The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Posted on by

Barnes and Noble tonight confirmed it was hacked, and that its customers’ personal information may have been accessed by the intruders. The cyber-break-in forced the bookseller to take its systems offline this week to clean up the mess. See our update at the end of this piece. Our original report follows.

Bookseller Barnes and Noble’s computer network fell over this week, and its IT staff are having to restore servers from backups.

The effects of the collapse were first felt on Sunday, with owners of B&N’s Nook tablets discovering they were unable to download their purchased e-books to their gadgets nor buy new ones. That is to say, if they had bought an e-book and hadn’t downloaded it to their device before B&N’s cloud imploded, they would be unable to open and read the digital tome. The bookseller’s Android and Windows 10 apps were similarly affected.

It soon became clear the problem was quite serious when some cash registers in Barnes and Noble’s physical stores also briefly stopped working.

[…]

Shortly after this article was published, Barnes & Noble confirmed in an email to customers that it was hacked. The biz said it found out over the weekend, on October 10, that miscreants had broken into its computer systems, adding that customers’ personal information stored on file may have been accessed or taken by the intruders. This info includes names, addresses, telephone numbers, and purchase histories.

Source: Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info • The Register

Physicists successfully carry out controlled transport of stored light

Posted on by

A team of physicists led by Professor Patrick Windpassinger at Johannes Gutenberg University Mainz (JGU) has successfully transported light stored in a quantum memory over a distance of 1.2 millimeters. They have demonstrated that the controlled transport process and its dynamics has only little impact on the properties of the stored light. The researchers used ultra-cold rubidium-87 atoms as a storage medium for the light as to achieve a high level of storage efficiency and a long lifetime.

“We stored the light by putting it in a suitcase so to speak, only that in our case the suitcase was made of a cloud of cold atoms. We moved this suitcase over a short distance and then took the light out again. This is very interesting not only for physics in general, but also for , because light is not very easy to ‘capture’, and if you want to transport it elsewhere in a controlled manner, it usually ends up being lost,” said Professor Patrick Windpassinger, explaining the complicated process.

[…]

 

Source: Physicists successfully carry out controlled transport of stored light

Remember when Zoom was rumbled for lousy crypto? Six months later it says end-to-end is ready – but it’s not

Posted on by

The world’s plague-time video meeting tool of choice, Zoom, says it’s figured out how to do end-to-end encryption sufficiently well to offer users a tech preview.

News of the trial comes after April 2020 awkwardness that followed the revelation that Zoom was fibbing about its service using end-to-end encryption.

As we reported at the time, Zoom ‘fessed up but brushed aside criticism with a semantic argument about what “end-to-end” means.

“When we use the phrase ‘End-to-end’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the company said. The commonly accepted definition of end-to-end encryption requires even the host of a service to be unable to access the content of a communication. As we explained at the time, Zoom’s use of TLS and HTTPS meant it could intercept and decrypt video chats.

Come May, Zoom quickly acquired secure messaging Keybase to give it the chops to build proper crypto.

To use it, customers must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis

Now Zoom reckons it has cracked the problem.

A Wednesday post revealed: “starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days.”

Sharp-eyed Reg readers have doubtless noticed that Zoom has referred to “E2EE”, not just the “E2E” contraction of “end-to-end”.

What’s up with that? The company has offered the following explanation:

“Zoom’s E2EE uses the same powerful GCM encryption you get now in a Zoom meeting. The only difference is where those encryption keys live.In typical meetings, Zoom’s cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.”

Don’t go thinking the preview means Zoom has squared away security, because the company says: “To use it, customers must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis.”

With users having to be constantly reminded to use non-rubbish passwords, not to click on phish or leak business data on personal devices, they’ll almost certainly choose E2EE every time without ever having to be prompted, right?

Source: Remember when Zoom was rumbled for lousy crypto? Six months later it says end-to-end is ready • The Register

Your Edge Browser Installed Microsoft Office Without Asking. NO!

Posted on by

Edge Chromium started out as a respectable alternative to Google Chrome on Windows, but it didn’t take long for Microsoft to turn it into a nuisance. To top it off, it looks like Edge is now a vector for installing (even more) Microsoft stuff on your PC—without you asking for it, of course.

We don’t like bloatware, or those pre-installed apps that come on your computer or smartphone. Some of these apps are worthwhile, but most just take up space and can’t be fully removed in some cases. Some companies are worse about bloatware than others, but Microsoft is notorious for slipping extra software into Windows. And now, Windows Insiders testing the most recent Edge Chromium preview caught the browser installing Microsoft Office web apps without permission.

The reports have only come from Windows Insiders so far, but it’s unlikely these backdoor installations are an early-release bug. And this isn’t just a Microsoft problem. For example, Chrome can install Google Docs and other G Suite apps without any notification, too.

Source: Why Your Edge Browser Installed Microsoft Office Without Asking

Please don’t EVER install stuff on my computer without asking! I paid for the OS, I didn’t ask for a SaaS.

German Hospital Hacked, Patient Taken to Another City Dies- First documented cyberattack fatality?

Posted on by

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

The Duesseldorf University Clinic’s systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify.

As a consequence, systems gradually crashed and the hospital wasn’t able to access data; emergency patients were taken elsewhere and operations postponed.

The hospital said that that “there was no concrete ransom demand.” It added that there are no indications that data is irretrievably lost and that its IT systems are being gradually restarted.

A report from North Rhine-Westphalia state’s justice minister said that 30 servers at the hospital were encrypted last week and an extortion note left on one of the servers, news agency dpa reported. The note — which called on the addressees to get in touch, but didn’t name any sum — was addressed to the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not to the hospital itself.

Duesseldorf police then established contact and told the perpetrators that the hospital, and not the university, had been affected, endangering patients. The perpetrators then withdrew the extortion attempt and provided a digital key to decrypt the data. The perpetrators are no longer reachable, according to the justice minister’s report.

Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died.

