Deepfakes Reddit forum, which has since been shut down, was flooded with people posting tragically bad computer-generated videos of celebs’ blurry and twitchy faces pasted onto porno babes using machine-learning software, with mismatched eyebrows and skittish movements. You could, after a few seconds, tell they were bogus, basically.

A previous similar project created a video of someone pretending to say something he or she hadn’t through lip-synching and an audio clip. Again, the researchers used Barack Obama as an example. But the results weren’t completely convincing since the lip movements didn’t always align properly.

That’s less of a problem with this new approach, however. It’s, supposedly, the first model that can transfer the full three-dimensional head position, head rotation, face expression, eye gaze and blinking from a source onto a portrait video of a target, according to the paper.

Controlling the target head

It uses a series of landmarks to reconstruct a face so it can track the head and facial movements to capture facial expressions for the input source video and output target video for every frame. A facial representation method computes the parameters of the face for both videos.

Next, these parameters are slightly modified and copied from the source to the target face for a realistic mapping. Synthetic images of the target’s face are rendered using an Nvidia GeForce GTX Titan X GPU.

The rendering part is where the generative adversarial network comes in. The training data comes from the tracked video frames of the target video sequence. The goal is to generate fake images that are as good as enough as the ones in the target video frames to trick a discriminator network.

Only about two thousand frames – which amounts to a minute of footage – is enough to train the network. At the moment, it’s only the facial expressions that can be modified realistically. It doesn’t copy the upper body, and cannot deal with backgrounds that change too much.

Source: Uh oh! Here’s yet more AI that creates creepy fake talking heads • The Register

AI learns to copy human gaming behaviour by watching Youtube

Deep reinforcement learning methods traditionally struggle with tasks where environment rewards are particularly sparse. One successful method of guiding exploration in these domains is to imitate trajectories provided by a human demonstrator. However, these demonstrations are typically collected under artificial conditions, i.e. with access to the agent’s exact environment setup and the demonstrator’s action and reward trajectories. Here we propose a two-stage method that overcomes these limitations by relying on noisy, unaligned footage without access to such data. First, we learn to map unaligned videos from multiple sources to a common representation using self-supervised objectives constructed over both time and modality (i.e. vision and sound). Second, we embed a single YouTube video in this representation to construct a reward function that encourages an agent to imitate human gameplay. This method of one-shot imitation allows our agent to convincingly exceed human-level performance on the infamously hard exploration games Montezuma’s Revenge, Pitfall! and Private Eye for the first time, even if the agent is not presented with any environment rewards.

Source: [1805.11592] Playing hard exploration games by watching YouTube

AI better than dermatologists at detecting skin cancer, study finds

or the first time, new research suggests artificial intelligence may be better than highly-trained humans at detecting skin cancer. A study conducted by an international team of researchers pitted experienced dermatologists against a machine learning system, known as a deep learning convolutional neural network, or CNN, to see which was more effective at detecting malignant melanomas.

[…]

Fifty-eight dermatologists from 17 countries around the world participated in the study. More than half of the doctors were considered expert level with more than five years’ experience. Nineteen percent said they had between two to five years’ experience, and 29 percent had less than two years’ experience.

[…]

At first look, dermatologists correctly detected an average of 87 percent of melanomas, and accurately identified an average of 73 percent of lesions that were not malignant. Conversely, the CNN correctly detected 95 percent of melanomas.

Things improved a bit for the dermatologists when they were given additional information about the patients along with the photos; then they accurately diagnosed 89 percent of malignant melanomas and 76 percent of benign moles. Still, they were outperformed by the artificial intelligence system, which was working solely from the images.

“The CNN missed fewer melanomas, meaning it had a higher sensitivity than the dermatologists, and it misdiagnosed fewer benign moles as malignant melanoma, which means it had a higher specificity; this would result in less unnecessary surgery,” study author Professor Holger Haenssle, senior managing physician in the Department of Dermatology at the University of Heidelberg in Germany, said in a statement.

The expert dermatologists performed better in the initial round of diagnoses than the less-experienced doctors at identifying malignant melanomas. But their average of correct diagnoses was still worse than the AI system’s.

Source: AI better than dermatologists at detecting skin cancer, study finds – CBS News

AI can tell who you are by your gait using only floor sensors

Human footsteps can provide a unique behavioural pattern for robust biometric systems. We propose spatio-temporal footstep representations from floor-only sensor data in advanced computational models for automatic biometric verification. Our models deliver an artificial intelligence capable of effectively differentiating the fine-grained variability of footsteps between legitimate users (clients) and impostor users of the biometric system. The methodology is validated in the largest to date footstep database, containing nearly 20,000 footstep signals from more than 120 users. The database is organized by considering a large cohort of impostors and a small set of clients to verify the reliability of biometric systems. We provide experimental results in 3 critical data-driven security scenarios, according to the amount of footstep data made available for model training: at airports security checkpoints (smallest training set), workspace environments (medium training set) and home environments (largest training set). We report state-of-the-art footstep recognition rates with an optimal equal false acceptance and false rejection rate of 0.7% (equal error rate), an improvement ratio of 371% from previous state-of-the-art. We perform a feature analysis of deep residual neural networks showing effective clustering of client’s footstep data and provide insights of the feature learning process.

