Daily Archives: March 18, 2018

MIT builds Neural network chip with 95% reduction in power consumption, allowing it to be used in a mobile

Posted on by

Most recent advances in artificial-intelligence systems such as speech- or face-recognition programs have come courtesy of neural networks, densely interconnected meshes of simple information processors that learn to perform tasks by analyzing huge sets of training data.

But neural nets are large, and their computations are energy intensive, so they’re not very practical for handheld devices. Most smartphone apps that rely on neural nets simply upload data to internet servers, which process it and send the results back to the phone.

Now, MIT researchers have developed a special-purpose chip that increases the speed of neural-network computations by three to seven times over its predecessors, while reducing power consumption 94 to 95 percent. That could make it practical to run neural networks locally on smartphones or even to embed them in household appliances.

“The general processor model is that there is a memory in some part of the chip, and there is a processor in another part of the chip, and you move the data back and forth between them when you do these computations,” says Avishek Biswas, an MIT graduate student in electrical engineering and computer science, who led the new chip’s development.

“Since these machine-learning algorithms need so many computations, this transferring back and forth of data is the dominant portion of the energy consumption. But the computation these algorithms do can be simplified to one specific operation, called the dot product. Our approach was, can we implement this dot-product functionality inside the memory so that you don’t need to transfer this data back and forth?”

Source: Neural networks everywhere | MIT News

Hey Microsoft, Stop Installing Apps On My PC Without Asking

Posted on by

I’m getting sick of Windows 10’s auto-installing apps. Apps like Facebook are now showing up out of nowhere, and even displaying notifications begging for me to use them. I didn’t install the Facebook app, I didn’t give it permission to show notifications, and I’ve never even used it. So why is it bugging me?

Windows 10 has always been a little annoying about these apps, but it wasn’t always this bad. Microsoft went from “we pinned a few tiles, but the apps aren’t installed until you click them” to “the apps are now automatically installed on your PC” to “the automatically installed apps are now sending you notifications”. It’s ridiculous.
The “Microsoft Consumer Experience” Is Consumer-Hostile…

This is all thanks to the “Microsoft Consumer Experience” program, which can’t be disabled on normal Windows 10 Home or Professional systems. That’s why every Windows 10 computer you start using has these bonus apps. The exact apps preinstalled can vary, but I’ve never seen a Windows 10 PC without Candy Crush.

The Microsoft Consumer Experience is actually a background task that runs whenever you sign into a Windows 10 PC with a new user account for the first time. It kicks into gear and automatically downloads apps like Candy Crush Soda Saga, FarmVille 2: Country Escape, Facebook, TripAdvisor, and whatever else Microsoft feels like promoting.

You can uninstall the apps from your Start menu, and they shouldn’t come back on your user account the same hardware. However, the apps will also come back whenever you sign into a new PC with the same Microsoft account, forcing you to remove them on each device you use. And, if someone signs into your same PC with their own Microsoft account, Microsoft will “helpfully” download those apps for their account as well. There’s no way to tell Microsoft “stop downloading these apps on my PC” or “I never want these apps on this Microsoft account”.
…and Microsoft Won’t Let Us Disable It

There is, technically, a way to disable this and stop Windows from installing these apps…but it’s only for Windows 10 Enterprise and Education users. Even if you spent $200 for a Windows 10 Professional license because you want to use your PC for business, Microsoft won’t let you stop the “Consumer Experience” on a professional PC.

Source: Hey Microsoft, Stop Installing Apps On My PC Without Asking

Together with Windows 10 sending private data to Redmond without permission this is another reason I have left the world of MS operating systems. I now use Linux Mint.

119,000 Passports and Photo IDs of FedEx Customers Found on Unsecured Amazon Server

Posted on by

Thousands of FedEx customers were exposed after the company left scanned passports, drivers licenses, and other documentation on a publicly accessible Amazon S3 server.

The scanned IDs originated from countries all over the world, including the United States, Mexico, Canada, Australia, Saudi Arabia, Japan, China, and several European countries. The IDs were attached to forms that included several pieces of personal information, including names, home addresses, phone numbers, and zip codes.

The server, discovered by researchers at the Kromtech Security Center, was secured as of Tuesday.

According to Kromtech, the server belonged to Bongo International LLC, a company that aided customers in performing shipping calculations and currency conversations, among other services. Bongo was purchased by FedEx in 2014 and renamed FedEx Cross-Border International a little over a year later. The service was discontinued in April 2017.

Source: 119,000 Passports and Photo IDs of FedEx Customers Found on Unsecured Amazon Server

Tesla’s Amazon Cloud Account Hacked to Mine Cryptocurrency

Posted on by

An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to “mine” cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker.

The researchers, who worked for RedLock, a 3-year-old cybersecurity startup, said they discovered the intrusion last month while trying to determine which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. The owner of the account turned out to be Tesla, they said.

“We weren’t the first to get to it,” Varun Badhwar, CEO and cofounder of RedLock, told Fortune on a call. “Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.”

The incident is the latest in a string of so-called cryptojacking attacks, which involve thieves hijacking unsuspecting victims’ computers to generate virtual currencies like Bitcoin. The schemes have seen a resurgence in popularity as cryptocurrency prices have soared over the past year.

Earlier this month, websites for the U.S. federal court system and the U.K.’s National Health Service roped their visitors into similar virtual money-minting operations.