Source: German Hospital Hacked, Patient Taken to Another City Dies | SecurityWeek.Com

Attack on The EMV Smartcard Standard: man in the middle exploit with 2 smartphones

Posted on by

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We formalize a comprehensive symbolic model of EMV in Tamarin, a state-of-the-art protocol verifier. Our model is the first that supports a fine-grained analysis of all relevant security guarantees that EMV is intended to offer. We use our model to automatically identify flaws that lead to two critical attacks: one that defrauds the cardholder and another that defrauds the merchant. First, criminals can use a victim’s Visa contactless card for high-value purchases, without knowledge of the card’s PIN. We built a proof-of-concept Android application and successfully demonstrated this attack on real-world payment terminals. Second, criminals can trick the terminal into accepting an unauthentic offline transaction, which the issuing bank should later decline, after the criminal has walked away with the goods. This attack is possible for implementations following the standard, although we did not test it on actual terminals for ethical reasons. Finally, we propose and verify improvements to the standard that prevent these attacks, as well as any other attacks that violate the considered security properties. The proposed improvements can be easily implemented in the terminals and do not affect the cards in circulation.

Source: [2006.08249] The EMV Standard: Break, Fix, Verify

Researchers Create a Single-Molecule Switch – a Step Toward Ever-Smaller Electronics

Posted on by

A team of researchers has demonstrated for the first time a single-molecule electret – a device that could be one of the keys to molecular computers.

Smaller electronics are crucial to developing more advanced computers and other devices. This has led to a push in the field toward finding a way to replace silicon chips with molecules, an effort that includes creating single-molecule electret – a switching device that could serve as a platform for extremely small non-volatile storage devices. Because it seemed that such a device would be so unstable, however, many in the field wondered whether one could ever exist.

Along with colleagues at Nanjing University, Renmin University, Xiamen University, and Rensselaer Polytechnic Institute, Mark Reed, the Harold Hodgkinson Professor of Electrical Engineering & Applied Physics demonstrated a single-molecule electret with a functional memory. The results were published Oct. 12 in Nature Nanotechnology.

Most electrets are made of piezoelectric materials, such as those that produce the sound in speakers. In an electret, all the dipoles – pairs of opposite electric charges – spontaneously line up in the same direction. By applying an electric field, their directions can be reversed.

“The question has always been about how small you could make these electrets, which are essentially memory storage devices,” Reed said.

The researchers inserted an atom of Gadolinium (Gd) inside a carbon buckyball, a 32-sided molecule, also known as a buckminsterfullerene. When the researchers put this construct (Gd@C82) in a transistor-type structure, they observed single electron transport and used this to understand its energy states. However, the real breakthrough was that they discovered that they could use an electric field to switch its energy state from one stable state to another.

“What’s happening is that this molecule is acting as if it has two stable polarization states,” Reed said. He added that the team ran a variety of experiments, measuring the transport characteristics while applying an electric field, and switching the states back and forth. “We showed that we could make a memory of it – read, write, read, write,” he said.

Reed emphasized that the present device structure isn’t currently practical for any application, but proves that the underlying science behind it is possible.

“The important thing in this is that it shows you can create in a molecule two states that cause the spontaneous polarization and two switchable states,” he said. “And this can give people ideas that maybe you can shrink memory down literally to the single molecular level. Now that we understand that we can do that, we can move on to do more interesting things with it.”

Source: Researchers Create a Single-Molecule Switch – a Step Toward Ever-Smaller Electronics | Yale School of Engineering & Applied Science

Five Eyes governments, India, and Japan make new call for encryption backdoors – insist that democracy is an insecure police state

Posted on by

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors.

The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

Just like before, government officials claim tech companies have put themselves in a corner by incorporating end-to-end encryption (E2EE) into their products.

If properly implemented, E2EE lets users have secure conversations — may them be chat, audio, or video — without sharing the encryption key with the tech companies.

Representatives from the seven governments argue that the way E2EE encryption is currently supported on today’s major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service.

Signatories argue that “particular implementations of encryption technology” are currently posing challenges to law enforcement investigations, as the tech platforms themselves can’t access some communications and provide needed data to investigators.

This, in turn, allows a safe haven for criminal activity and puts the safety of “highly vulnerable members of our societies like sexually exploited children” in danger, officials argued.

Source: Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet

Let’s be clear here:

  1. There is no way for a backdoored system to be secure. This means that not only do you give access to the government police services, secret services, stazi and thought police who can persecute you for being jewish or thinking the “wrong way” (eg being homosexual or communist), you also give criminal networks, scam artists, discontented exes and foreign government free reign to run around  your private content
  2. You have a right to privacy and you need it. It’s fundamental to being able to think creatively  and the only way in which societies advance. If thought is policed by some random standard then deviations which lead  to change will be surpressed. Stasis leads to economic collapse among other things, even if those at the top will be collecting more and more wealth for themselves.
  3. We as a society cannot “win” or become “better” by emulating the societies that we are competing against, that represent values and behaviours that we disagree with. Becoming a police state doesn’t protect us from other police states.

Backdoorer the Xplora: Kids’ smart-watches can secretly take pics, record audio on command by encrypted texts

Posted on by

The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic.

This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora says. Exploiting this security hole is essentially non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today’s gizmos.

“The backdoor itself is not a vulnerability,” said infosec pros Harrison Sand and Erlend Leiknes in a report on Monday. “It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch.”

The researchers suggest these smartwatches could be used to capture photos covertly from its built-in camera, to track the wearer’s location, and to conduct wiretapping via the built-in mic. They have not claimed any such surveillance has actually been done. The watches are marketed as a child’s first phone, we’re told, and thus contain a SIM card for connectivity (with an associated phone number). Parents can track the whereabouts of their offspring by using an app that finds the wearer of the watch.

It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch

Xplora contends the security issue is just unused code from a prototype and has now been patched. But the company’s smartwatches were among those cited by Mnemonic and Norwegian Consumer Council in 2017 for assorted security and privacy concerns.

Sand and Leiknes note in their report that while the Norwegian company Xplora Mobile AS distributes the Xplora watch line in Europe and, as of September, in the US, the hardware was made by Qihoo 360 and 19 of its 90 Android-based applications come from the Chinese company.

They also point out that in June, the US Department of Commerce placed the Chinese and UK business groups of Qihoo 360 on its Entities List, a designation that limits Qihoo 360’s ability to do business with US companies. US authorities claim, without offering any supporting evidence, that the company represents a potential threat to US national security.

In 2012, a report by a China-based civilian hacker group called Intelligent Defense Friends Laboratory accused Qihoo 360 of having a backdoor in its 360 secure browser [[PDF]].

