Daily Archives: December 17, 2017
China’s big brother: how artificial intelligence is catching criminals and advancing health care
“Our machines can very easily recognise you among at least 2 billion people in a matter of seconds,” says chief executive and Yitu co-founder Zhu Long, “which would have been unbelievable just three years ago.” Yitu’s Dragonfly Eye generic portrait platform already has 1.8 billion photographs to work with: those logged in the national database and you, if you have visited China recently. Yitu will not say whether Hong Kong identity card holders have been logged in the government’s database, for which the company provides navigation software and algorithms, but 320 million of the photos have come from China’s borders, including ports and airports, where pictures are taken of everyone who enters and leaves the country.
According to Yitu, its platform is also in service with more than 20 provincial public security departments, and is used as part of more than 150 municipal public security systems across the country, and Dragonfly Eye has already proved its worth. On its very first day of operation on the Shanghai Metro, in January, the system identified a wanted man when he entered a station. After matching his face against the database, Dragonfly Eye sent his photo to a policeman, who made an arrest. In the following three months, 567 suspected lawbreakers were caught on the city’s underground network.
[…]
“Chinese authorities are collecting and centralising ever more information about hundreds of millions of ordinary people, identifying persons who deviate from what they determine to be ‘normal thought’ and then surveilling them,” says Sophie Richardson, China director at HRW. The activist calls on Beijing to cease the collection of big data “until China has meaningful privacy rights and an accountable police force”.
AI helps find planets in other solar systems
The neural network is trained on 15,000 signals from the Kepler dataset that have been previously verified as planets or non-planets. A smaller test set with new, unseen data was fed to the neural network and it correctly identified true planets from false positives to an accuracy of about 96 per cent.The researchers then applied this model to weaker signals from 670 star systems, where scientists had already found multiple known planets to try and find any that might have been missed.Vanderburg said the got lots of false positives of planets, but also more potential real ones too. “It’s like sifting through rocks to find jewels. If you have a finer sieve then you will catch more rocks but you might catch more jewels, as well,” he said.
Tripwire detects hacks companies haven’t told us about by creating accounts with unique emails on thousands of servers. If the email account is accessed, the site has been breached. No-one knows or cares that there has been a breach in vast majority of cases.
a prototype tool created by researchers from the University of California San Diego (UCSD) aims to bring greater transparency to such breaches. The system, called Tripwire, detects websites that were hacked, as is detailed in this study.
Here’s here how it works: To detect breaches, the researchers created a bot that automatically registered accounts on thousands of websites. Each of those accounts shared a password with a unique associated email address. Working with a “major email provider,” the researchers were then notified if there was a successful login on any of the email accounts. Since the email accounts were created for the study, any login was assumed to be the result of a security breach on the website associated with that account.
“While Tripwire can’t catch every data breach, it essentially has no false positives—everything it detects definitely corresponds to a data breach,” Joe DeBlasio, a Ph.D student of Jacobs School of Engineering at UCSD and an author on the research paper, told Gizmodo. “Tripwire triggering means that an attacker had access to data that wasn’t shared publicly.”
As part of the study, the researchers monitored over 2,300 sites from January 2015 through February of this year, and found that 19 of the sites (or one percent) had been compromised. The study notes that the system found “both plaintext and hashed-password breaches”—if your password is hashed, it is indecipherable to a hacker. Arguably the most damning finding of the study was that, at the time it was published, all but one of the compromised websites failed to notify their users that they had suffered a breach. Only one site told researchers they would force a password reset.
Source: Researchers Made a Clever Tool to Detect Hacks Companies Haven’t Told Users About
Windows 10 Password Manager Keeper allows sites to steal any password.
A Google security researcher has found and helped patch a severe vulnerability in Keeper, a password manager application that Microsoft has been bundling with some Windows 10 distributions this year.”I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages,” said Tavis Ormandy, the Google security researcher who discovered the recent vulnerability.”I checked and, they’re doing the same thing again with this version,” the expert added, referring to the Keeper app bundled with some Windows 10 versions.”I think I’m being generous considering this a new issue that qualifies for a ninety day disclosure, as I literally just changed the selectors and the same attack works. Nevertheless, this is a complete compromise of Keeper security, allowing any website to steal any password,” Ormandy added.To prove his point, the expert also created a demo page where Keeper users can see the vulnerability in action.
Source: Windows 10 Bundles a Password Manager. Password Manager Bundles a Security Flaw