Source: Tesla’s Amazon Cloud Account Hacked to Mine Cryptocurrency | Fortune

Uzi Nissan Spent 8 Years Fighting The Car Company With His Name. He Nearly Lost Everything To Win. The legal system doesn’t work very well if you have no money.

Posted on by

Nissan the car company never really cared who Uzi Nissan was. Then it decided he had something it wanted very much—the website www.nissan.com, which he created for his small retail computer business in 1994—and it sued him for $10 million. When the two Nissans went to war, Uzi Nissan prevailed in the end, but lost almost everything along the way.

If you visit nissan.com expecting a polished presentation of Nissan’s latest lineup, you’re in for quite a shock. What you land in is Uzi Nissan’s corner of the internet; a shrine to the years of his life spent fighting what is now the largest car company on the planet.

You’re greeted with a straight-out-of-the-’90s web design with 3D-effect link buttons, minimal advertising, crossed-out Nissan Motor badges and a Nissan Computer logo design that seems to resemble a stamped business card.
[…]
If you further postpone your quest to get a quote on an Altima or a Rogue Sport and spend time to explore the site, you find pages and pages of articles on the Nissan Motor vs. Nissan Computer lawsuit, taught in business schools and law schools as one of the most notable domain cases from the age of the dotcom bubble.

“The study there is that you should first have your domain before you decide your name of business, and in law school it’s just to show that sometimes even the little guy can win,” he said.
[…]
At the time, it didn’t seem like the start of an all-consuming legal battle, a David vs. Goliath fight that took nearly 10 years and cost the small business owner millions of dollars—to say nothing of the incalculable toll on his personal life.

Source: Uzi Nissan Spent 8 Years Fighting The Car Company With His Name. He Nearly Lost Everything To Win

The story is well told and shows you how ridiculous it is that this guy who clearly had prior ownership to the Nissan name and domain name had to pony up near to $3m and 8 years of his life to keep what is rightfully his. There is no punishment for the big guy throwing resources to wast another person’s time and money in the courts.

Cisco NFV elastic services controller accepts empty admin password

Posted on by

Cisco’s Elastic Services Controller’s release 3.0.0 software has a critical vulnerability: it accepts an empty admin password.

The Controller (ESC) is Cisco’s automation environment for network function virtualisation (NFV), providing VM and service monitors, automated recovery and dynamic scaling.

Cisco’s advisory about the flaw explains the bug is in ESC’s Web service portal: “An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal.”

Once past the (non)-authentication, the attacker has administrative rights to “execute arbitrary actions” on the target system.

Source: Cisco NFV controller is a bit too elastic: It has an empty password bug • The Register

Crooks opt for Monero, paypal, ebay and gamesfor laundering

Posted on by

“Platforms like Monero are designed to be truly anonymous, and tumbler services like CoinJoin can [further] obscure transaction origins,” said Dr Mike McGuire, senior lecturer in criminology at Surrey University and author of the study.

Many cybercriminals are using virtual currency to convert the illegal proceeds of crime into hard cash and assets. Digital payment systems are used to help hide the money trail.
[…]
Methods like “micro laundering”, where thousands of small electronic payments are made through platforms like PayPal, are increasingly common and more difficult to detect. Another common technique is to use online transactions – via sites like eBay – to facilitate laundering.

Crooks are circumventing PayPal and eBay’s anti-fraud controls, even though both are “getting better at picking up laundering techniques”, according to Dr McGuire.
[…]
“Keeping transactions low, say $10-12, makes laundering almost impossible to spot, as they look like ordinary transactions. It would be impossible to investigate every transaction of this size. By making repeated small payments, or limited transactions, your profile begins to gain the ‘trust’ of controls systems, which makes it even harder to detect laundering as payments are less likely to be flagged.”

Botnets can be used to make thousands of these transactions and increase your trust rating.

“I have also seen evidence of multi-stage laundering, where criminals will make payments through websites like Airbnb which look completely legitimate. Cybercriminals are also gaining access or control of legitimate PayPal accounts by phishing emails. I also saw it was easy to buy stolen credentials from online forums to gain access to hundreds of PayPal accounts which can then be used to launder payments.”

McGuire said cybercriminals are working with the fraud controls to then manipulate them by applying to go beyond current annual payment limits and then providing false or hacked documentation to support the checks which permit larger payments.
[…]
Cybercriminals elsewhere are active in converting stolen income into video game currency or in-game items like gold, which are then converted into Bitcoin or other electronic formats. Games such as Minecraft, FIFA, World of Warcraft, Final Fantasy and GTA 5 are among the most popular options because they allow covert interactions with other players to facilitate the trade of currency and goods.

“Gaming currencies and items that can be easily converted and moved across borders offer an attractive prospect to cybercriminals,” Dr McGuire told The Register. “This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38m laundered in Korean games back to China.

“The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.”

The findings come from a nine-month study into the macro economics of cybercrime, sponsored by infosec vendor Bromium

Source: Crooks opt for Monero as crypto of choice to launder ill-gotten gains • The Register

2017: Dutch Military Intelligence 348 and Internal Intelligence 3205 taps placed. No idea how many the police did, but wow, that’s a lot!

Posted on by

De MIVD tapte vorig jaar in totaal 348 keer. De AIVD plaatste dat jaar 3.205 taps. Vandaag publiceerden beide diensten de tapstatistieken over de periode 2002 tot en met 2017 op hun website.

Source: MIVD tapte vorig jaar 348 keer | Nieuwsbericht | Defensie.nl


And of course we have no idea how many of these taps led to arrests or action.