Monthly Archives: October 2016

Criticize Donald Trump, get your site smashed offline from Russia

Posted on by
Reply

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba.

The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but quickly realized that something more sinister was afoot.

The site was being bombarded by junk traffic from servers all around the world, but the majority came from Russia, the editor in chief Jim Impoco has now said.

“Last night we were on the receiving end of what our IT chief called a ‘massive’ DoS [denial of service] attack,” he told Talking Points Memo.

“As with any DDoS [distributed DoS] attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything. We are still investigating.”

Source: Criticize Donald Trump, get your site smashed offline from Russia

AI Machine-learning models vulnerable to reverse engineering

Posted on by
Reply

In a paper [PDF] presented in August at the 25th Annual Usenix Security Symposium, researchers at École Polytechnique Fédérale de Lausanne, Cornell University, and The University of North Carolina at Chapel Hill showed that machine learning models can be stolen and that basic security measures don’t really mitigate attacks.

Machine learning models may, for example, accept image data and return predictions about what’s in the image.

Taking advantage of the fact that machine learning models allow input and may return predictions with percentages indicating confidence of correctness, the researchers demonstrate “simple, efficient attacks that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees.”

That’s a polite way of saying such models can be reverse engineered. The researchers tested their attack successfully on BigML and Amazon Machine Learning, both of which were told of the findings in February.

Source: How to steal the mind of an AI: Machine-learning models vulnerable to reverse engineering

Non Root systemd bug crashes systems

Posted on by
Reply

systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over /run/systemd/notify. This allows a local user to perform a denial-of-service attack against PID 1.Proof-of-concept:NOTIFY_SOCKET=/run/systemd/notify systemd-notify “”

Source: Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHub