Daily Archives: November 14, 2018

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips (lots of different routers have this chip!)

Posted on by

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week’s report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers’ control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Universal Plug and Play

UPnP is designed to make it easy for computers, printers, phones, and other devices to connect to local networks using code that lets them automatically discover each other. The protocol often eliminates the hassle of figuring out how to configure devices the first time they’re connected. But UPnP, as researchers have warned for years, often opens up serious holes inside the networks that use it. In some cases, UPnP bugs cause devices to respond to discovery requests sent from outside the network. Hackers can exploit the weakness in a way that allows them to take control of the devices. UPnP weaknesses can also allow hackers to bypass firewall protections.

Source: A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips | Ars Technica

Can AI Create True Art?

Posted on by

just last month, AI-generated art arrived on the world auction stage under the auspices of Christie’s, proving that artificial intelligence can not only be creative but also produce world class works of art—another profound AI milestone blurring the line between human and machine.

Naturally, the news sparked debates about whether the work produced by Paris-based art collective Obvious could really be called art at all. Popular opinion among creatives is that art is a process by which human beings express some idea or emotion, filter it through personal experience and set it against a broader cultural context—suggesting then that what AI generates at the behest of computer scientists is definitely not art, or at all creative.

By artist #2 (see bottom of story for key). Credit: Artwork Commissioned by GumGum

The story raised additional questions about ownership. In this circumstance, who can really be named as author? The algorithm itself or the team behind it? Given that AI is taught and programmed by humans, has the human creative process really been identically replicated or are we still the ultimate masters?

AI VERSUS HUMAN

At GumGum, an AI company that focuses on computer vision, we wanted to explore the intersection of AI and art by devising a Turing Test of our own in association with Rutgers University’s Art and Artificial Intelligence Lab and Cloudpainter, an artificially intelligent painting robot. We were keen to see whether AI can, in fact, replicate the intent and imagination of traditional artists, and we wanted to explore the potential impact of AI on the creative sector.

By artist #3 (see bottom of story for key). Credit: Artwork Commissioned by GumGum

To do this, we enlisted a broad collection of diverse artists from “traditional” paint-on-canvas artists to 3-D rendering and modeling artists alongside Pindar Van Arman—a classically trained artist who has been coding art robots for 15 years. Van Arman was tasked with using his Cloudpainter machine to create pieces of art based on the same data set as the more traditional artists. This data set was a collection of art by 20th century American Abstract Expressionists. Then, we asked them to document the process, showing us their preferred tools and telling us how they came to their final work.

By artist #4 (see bottom of story for key). Credit: Artwork Commissioned by GumGum

Intriguingly, while at face value the AI artwork was indistinguishable from that of the more traditional artists, the test highlighted that the creative spark and ultimate agency behind creating a work of art is still very much human. Even though the Cloudpainter machine has evolved over time to become a highly intelligent system capable of making creative decisions of its own accord, the final piece of work could only be described as a collaboration between human and machine. Van Arman served as more of an “art director” for the painting. Although Cloudpainter made all of the aesthetic decisions independently, the machine was given parameters to meet and was programed to refine its results in order to deliver the desired outcome. This was not too dissimilar to the process used by Obvious and their GAN AI tool.

By artist #5 (see bottom of story for key). Credit: Artwork Commissioned by GumGum

Moreover, until AI can be programed to absorb inspiration, crave communication and want to express something in a creative way, the work it creates on its own simply cannot be considered art without the intention of its human masters. Creatives working with AI find the process to be more about negotiation than experimentation. It’s clear that even in the creative field, sophisticated technologies can be used to enhance our capabilities—but crucially they still require human intelligence to define the overarching rules and steer the way.

THERE’S AN ACTIVE ROLE BETWEEN ART AND VIEWER

How traditional art purveyors react to AI art on the world stage is yet to be seen, but in the words of Leandro Castelao—one of the artists we enlisted for the study—“there’s an active role between the piece of art and the viewer. In the end, the viewer is the co-creator, transforming, re-creating and changing.” This is a crucial point; when it’s difficult to tell AI art apart from human art, the old adage that beauty is in the eye of the beholder rings particularly true.