In March, Qihoo 360 claimed that the US Central Intelligence Agency has been conducting hacking attacks on China for over a decade. Qihoo 360 did not immediately respond to a request for comment.

According to Mnemonic, the Xplora 4 contains a package called “Persistent Connection Service” that runs during the Android boot process and iterates through the installed apps to construct a list of “intents,” commands for invoking functionality in other apps.

With the appropriate Android intent, an incoming encrypted SMS message received by the Qihoo SMS app could be directed through the command dispatcher in the Persistent Connection Service to trigger an application command, like a remote memory snapshot.

Exploiting this backdoor requires knowing the phone number of the target device and its factory-set encryption key. This data is available to those to Qihoo and Xplora, according to the researchers, and can be pulled off the device physically using specialist tools. This basically means ordinary folks aren’t going to be hacked, either by the manufacturer under orders from Beijing or opportunistic miscreants attacking gizmos in the wild, though it is an issue for persons of interest. It also highlights the kind of code left lingering in mass-market devices.

Source: Backdoorer the Xplora: Kids’ smart-watches can secretly take pics, record audio on command by encrypted texts • The Register

RAF Uses Autonomous Drone Swarm Loaded With Decoys To Overwhelm Mock Enemy Air Defenses

Posted on by

Italian defense contractor Leonardo says that it has conducted a successful demonstration in cooperation with the U.K. Royal Air Force of an autonomous swarm of unmanned aircraft, each carrying a variant of its BriteCloud expendable active decoy as an electronic warfare payload. Using the BriteClouds, which contain electronic warfare jammers, the drones were able to launch a mock non-kinetic attack on radars acting as surrogates for a notional enemy integrated air defense network.

Leonardo announced it had carried out the swarm demonstration, which it conducted together with the Royal Air Force’s Rapid Capabilities Office (RCO), as well as private unmanned technology firms Callen-Lenz and Blue Bear, on Oct. 7, 2020. The latter two firms, as well as Boeing, are working on prototype semi-autonomous “loyal wingman” type drones for the RAF, which that service also refers to as “remote carriers,” as part of Project Mosquito, which is itself a component of the larger Lightweight Affordable Novel Combat Aircraft (LANCA) program.

“During the demonstration, a number of Callen Lenz drones were equipped with a modified Leonardo BriteCloud decoy, allowing each drone to individually deliver a highly-sophisticated jamming effect,” according to Leonardo’s press release. “They were tested against ground-based radar systems representing the enemy air defence emplacement. A powerful demonstration was given, with the swarm of BriteCloud-equipped drones overwhelming the threat radar systems with electronic noise.”

For reasons that are unclear, Leonardo has since removed its press release from its website, though an archived copy of the page remains available through Google. The company also deleted an official Tweet with an infographic, a copy of which is seen below, regarding BriteCloud and this demonstration.

Leonardo

Leonardo did not offer any details about the unmanned aircraft used in the demonstration. Artist’s conceptions of a drone swarm strike that the company released along with the announcement, seen at the top of this story and in the infographic above, showed a tailless fixed-wing design with a single, rear-mounted pusher propeller and fixed undercarriage. However, there is no indication one way or another if this in any way reflects the Callen-Lenz design employed in the recent test.

The standard BriteCloud is what is known as a Digital Radio Frequency Memory (DRFM) jammer that first detects incoming radar pulses from hostile platforms, including aircraft, ships, and ground-based air defense systems, as well as active radar guidance systems on incoming missiles. It then mimics those signals in return, creating the appearance of a false target. As Leonardo said in its own press release, this effect can “confuse and overwhelm” radars and lure missiles away from friendly aircraft.

BriteCloud, which can be launched from any dispenser capable of firing standard 55mm decoy flares or chaff cartridges, first entered RAF service in 2018 on the now-retired Tornado GR4 combat jet. Last year, the service began tests of the decoy on its Eurofighter Typhoons and indicated that it could also eventually integrate them on its F-35B Joint Strike Fighters.

Unlike a plane dropping expendable BriteClouds, in the recent demonstration, Leonardo noted that “the decoy packages were programmed and navigated to work collaboratively to cause maximum confusion.” Placing the jammers inside drones offers the ability to help space them out for optimal coverage across a wide area. The entire swarm provides immense additional flexibility by being able to rapidly shift its focus from one area to another to respond to new developments in the battlespace. Above all else, they allow BriteCloud to employ its bag of tricks over longer periods of time and even execute multiple electronic attacks instead of just one.

At the same time, the off-the-shelf electronic warfare expendables are just that, expendable. If you lose one and its drone platform, it isn’t a big deal as they are meant to be expendable in the first place. As such, they are the very definition of attritable. This term refers to designs that could be recovered and reused, but that are also cheap enough for commanders to be willing to commit them to higher-risk missions where there is a significant chance of them getting knocked down.

The RAF is not the only one to be looking at drone swarms, or otherwise networking munitions and other expendable stores together to reduce duplication of effort and otherwise improve the efficacy of strikes and other missions. The U.S. Air Force is in the midst of its own networked munition program, called Golden Horde, and the Army recently revealed plans to develop swarms of air-launched drones carrying electronic warfare systems and other payloads, efforts that you can read about in more detail in these past War Zone pieces.

Source: RAF Uses Autonomous Drone Swarm Loaded With Decoys To Overwhelm Mock Enemy Air Defenses

Robinhood Users Says There’s No One To Call When Accounts Are Hacked

Posted on by

It took Soraya Bagheri a day to learn that 450 shares of Moderna Inc. had been liquidated in her Robinhood account and that $10,000 in withdrawals were pending. But after alerting the online brokerage to what she believed was a theft in progress, she received a frustrating email.

The firm wrote it would investigate and respond within “a few weeks.” Now her money is gone

Bagheri is among five Robinhood customers who recounted similar experiences to Bloomberg News, saying they’ve been left in limbo in recent weeks after someone sold their investments and withdrew funds. Because the wildly popular app has no emergency phone number, some said they tried in vain to intervene, only to watch helplessly as their money vanished.

“A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood,” a spokesman for the company said in an email. “We’re actively working with those impacted to secure their accounts.”

[…]

Bagheri, a Washington attorney, and three other Robinhood users said they also contacted authorities including the Securities and Exchange Commission and the Financial Industry Regulatory Authority. Two of those customers said they have heard back from an official at the SEC seeking more information.

