Daily Archives: December 18, 2015

Project Zero: FireEye security appliance Exploited by passing jar file through it

Posted on by
Reply

FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.

Source: Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast

All you need to do is send the jar in an email or get someone to visit a site with the jar on it and you can modify the bios and get access to their network information.

Bionic eye will send images direct to the brain to restore sight via 500 pixel “display”

Posted on by
Reply

The plan is to implant up to 11 small tiles, each loaded with 43 electrodes, into areas of the brain that deal with vision. When these areas are stimulated, people report seeing flashes of light. Lowery believes that each electrode could create a dot of light that is similar to seeing one pixel. In total, the tiles will provide around 500 pixels – enough to create a simple image. Although this resolution is far cruder than the 1 to 2 million pixel image a normal eye can produce, it should restore the basic

Source: Bionic eye will send images direct to the brain to restore sight | New Scientist

Microsoft: Upgrade to Windows 10 NOW or TONIGHT!

Posted on by
Reply

The large pop-up screen, which first appeared over the weekend, gives users the option of upgrading straight away or … that evening. Users can still opt out by clicking on the red ‘X’ in the top right corner of the window, but less savvy computer users (part of Redmond’s core market segments) might not figure that out.

Source: Microsoft steps up Windows 10 nagging

Wow, guys, we don’t want your massive privacy invasion called Windows 10!

Machine Learning Inspired by Human Learning  – AI can learn handwriting using a single example

Posted on by
Reply

Taking inspiration from the way humans seem to learn, scientists have created AI software capable of picking up new knowledge in a far more efficient and sophisticated way.

The new AI program can recognize a handwritten character about as accurately as a human can, after seeing just a single example. The best existing machine-learning algorithms, which employ a technique called deep learning, need to see many thousands of examples of a handwritten character in order to learn the difference between an A and a Z.

Source: Machine Learning Inspired by Human Learning | MIT Technology Review

Congress strips out privacy protections from CISA ‘security’ bill

Posted on by
Reply

Under the original CISA legislation, companies would share their users’ information with federal government departments once it had been anonymized. The government could then analyze it for online threats, while the companies received legal immunity from prosecution for breaking existing privacy agreements.

But as the bill was amended, the privacy parts of the proposed law have been stripped away. Now companies don’t have to anonymize data before handing it over. In addition, the government can use it for surveillance and for activities outside cybercrime. And in addition, companies don’t have to report security failings even if they spot them.

Source: Congress strips out privacy protections from CISA ‘security’ bill

Grub2 Authentication Bypass: press backspace 28 times

Posted on by
Reply

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Source: Back to 28: Grub2 Authentication Bypass 0-Day

Oops

Cox Is Liable for Pirating Subscribers, Ordered to pay $25 million

Posted on by
Reply

Internet provider Cox Communications is responsible for the copyright infringements of its subscribers, a Virginia federal jury has ruled. The ISP is guilty of willful contributory copyright infringement and must pay music publisher BMG $25 million in damages.

cox-logoToday marks the end of a crucial case that will define how U.S. Internet providers deal with online piracy in the future.

Following a two-week trial a Virginia federal jury reached a verdict earlier today (pdf), ruling that Cox is guilty of willful contributory copyright infringement.

The case was initiated by BMG Rights Management, which held the ISP responsible for tens of thousands of copyright infringements that were committed by its subscribers.

During the trial hearings BMG revealed that the tracking company Rightscorp downloaded more than 150,000 copies of their copyrighted works directly from Cox subscribers.

It also became apparent that Cox had received numerous copyright infringement warnings from Rightscorp which it willingly decided not to act on.

The case was restricted to 1,397 copyrighted works and a six-person jury awarded #25 million in damages. The award is lower than the statutory maximum, which would have been over $200 million.

Source: Cox Is Liable for Pirating Subscribers, Ordered to pay $25 million – TorrentFreak

Apart from the sum, which is amazing, the way the information was collected (downloading directly from subscribers) is in itself a form of piracy and therefore this evidence, being illegal, must be inadmissable?