Source: Can AI Create True Art? – Scientific American Blog Network

AIs Are Getting Better At Playing Video Games…By Cheating

Posted on by

Earlier this year, researchers tried teaching an AI to play the original Sonic the Hedgehog as part of the The OpenAI Retro Contest. The AI was told to prioritize increasing its score, which in Sonic means doing stuff like defeating enemies and collecting rings while also trying to beat a level as fast as possible. This dogged pursuit of one particular definition of success led to strange results: In one case, the AI began glitching through walls in the game’s water zones in order to finish more quickly.

It was a creative solution to the problem laid out in front of the AI, which ended up discovering accidental shortcuts while trying to move right. But it wasn’t quite what the researchers had intended. One of researchers’ goals with machine-learning AIs in gaming is to try and emulate player behavior by feeding them large amounts of player generated data. In effect, the AI watches humans conduct an activity, like playing through a Sonic level, and then tries to do the same, while being able to incorporate its own attempts into its learning. In a lot of instances, machine learning AIs end up taking their directions literally. Instead of completing a variety of objectives, a machine-learning AI might try to take shortcuts that completely upend human beings’ understanding of how a game should be played.

GIF: OpenAI (Sonic )

Victoria Krakovna, a researcher on Google’s DeepMind AI project, has spent the last several months collecting examples like the Sonic one. Her growing collection has recently drawn new attention after being shared on Twitter by Jim Crawford, developer of the puzzle series Frog Fractions, among other developers and journalists. Each example includes what she calls “reinforcement learning agents hacking the reward function,” which results in part from unclear directions on the part of the programmers.

“While ‘specification gaming’ is a somewhat vague category, it is particularly referring to behaviors that are clearly hacks, not just suboptimal solutions,” she wrote in her initial blog post on the subject. “A classic example is OpenAI’s demo of a reinforcement learning agent in a boat racing game going in circles and repeatedly hitting the same reward targets instead of actually playing the game.”

Source: AIs Are Getting Better At Playing Video Games…By Cheating

Couple Who Ran retro ROM Site (with games you can’t buy any more) to Pay Nintendo $12 Million

Posted on by

Nintendo has won a lawsuit seeking to take two large retro-game ROM sites offline, on charges of copyright infringement. The judgement, made public today, ruled in Nintendo’s favour and states that the owners of the sites LoveROMS.com and LoveRETRO.co, will have to pay a total settlement of $12 million to Nintendo. The complaint was originally filed by the company in an Arizona federal court in July, and has since lead to a swift purge of self-censorship by popular retro and emulator ROM sites, who have feared they may be sued by Nintendo as well.

LoveROMS.com and LoveRETRO.co were the joint property of couple Jacob and Cristian Mathias, before Nintendo sued them for what they have called “brazen and mass-scale infringement of Nintendo’s intellectual property rights.” The suit never went to court; instead, the couple sought to settle after accepting the charge of direct and indirect copyright infringement. TorrentFreak reports that a permanent injunction, prohibiting them from using, sharing, or distributing Nintendo ROMs or other materials again in the future, has been included in the settlement. Additionally all games, game files, and emulators previously on the site and in their custody must be handed over to the Japanese game developer, along with a $12.23 million settlement figure. It is unlikely, as TorrentFreak have reported, that the couple will be obligated to pay the full figure; a smaller settlement has likely been negotiated in private.

Instead, the purpose of the enormous settlement amount is to act as a warning or deterrent to other ROM and emulator sites surviving on the internet. And it’s working.

Motherboard previously reported on the way in which Nintendo’s legal crusade against retro ROM and emulator sites is swiftly eroding a large chunk of retro gaming. The impact of this campaign on video games as a whole is potentially catastrophic. Not all games have been preserved adequately by game publishers and developers. Some are locked down to specific regions and haven’t ever been widely accessible.

The accessibility of video games and the gaming industry has always been defined and limited by economic boundaries. There are a multitude of reasons why retro games can’t be easily or reliably accessed by prospective players, and by wiping out ROM sites Nintendo is erasing huge chunks of gaming history. Limiting the accessibility of old retro titles to this extent will undoubtedly affect the future of video games, with classic titles that shaped modern games and gaming development being kept under lock and key by the monolithic hand of powerful game developers.

Since the filing of the suit in July EmuParadise, a haven for retro games and emulator titles, has shut down. Many other sites have followed suit.

Source: Couple Who Ran ROM Site to Pay Nintendo $12 Million – Motherboard

Wow, that’s a sure fire way to piss off your fans, Nintendo!