Source: Analysis of Spatio-temporal Representations for Robust Footstep Recognition with Deep Residual Neural Networks – IEEE Journals & Magazine

You Are Probably Using the Wrong HDMI Cord

There are, to date, seven different HDMI versions, starting with 1.0, which was introduced back in 2002, and currently ending with 2.1, which was only announced back in November of 2017. The amount of bandwidth each each version is capable of supporting, as well as any additional cool features a version may possess, is decided upon by the HDMI licensing group, which is made of a collection of companies, including Toshiba, Technicolor, Panasonic and Sony.

HDMI Version 1.4, which was introduced back in 2009, is the current de facto standard HDMI cable. It supports up to 10Gbps and a 1080p resolution with a 120Hz refresh rate (which means the screen can display 120 frames per second—great for sports and games), but it can only do 4K at 60Hz, and it can’t handle new features like HDR and wide color gamut. That means it’s worthless if you’re trying to hook up the latest set-top box or game console with most TVs made in the last two to three years.

Well, it’s not worthless, but it’s not ideal, either! You’re essentially losing out on the cool features you paid for in that TV and HDMI-connected device.

HDMI 1.4 also has to sub versions: 1.4a and 1.4b. The former allows the cable to work with 3D televisions in 1080p 24Hz, and the latter allows it to also handle 3D 1080p at 120Hz. Neither provides any noticeable improvement if you’re using one with a 2D television. As 3D TVs aren’t especially popular anymore, and there’s not a lot of content available, you don’t really need to think too much about these two—they’ll still work just like a vanilla version 1.4 cable.

What does provide an improvement is moving to Version 2.0. With this upgrade, the maximum bandwidth of the cable nearly doubles, from 10Gbps to 18Gbps. This means the cable can theoretically transmit a lot more data—like all the data needed to properly render a wider color gamut or HDR. Unfortunately, you’re still capped at 4K and 60Hz. So if you head into the big box store and they try to sell you on a fancy 4K TV capable of 120Hz, don’t necessarily feel like you need to spend the money. You will not be able to get a 4K 120Hz picture transmitted over HDMI with version 2.0 or earlier.

This might be where you point to Version 2.1, which was announced back in November 2017. It doesn’t just double the bandwidth. At a theoretical max of 48Gbps, it’s almost three times faster than 2.0 and nearly five times faster than 1.4 or earlier. It can actually do 4K and 120Hz and wide color gamut and HDR all at the same time. However, because it was announced in November 2017, there are very, very few TVs with ports that support the standard, or cables made to the standard.

HDMI cable standards are hidden, because the world is terrible

At this point, you might think you cracked the code, as if you could just go out, find an HDMI 2.0 or 2.1 cable, plug it in, and you’re good to go. Unfortunately, in 2012 HDMI pulled a truly bonehead move and essentially forbid anyone from actually saying what standards their cables support.

You can’t just go to Monoprice or Amazon and choose a nice-looking 2.0 cable and call it a day. But thankfully this guide exists, so you also don’t have to pore over every single number that chases after an HDMI cable when you do a search on Monoprice or Amazon.

The key thing isn’t to look for 4K, or 60Hz, or HDR, or more complex stats like YUV 4:4:4. All you actually need to pay attention to is the bandwidth of the cable. You want to find cables that say they are capable of 18Gbps or higher.

You also want to make sure that those cables are certified, as uncertified cables can make any kind of bandwidth claim they please and not actually deliver. A certified cable will be a little more expensive, but that means a dollar or two more. It’s a small price to pay to make sure your $1,000 TV is showing the picture it was designed to show.

Knowing when to trash a cable

So how do you know if the cables you already have are worthless? There typically aren’t any markers on the cable you can trust to accurately tell you. So if you don’t want to chuck all the cables you currently own and go buy all new ones, you’ll need to check a few things.

First, look at the manual for you TV and see what version of HDMI each port supports. Many TVs, especially cheaper ones, might only have Version 2.0 or higher on one port! That means there’s only one port that can handle 4K and HDR and all the stuff the TV bragged about having when you bought it. So locate a Version 2.0 port on your TV and plug in a device that supports 4K and HDR. Now, confirm that HDR is enabled on the TV. You’ll need to check you manual as every TV confirms HDR differently.

If HDR is enabled then you’re probably good to go! But if it is enabled and you notice the picture is pixelating or stuttering, then it means the cable can’t handle all the data and should be replaced. This is especially common with cables over 6 feet that are attempting to transmit 4K 60Hz picture with wide color gamut and HDR. For that reason, it’s rarely a good idea to buy a cable that is longer than 6 feet.

As good certified cables can be found at places like Amazon and Monoprice for under $10, there’s really no reason not to double-check and replace your cables if needed. You spent all that money on a good picture, so why waste it because of a cheap cable?

