Daily Archives: October 24, 2016

Projection mapping on a moving surface

Posted on by
Reply

This research aims at overcoming this limitation and realizes dynamic projection mapping in which dynamically-changing real-world and virtual visual information are completely merged in the level of human visual perception. This high-speed dynamic projection mapping requires a high-speed projector enabling high-frame-rate and low-latency projection. In order to meet this demand, we have developed a high-speed projector “DynaFlash” that can project 8-bit images up to 1,000fps with 3ms delay.In particular, as a challenging target for the dynamic projection mapping, we focus on a non-rigid surface. Sensing of non-rigid surface deformation is difficult to be achieved at high speed because it has high degrees-of-freedom and involves self-occlusions as well as external occlusions. Our newly proposed method overcomes this limitation. Our method can obtain the deformation robustly at 1,000 fps by using an originally proposed marker “Deformable Dot Cluster Marker”, even when the target causes large deformation and occlusions.

Source: Vision Architecture: High Speed Image Processing

Adding a phone number to your Google account can make it LESS secure (because telco insecurity).

Posted on by
Reply

On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago.

He then tried to make a call and discovered that his phone service was no longer active. Calling Verizon, he discovered that someone (the attacker) had called less than an hour ago and switched his service to an iPhone 4. Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record.

The attacker was able to reset Bob’s password and take control of his account. He or she then removed Bob’s recovery email, changed the password, changed the name on the account, and enabled two factor authentication. (Records show that the account was accessed from IP addresses in Iowa and Germany.)

Source: Adding a phone number to your Google account can make it LESS secure.

Dirty COW (CVE-2016-5195) Linux privilege escalation

Posted on by
Reply

What is the CVE-2016-5195?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Why is it called the Dirty COW bug?

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.” (RH)

Source: Dirty COW (CVE-2016-5195)

DNS devastation: Top websites whacked offline as Dyn dies again

Posted on by
Reply

An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others.

The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the internet. Folks immediately started reporting problems; millions of people are affected.

After two hours into the initial tidal wave of junk traffic, Dyn announced it had mitigated the assault and service was returning to normal. But the relief was short lived: just about an hour later, the attack resumed and at the time of writing (1800 UTC), not only is Dyn’s service still down but its website is too.

(Aptly, Dyn researcher Doug Madory had recently given a talk on DDoS attacks.)

By blasting Dyn offline, public DNS providers – such as Google and broadband ISPs – are unable to contact Dyn to lookup hostnames for netizens, preventing people from accessing sites using Dyn for DNS.

Source: DNS devastation: Top websites whacked offline as Dyn dies again