Source: You Are Probably Using the Wrong HDMI Cord

Robots fight weeds in challenge to agrochemical giants

In a field of sugar beet in Switzerland, a solar-powered robot that looks like a table on wheels scans the rows of crops with its camera, identifies weeds and zaps them with jets of blue liquid from its mechanical tentacles.

Undergoing final tests before the liquid is replaced with weedkiller, the Swiss robot is one of new breed of AI weeders that investors say could disrupt the $100 billion pesticides and seeds industry by reducing the need for universal herbicides and the genetically modified (GM) crops that tolerate them.

[…]

While still in its infancy, the plant-by-plant approach heralds a marked shift from standard methods of crop production.

Now, non-selective weedkillers such as Monsanto’s Roundup are sprayed on vast tracts of land planted with tolerant GM seeds, driving one of the most lucrative business models in the industry.

‘SEE AND SPRAY’

But ecoRobotix www.ecorobotix.com/en, developer of the Swiss weeder, believes its design could reduce the amount of herbicide farmers use by 20 times. The company said it is close to signing a financing round with investors and is due to go on the market by early 2019.

Blue River, a Silicon Valley startup bought by U.S. tractor company Deere & Co. for $305 million last year, has also developed a machine using on-board cameras to distinguish weeds from crops and only squirt herbicides where necessary.

Its “See and Spray” weed control machine, which has been tested in U.S. cotton fields, is towed by a tractor and the developers estimate it could cut herbicide use by 90 percent once crops have started growing.

German engineering company Robert Bosch here is also working on similar precision spraying kits as are other startups such as Denmark’s Agrointelli here

ROBO Global www.roboglobal.com/about-us, an advisory firm that runs a robotics and automation investment index tracked by funds worth a combined $4 billion, believes plant-by-plant precision spraying will only gain in importance.

“A lot of the technology is already available. It’s just a question of packaging it together at the right cost for the farmers,” said Richard Lightbound, Robo’s CEO for Europe, the Middle East and Africa.

“If you can reduce herbicides by the factor of 10 it becomes very compelling for the farmer in terms of productivity. It’s also eco friendly and that’s clearly going to be very popular, if not compulsory, at some stage,” he said.

 

Source: Robots fight weeds in challenge to agrochemical giants | Reuters

Epyc fail? We can defeat AMD’s virtual machine encryption, say boffins

German researchers reckon they have devised a method to thwart the security mechanisms AMD’s Epyc server chips use to automatically encrypt virtual machines in memory.

So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP or HTTPS requests.

[…]

a technique dubbed SEVered can, it is claimed, be used by a rogue host-level administrator, or malware within a hypervisor, or similar, to bypass SEV protections and copy information out of a customer or user’s virtual machine.

The problem, said Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that miscreants at the host level can alter a guest’s physical memory mappings, using standard page tables, bypassing the SEV’s protection mechanism. Here’s the team’s outline of the attack:

With SEVered, we demonstrate that it is nevertheless possible for a malicious HV [hypervisor] to extract all memory of an SEV-encrypted VM [virtual machine] in plaintext. We base SEVered on the observation that the page-wise encryption of main memory lacks integrity protection.

While the VM’s Guest Virtual Address (GVA) to Guest Physical Address (GPA) translation is controlled by the VM itself and opaque to the HV, the HV remains responsible for the Second Level Address Translation (SLAT), meaning that it maintains the VM’s GPA to Host Physical Address (HPA) mapping in main memory. This enables us to change the memory layout of the VM in the HV. We use this capability to trick a service in the VM, such as a web server, into returning arbitrary pages of the VM in plaintext upon the request of a resource from outside.

This is not the first time eggheads have uncovered shortcomings in SEV’s ability to lock down VMs: previous studies have examined how the memory management system can be exploited by hackers to poke inside encrypted guests. Fraunhofer AISEC’s study, emitted on Thursday this week, takes this a step further, demonstrating that, indeed, the entire memory contents of a virtual machine could be pulled by a hypervisor even when SEV is active.

To show this, the researchers set up a test system powered by an AMD Epyc 7251 processor with SEV enabled and Debian GNU/Linux installed, running the Apache web server in a virtual machine. They then modified the system’s KVM hypervisor to observe when software within the guest accessed physical RAM.

By firing lots of HTML page requests at the Apache service, the hypervisor can see which pages of physical memory are being used to hold the file. It then switches the page mappings so that an encrypted memory page used by Apache to send the requested webpage sends a memory page from another part of the guest – a page that is automatically decrypted.

That means Apache leaks data from within the protected guest. Over time, the team was able to lift a full 2GB of memory from the targeted VM.

“Our evaluation shows that SEVered is feasible in practice and that it can be used to extract the entire memory from a SEV-protected VM within reasonable time,” the researchers wrote. “The results specifically show that critical aspects, such as noise during the identification and the resource stickiness are managed well by SEVered.”

Source: Epyc fail? We can defeat AMD’s virtual machine encryption, say boffins • The Register

 
Skip to toolbar