Finra and the SEC declined to comment.

[…]

Now, even though the firm said this year that it has more than doubled its customer-service team, clients complain they’re struggling to get quick help when their funds are disappearing.

“They don’t have a customer service line, which I’m quite shocked about,” Bagheri said.

[…]

Rao showed Bloomberg the same emailed response from Robinhood that Bagheri received. “We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team,” Robinhood customer service agents wrote them. “Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates.”

Rao said he had previously set up two-factor authentication to access his account, and Bagheri said she’s certain her Robinhood password is unique from all others, including her email. Neither believed they had been duped by phishing scams or malware. Both said they use the same email for Robinhood and other accounts, and that only Robinhood has been affected.

[…]

They also said Robinhood’s online portal showed their money went to a recipient at Revolut, another popular financial-technology startup. London-based Revolut, which offers a money transfer and exchange app, expanded to the U.S. this year.

“Revolut has been made aware of the issue and is investigating urgently,” a company spokesman said Friday in an email.

Bill Hurley, who owns a metal-fabrication shop in Windsor, Connecticut, said he received notifications that stock and Bitcoin had been sold from his account on Sept. 21, and that $5,000 was transferred to Revolut accounts in two transactions. He said he emailed Robinhood for assistance while the transactions were pending but received none.

“They’ve had more than enough time to deal with this,” he said.

Source: Robinhood Users Says There’s No One To Call When Accounts Are Hacked – Bloomberg

AI Created a Detailed 3D Map of Stars, Galaxies, and Quasars. Largest universe map so far.

Posted on by

A team of astronomers from the University of Hawaiʻi at Mānoa’s Institute for Astronomy (IfA) has produced the most comprehensive astronomical imaging catalog of stars, galaxies, and quasars ever created with help from an artificially intelligent neural network.

The group of astronomers from the University of Hawaiʻi at Mānoa’s Institute for Astronomy (IfA) released a catalog containing 3 billion celestial objects in 2016, including stars, galaxies, and quasars (the active cores of supermassive black holes).

[…]

he results of their work have been published to the Monthly Notices of the Royal Astronomical Society.

Their PS1 telescope, located on the summit of Haleakalā on Hawaii’s Big Island, is capable of scanning 75% of the sky, and it currently hosts the world’s largest deep multicolor optical survey, according to a press release put out by the University of Hawaiʻi. By contrast, the Sloan Digital Sky Survey (SDSS) covers just 25% of the sky.

[…]

“Utilizing a state-of-the-art optimization algorithm, we leveraged the spectroscopic training set of almost 4 million light sources to teach the neural network to predict source types and galaxy distances, while at the same time correcting for light extinction by dust in the Milky Way,” Beck said.

These training sessions worked well; the ensuing neural network did a bang up job when tasked with sorting the objects, achieving success rates of 98.1% for galaxies, 97.8% for stars, and 96.6% for quasars. The system also determined the distances to galaxies, which were at most only off by about 3%. The resulting work is “the world’s largest three-dimensional astronomical imaging catalog of stars, galaxies and quasars,” according to the University of Hawai’i.

“This beautiful map of the universe provides one example of how the power of the Pan-STARRS big data set can be multiplied with artificial intelligence techniques and complementary observations,” explained team member and study co-author Kenneth Chambers.

[…]

The new catalog, which was made possible by a grant from the National Science Foundation, is publicly available through the Mikulski Archive for Space Telescopes. The database is 300 gigabytes in size, and it’s accessible through multiple formats, including downloadable computer-readable tables.

This survey has already yielded some interesting science, including an explanation for a rather spooky region of space known as the Cold Spot. Using the PS1 telescope, and also NASA’s Wide Field Survey Explorer satellite, the Pan-STARRS scientists spotted a massive supervoid—a “vast region 1.8 billion light-years across, in which the density of galaxies is much lower than usual in the known universe,” as the University of Hawai’i described it five years ago. It’s this supervoid that is causing the Cold Spot, as it’s seen in the cosmic microwave background, according to the researchers.

Source: AI Created a Detailed 3D Map of Stars, Galaxies, and Quasars

“World’s fastest electrodes” triple the density of lithium batteries

Posted on by

French company Nawa technologies says it’s already in production on a new electrode design that can radically boost the performance of existing and future battery chemistries, delivering up to 3x the energy density, 10x the power, vastly faster charging and battery lifespans up to five times as long.

Nawa is already known for its work in the ultracapacitor market, and the company has announced that the same high-tech electrodes it uses on those ultracapacitors can be adapted for current-gen lithium-ion batteries, among others, to realize some tremendous, game-changing benefits.

It all comes down to how the active material is held in the electrode, and the route the ions in that material have to take to deliver their charge. Today’s typical activated carbon electrode is made with a mix of powders, additives and binders. Where carbon nanotubes are used, they’re typically stuck on in a jumbled, “tangled spaghetti” fashion. This gives the charge-carrying ions a random, chaotic and frequently blocked path to traverse on their way to the current collector under load.

The benefits are all about how far an ion has to carry its charge; on the left, a depiction of a typical, chaotic electrode structure through which an ion has to travel long and circuitous distances. On the right, the rigid structure of a vertically aligned carbon nanotube structure, which links every tiny blob of active material and the ions within straight to the current collector

The benefits are all about how far an ion has to carry its charge; on the left, a depiction of a typical, chaotic electrode structure through which an ion has to travel long and circuitous distances. On the right, the rigid structure of a vertically aligned carbon nanotube structure, which links every tiny blob of active material and the ions within straight to the current collector
Nawa Technologies

Nawa’s vertically aligned carbon nanotubes, on the other hand, create an anode or cathode structure more like a hairbrush, with a hundred billion straight, highly conductive nanotubes poking up out of every square centimeter. Each of these tiny, securely rooted poles is then coated with active material, be it lithium-ion or something else.

The result is a drastic reduction in the mean free path of the ions – the distance the charge needs to travel to get in or out of the battery – since every blob of lithium is more or less directly attached to a nanotube, which acts as a straight-line highway and part of the current collector. “The distance the ion needs to move is just a few nanometers through the lithium material,” Nawa Founder and CTO Pascal Boulanger tells us, “instead of micrometers with a plain electrode.”

This radically boosts the power density – the battery’s ability to deliver fast charge and discharge rates – by a factor of up to 10x, meaning that smaller batteries can put out 10 times more power, and the charging times for these batteries can be brought down just as drastically. Nawa says a five-minute charge should be able to take you from 0-80 percent given the right charging infrastructure.

[…]

“Research has shown vertically aligned – or even just well distributed – carbon nanotubes have far greater properties than randomly placed carbon nanotubes,” said Dr. Shearer. “I am not surprised a x10 in conductivity is possible. Controlling the placement of carbon nanotubes is really the way to unlock their potential. The issue in commercialization is the cost associated with producing aligned carbon nanotubes. My guess is the cost would be much more than x10.”

We put the question of cost to Nawa. “The million dollar question!” said Boulanger. “Here’s a million dollar answer: the process we’re using is the same process that’s used for coating glasses with anti-reflective coatings, and for photovoltaics. It’s already very cheap.”

“In high volume, like those processes, yes,” added Nawa CEO Ulrik Grape. “We are firmly convinced that this will be cost-competitive with existing electrodes.”

[…]

In some cases, Nawa says, it eliminates issues that have been holding back certain other battery chemistries. Silicon-based batteries, for example, could offer around twice the energy density of lithium-ion, but the active material grows to four times its size as it’s charged and shrinks back again as it discharges, causing mechanical issues that lead to cracks. As a result, you might be lucky to get 50 charges out of a silicon battery before it dies.

[…]

Moving to these electrodes, Grape and Boulanger say, will require battery companies to make some fairly considerable changes to the early stages of their manufacturing processes prior to cell assembly. But such dramatic performance multipliers without a price penalty or any changes to battery chemistry will surely make these things tough to compete against.

Nawa’s first large-scale customer is French battery manufacturer Saft, which is partnering with PSA and Renault as part of the European Battery Alliance to develop EV batteries for the brands under those umbrellas. The company is also speaking to a number of car companies directly, as well as other battery manufacturers supplying the EV space.

Source: “World’s fastest electrodes” triple the density of lithium batteries

Apple’s T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon

Posted on by

Apple’s T2 security chip is insecure and cannot be fixed, a group of security researchers report.

Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.

The primary researchers involved – @h0m3us3r, @mcmrarm, @aunali1 and Rick Mark (@su_rickmark) – expanded on the work @axi0mX did to create checkm8 and adapted it to target the T2, in conjunction with a group that built checkm8 into their checkra1n jailbreaking software. Mark on Wednesday published a timeline of relevant milestones.

The T2, which contains a so-called secure enclave processor (SEP) intended to safeguard Touch ID data, encrypted storage, and secure boot capabilities, was announced in 2017. Based on the Arm-compatible A10 processor used in the iPhone 7, the T2 first appeared in devices released in 2018, including MacBook Pro, MacBook Air, and Mac mini. It has also shown up in the iMac Pro and was added to the Mac Pro in 2019, and the iMac in 2020.

The checkm8 exploit, which targets a use-after-free() vulnerability, allows an attacker to run unsigned code during recovery mode, or Device Firmware Update (DFU) mode. It has been modified to enable a tethered debug interface that can be used to subvert the T2 chip.

So with physical access to your T2-equipped macOS computer, and an appropriate USB-C cable and checkra1n 0.11, you – or a miscreant in your position – can obtain root access and kernel execution privileges on a T2-defended Mac. This allows you to alter macOS, loading arbitrary kernel extensions, and expose sensitive data.

According to Belgian security biz ironPeak, it also means that firmware passwords and remote device locking capabilities, instituted via MDM or the FindMy app, can be undone.

Compromising the T2 doesn’t dissolve macOS FileVault2 disk encryption but it would allow someone to install a keylogger to obtain the encryption key or to attempt to crack the key using a brute-force attack.

[…]

Unfortunately, it appears the T2 cannot be fixed. “Apple uses SecureROM in the early stages of boot,” explained Rick Mark in a blog post on Monday. “ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM.”

Source: Apple’s T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon • The Register

Ex-Tesla exec Straubel aims to build world’s top battery recycler – still nowhere near enough to compensate for the trash electric cars are putting out, but a start

Posted on by

Tesla co-founder J.B. Straubel wants to build his startup Redwood Materials into the world’s top battery recycling company and one of the largest battery materials companies, he said at a technology conference Wednesday.

Straubel aims to leverage two partnerships, one with Panasonic Corp 6752.T, the Japanese battery manufacturer that is teamed with Tesla TSLA.O at the Nevada gigafactory, and one announced weeks ago with e-commerce giant Amazon AMZN.O.

With production of electric vehicles and batteries about to explode, Straubel says his ultimate goal is to “make a material impact on sustainability, at an industrial scale.”

Established in early 2017, Redwood this year will recycle more than 1 gigawatt-hours’ worth of battery scrap materials from the gigafactory — enough to power more than 10,000 Tesla cars.

That is a fraction of the half-million vehicles Tesla expects to build this year. At the company’s Battery Day in late September, Chief Executive Elon Musk said he was looking at recycling batteries to supplement the supply of raw materials from mining as Tesla escalates vehicle production.

Redwood’s partnership with Panasonic started late last year with a pilot operation to recover materials at Redwood’s recycling facilities in nearby Carson City, according to Celina Mikolajczak, vice president of battery technology at Panasonic Energy of North America.

Mikolajczak, who spent six years at Tesla as a battery technology leader, said: “People underestimate what recycling can do for the electric vehicles industry. This could have a huge impact on raw material prices and output in the future.”

Straubel’s broader plan is to dramatically reduce mining of raw materials such as nickel, copper and cobalt over several decades by building out a circular or “closed loop” supply chain that recycles and recirculates materials retrieved from end-of-life vehicle and grid storage batteries and from cells scrapped during manufacturing.

In September, Redwood said it received funding from Amazon’s Climate Pledge Fund, following an investment by Breakthrough Energy Ventures, backed by Amazon CEO Jeff Bezos and Microsoft founder Bill Gates.

Source: Ex-Tesla exec Straubel aims to build world’s top battery recycler | Reuters

Apple made ProtonMail add in-app purchases, even though it had been free for years – this App store shakedown has a long scared list of victims

Posted on by

one app developer revealed to Congress that it — just like WordPress — had been forced to monetize a largely free app. That developer testified that Apple had demanded in-app purchases (IAP), even though Apple had approved its app without them two years earlier — and that when the dev dared send an email to customers notifying them of the change, Apple threatened to remove the app and blocked all updates.

That developer was ProtonMail, makers of an encrypted email app, and CEO Andy Yen had some fiery words for Apple in an interview with The Verge this week.

We’ve known for months that WordPress and Hey weren’t alone in being strong-armed by the most valuable company in the world, ever since Stratechery’s Ben Thompson reported that 21 different app developers quietly told him they’d been pushed to retroactively add IAP in the wake of those two controversies. But until now, we hadn’t heard of many devs willing to publicly admit it. They were scared.

And they’re still scared, says Yen. Even though Apple changed its rules on September 11th to exempt “free apps acting as a stand-alone companion to a paid web based tool” from the IAP requirement — Apple explicitly said email apps are exempt — ProtonMail still hasn’t removed its own in-app purchases because it fears retaliation from Apple, he says.

He claims other developers feel the same way: “There’s a lot of fear in the space right now; people are completely petrified to say anything.”

He might know. ProtonMail is one of the founding partners of the Coalition for App Fairness, a group that also includes Epic Games, Spotify, Tile, Match, and others who banded together to protest Apple’s rules after having those rules used against them. It’s a group that tried to pull together as many developers as it could to form a united front, but some weren’t as ready to risk Apple’s wrath.

That’s clearly not the case for Yen, though — in our interview, he compares Apple’s tactics to a Mafia protection racket.

“For the first two years we were in the App Store, that was fine, no issues there,” he says. (They’d launched on iOS in 2016.) “But a common practice we see … as you start getting significant uptake in uploads and downloads, they start looking at your situation more carefully, and then as any good Mafia extortion goes, they come to shake you down for some money.”

“We didn’t offer a paid version in the App Store, it was free to download … it wasn’t like Epic where you had an alternative payment option, you couldn’t pay at all,” he relates.

Yen says Apple’s demand came suddenly in 2018. “Out of the blue, one day they said you have to add in-app purchase to stay in the App Store,” he says. “They stumbled upon something in the app that mentioned there were paid plans, they went to the website and saw there was a subscription you could purchase, and then turned around and demanded we add IAP.”

“There’s nothing you can say to that. They are judge, jury, and executioner on their platform, and you can take it or leave it. You can’t get any sort of fair hearing to determine whether it’s justifiable or not justifiable, anything they say goes.”

[…]

Source: Apple made ProtonMail add in-app purchases, even though it had been free for years – The Verge

This is what monopolies will do for you. I have been talking about how big tech is involved in this since 2019 and it’s good to see it finally really coming out of the woodwork

Google is giving data to police based on search keywords: IPs of everyone who searched a certain thing. No warrant required.

Posted on by

There are few things as revealing as a person’s search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect.

In August, police arrested Michael Williams, an associate of singer and accused sex offender R. Kelly, for allegedly setting fire to a witness’ car in Florida. Investigators linked Williams to the arson, as well as witness tampering, after sending a search warrant to Google that requested information on “users who had searched the address of the residence close in time to the arson.”

The July court filing was unsealed on Tuesday. Detroit News reporter Robert Snell tweeted about the filing after it was unsealed.

Court documents showed that Google provided the IP addresses of people who searched for the arson victim’s address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams’ device near the arson, according to court documents.

The original warrant sent to Google is still sealed, but the report provides another example of a growing trend of data requests to the search engine giant in which investigators demand data on a large group of users rather than a specific request on a single suspect.

“This ‘keyword warrant’ evades the Fourth Amendment checks on police surveillance,” said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. “When a court authorizes a data dump of every person who searched for a specific term or address, it’s likely unconstitutional.”

The keyword warrants are similar to geofence warrants, in which police make requests to Google for data on all devices logged in at a specific area and time. Google received 15 times more geofence warrant requests in 2018 compared with 2017, and five times more in 2019 than 2018. The rise in reverse requests from police have troubled Google staffers, according to internal emails.

[…]

Source: Google is giving data to police based on search keywords, court docs show – CNET

Facebook Just Forced Its Most Powerful Critics Offline

Posted on by

Facebook is using its vast legal muscle to silence one of its most prominent critics.

The Real Facebook Oversight Board, a group established last month in response to the tech giant’s failure to get its actual Oversight Board up and running before the presidential election, was forced offline on Wednesday night after Facebook wrote to the internet service provider demanding the group’s website — realfacebookoversight.org — be taken offline.

The group is made up of dozens of prominent academics, activists, lawyers, and journalists whose goal is to hold Facebook accountable in the run-up to the election next month. Facebook’s own Oversight Board, which was announced 13 months ago, will not meet for the first time until later this month, and won’t consider any issues related to the election.

In a letter sent to one of the founders of the RFOB, journalist Carole Cadwalladr, the ISP SupportNation said the website was being taken offline after Facebook complained that the site was involved in “phishing.”

[…]

It’s unclear what evidence Facebook presented to support its claim that RFOB was operating a phishing website.

Typically, ISPs have a dispute resolution process in place that allows the website operator to challenge the allegations. This process can normally take months and ultimately result in a court order being obtained to take a site offline. In this case, there was no warning given.

[…]

Facebook had previously forced another website the group set up — realfacebookoversight.com — offline over alleged copyright infringement.

Facebook denied that it was responsible for the website being taken offline. “This website was automatically flagged by a vendor because it contained the word “facebook” in the domain and action was taken without consulting with us,”  a spokesperson told VICE News.

But, an email from the ISP, SupportNation, sent to the Real Facebook Oversight Board and viewed by VICE News, links to a message from the original complainant sent in the early hours of Friday morning after the website was taken offline.

The message tells SupportNation that “notices of trademark abuse/trademark infringement were sent out in error.” The message comes from what appears to be a Facebook email address.

Screenshot 2020-10-08 at 16.21.09.png

Facebook said that while normally the ISP would confirm requests like this with Facebook first but “in this instance that did not happen.” A spokesperson added that the message to SupportNation was sent by “a generic email address used by the vendor.”

John Taylor, a spokesperson for Facebook’s actual Oversight Board told VICE News that the takedown wasn’t something it was “aware of or had any involvement in.” Taylor added that the group doesn’t “think this is a constructive approach. We continue to welcome these efforts and contributions to the debate.”

On Wednesday night, Facebook spokesperson Andy Stone responded to Cadwalladr’s post, saying: “Your fake thing that accuses us of fake things was caught in our thing to prevent fake things.”

Stone did not immediately respond to requests for comment to clarify what he meant by “fake things” in these instances.

“The most extraordinary thing about this whole affair is how it’s exposed the total Trumpification of Facebook’s corporate comms,” Cadwalladr told VICE News. “There is a brazen shamelessness at work here. It’s not just that a company that has used ‘free speech’ as a protective cloak would go after our ISP and drive us off the internet but that its official spokesman responds to such criticism by attacking and trolling journalists.”

[…]

Source: Facebook Just Forced Its Most Powerful Critics Offline

Leap Motion brings out TouchFree software – Add Touchless Gesture Control

Posted on by

Touchless, hygienic interaction

TouchFree is a software application that runs on an interactive kiosk or advertising totem. It detects a user’s hand in mid-air and converts it to an on-screen cursor.

touchless-kiosk-with-ultraleap-touchfree.jpg

Easy to integrate, deploy, and use

• Runs invisibly on top of existing user interfaces

• Add touchless interaction without writing a single line of code

• Familiar touchscreen-style interactions

services@leapmotion.com

How users interact

• A user’s hand is detected, and shown as a cursor displayed on the screen

• Users can select items without touching the screen using a simple “air push” motion, similar to tapping a screen but in mid-air.

• To drag or scroll, “air push”, then move

Download TouchFree app

Minimum system requirements

Source: TouchFree | Add Touchless Gesture Control — Leap Motion Developer

NVIDIA Uses AI to Slash Bandwidth on Video Calls

Posted on by

NVIDIA Research has invented a way to use AI to dramatically reduce video call bandwidth while simultaneously improving quality.

What the researchers have achieved has remarkable results: by replacing the traditional h.264 video codec with a neural network, they have managed to reduce the required bandwidth for a video call by an order of magnitude. In one example, the required data rate fell from 97.28 KB/frame to a measly 0.1165 KB/frame – a reduction to 0.1% of required bandwidth.

The mechanism behind AI-assisted video conferencing is breathtakingly simple. The technology works by replacing traditional full video frames with neural data. Typically, video calls work by sending h.264 encoded frames to the recipient, and those frames are extremely data-heavy. With AI-assisted video calls, first, the sender sends a reference image of the caller. Then, instead of sending a stream of pixel-packed images, it sends specific reference points on the image around the eyes, nose, and mouth.

A generative adversarial network (or GAN, a type of neural network) on the receiver side then uses the reference image combined with the keypoints to reconstruct subsequent images. Because the keypoints are so much smaller than full pixel images, much less data is sent and therefore an internet connection can be much slower but still provide a clear and functional video chat.

In the researchers’ initial example, they show that a fast internet connection results in pretty much the same quality of stream using both the traditional method and the new neural network method. But what’s most impressive is their subsequent examples, where internet speeds show a considerable degradation of quality using the traditional method, while the neural network is able to produce extremely clear and artifact-free video feeds.

The neural network can work even when the subject is wearing a mask, glasses, headphones, or a hat.

With this technology, more people can enjoy a greater number of features all while using monumentally less data.

But the technology use cases don’t stop there: because the neural network is using reference data instead of the full stream, the technology will allow someone to even change the camera angle to appear like they are looking directly at the screen even if they are not. Called “Free View,” this would allow someone who has a separate camera off-screen to seemingly keep eye contact with those on a video call.

NVIDIA can also use this same method for character animations. Using different keypoints from the original feed, they can add clothing, hair, or even animate video game characters.

Using this kind of neural network will have huge implications for the modern workforce that will not only serve to relieve strain on networks, but also give users more freedom when working remotely. However, because of the way this technology works, there will almost certainly be questions on how it can be deployed and lead to possible issues with “deep fakes” that become more believable and harder to detect.

(Via NVIDIA via DP Review)

Source: NVIDIA Uses AI to Slash Bandwidth on Video Calls

Boom unveils the XB-1, supersonic testbed for Overture, supersonic airliner

Posted on by

The “Baby Boom” is finally here. After six years of development, Boom Supersonic is unveiling its XB-1 demonstrator. The craft is the company’s first supersonic plane, designed to prove the technology ahead of a full-size airliner, Overture.

[…]

As we reported on back in August, Boom is looking to build the first supersonic civilian airliner for half a century. The first step on that road is the construction of a demonstrator plane that can be used to test the various components and designs a supersonic airliner would need. Say hello to the single-seater XB-1, tail number N990XB.

The XB-1’s carbon-composite frame (for added heat-resistance) measures 71 feet long, with a delta wing shake that, the company says, has been optimized for maximum efficiency. It’s powered by a trio of General Electric J85-15 engines, rated to provide more than 12,000 pounds of thrust. The J85 is a warhorse engine that has been powering craft since the 1950s, including the supersonic T-38 Talon training plane. Boom says that the engine has been tweaked to improve its efficiency, important given the company’s focus on a carbon-neutral test program.

Boom XB-1 Supersonic demonstrator plane

NATHAN LEACH-PROFFER

Boom has looked to lean on new manufacturing methods to reduce costs and dramatically shrink its production time. It leaned heavily on 3D-printing, both for prototyping and to make parts for the XB-1 itself. Boom worked with both Stratasys and Velo 3D to produce prototypes, parts and tooling for the process and the craft itself. Mike Jageman, manufacturing head, said that several parts were built this way “right here, in the hangar.”

One other big technical innovation involves abandoning one of Concorde’s most famous features, its drooping nose. Rather than employ a system like that, XB-1 uses a high-resolution video camera in the nose to help pilots navigate the tricky landing. The company says that the result is to offer a “virtual window through the nose,” although we’ll have to wait for testing to see if that’s a fair claim.

Boom XB-1

NATHAN LEACH-PROFFER

Naturally, the real work begins now, ensuring that XB-1 is ready to begin test flights in the Mojave Desert next year, everything-else-going-on permitting. As founder Blake Scholl says, XB-1 is “an important milestone towards the development of our commercial liner, Overture.” The company expects the first manufacturing facility to be built by 2022, and the first Overture to be completed by 2025. It’s a very ambitious goal, especially given that the company hopes to have the first passenger flight in the air by 2029.

Source: Boom unveils the XB-1, its supersonic testbed | Engadget

UK privacy watchdog wraps up probe into Cambridge Analytica and… it was all a little bit overblown, no?

Posted on by

The UK’s privacy watchdog has wrapped up its probe into Cambridge Analytica, saying it found no hard evidence to support claims the controversial biz used data scrapped from people’s Facebook profiles to influence the Brexit referendum nor the US 2016 presidential election. There was no clear evidence of Russian involvement, either.

However, the UK’s privacy watchdog acts in the interests of the UK and so it may be in their best  interest to say: nothing to see here, carry on please…

In a letter [PDF] this month to Julian Knight – chairman of Parliament’s Digital, Culture and Media and Sport Select Committee – the Information Commissioner’s Office detailed the findings of its investigation, having gone through 700TB and more than 300,000 documents seized from the now-defunct company.

Crucially, the watchdog said Cambridge Analytica pretty much dealt with information and tools that anyone could have purchased or used if they had the right budget and know-how: there were no special techniques nor hacking. Its raison d’etre – profiling voters to target them with influential ads – was achieved by tapping into Facebook’s highly problematic Graph API at the time, via a third-party quiz app people were encouraged to use, and downloading data from their profile pages and their friends’ pages.

Facebook subsequently dynamited its overly leaky API – the real scandal here – to end any further such slurpage, was fined half a million quid by the ICO, and ordered to cough up $5bn by America’s consumer protection regulator, the FTC. If Cambridge Analytica achieved anything at all, it was blowing the lid off Facebook’s slipshod and cavalier approach to safeguarding netizens’ privacy.

Information Commissioner Elizabeth Denham’s team characterized Cambridge Analytica, and its related outfit SCL Elections, as a bit of a smoke-and-mirrors operation that lacked the sort of game-changing insight it sold to clients, who were told they could use the database of Facebook addicts to micro-target particular key voters with specific advertising to swing their political opinion in one direction or another.

“In summary, we concluded that SCL/CA were purchasing significant volumes of commercially available personal data (at one estimate over 130 billion data points), in the main about millions of US voters, to combine it with the Facebook derived insight information they had obtained from an academic at Cambridge University, Dr Aleksandr Kogan, and elsewhere,” the ICO wrote. Kogan and his company Global Science Research (GSR) was tasked with harvesting 87 million Facebook users’ personal data from the aforementioned quiz app.

“In the main their models were also built from ‘off the shelf’ analytical tools and there was evidence that their own staff were concerned about some of the public statements the leadership of the company were making about their impact and influence.”

El Reg has heard on good authority from sources in British political circles that Cambridge Analytica’s advertised powers of online suggestion were rather overblown and in fact mostly useless. In the end, it was skewered by its own hype, accused of tangibly influencing the Brexit and presidential votes on behalf of political parties and campaigners using Facebook data. Yet, no evidence could be found supporting those claims.

On Brexit, the ICO reckoned Cambridge Analytica just had information on Americans from the social network:

It was suggested that some of the data was utilised for political campaigning associated with the Brexit Referendum. However, our view on review of the evidence is that the data from GSR could not have been used in the Brexit Referendum as the data shared with SCL/Cambridge Analytica by Dr Kogan related to US registered voters.

Cambridge Analytica did appear to do a limited amount of work for Leave.EU but this involved the analysis of UKIP membership data rather than data obtained from Facebook or GSR.

For what it’s worth, the ICO observed that a Canadian outfit called AggregateIQ, which was closely linked to Cambridge Analytica, was recruited by pro-Brexit campaigners to target adverts at British Facebook users.

And on the US elections, we’re told a database of voters was assembled from Facebook records, and that “targeted advertising was ultimately likely the final purpose of the data gathering but whether or which specific data from GSR was then used in any specific part of campaign has not been possible to determine from the digital evidence reviewed.”

And as for Russia: “We did not find any additional evidence of Russian involvement in our analysis of material contained in the SCL / CA servers we obtained,” the ICO stated, adding that this is kinda outside its remit and something for the UK’s National Crime Agency to probe.

Were Cambridge Analytica still around, we imagine some details of the report would be a little embarrassing. Alas, it shut down all operations (sort of) back in 2018.

Their models were also built from ‘off the shelf’ analytical tools and there was evidence that their own staff were concerned about some of the public statements the leadership of the company were making about their impact and influence

The ICO report noted how Cambridge Analytica was probably also less than honest with the sales pitches it made to both the Trump and Leave EU campaigns, overstating the amount of data it had collected.

“SCL’s own marketing material claimed they had ‘Over 5,000 data points per individual on 230 million adult Americans’,” the ICO noted. “However, based on what we found it appears that this may have been an exaggeration.”

The company was also taken to task for poor data practices that, even had the political marketing stuff not blown up in public, likely would have landed it in hot water with the ICO.

While Cambridge Analytica may be gone and the ICO investigation concluded, Denham also warned that the tools and techniques it claimed could tip elections are not going away, and are likely to be used in the very near future… and may even work this time.

“What is clear is that the use of digital campaign techniques are a permanent fixture of our elections and the wider democratic process and will only continue to grow in the future,” the commissioner wrote. “The COVID-19 pandemic is only likely to accelerate this process as political parties and campaigns seek to engage with voters in a safe and socially distanced way.”

Source: UK privacy watchdog wraps up probe into Cambridge Analytica and… it was all a little bit overblown, no? • The Register

 

Cars, planes, trains: where do CO2 emissions from transport come from?

Posted on by

In the chart here we see global transport emissions in 2018. This data is sourced from the International Energy Agency (IEA).

Road travel accounts for three-quarters of transport emissions. Most of this comes from passenger vehicles – cars and buses – which contribute 45.1%. The other 29.4% comes from trucks carrying freight.

Since the entire transport sector accounts for 21% of total emissions, and road transport accounts for three-quarters of transport emissions, road transport accounts for 15% of total CO2 emissions.

Aviation – while it often gets the most attention in discussions on action against climate change – accounts for only 11.6% of transport emissions. It emits just under one billion tonnes of CO2 each year – around 2.5% of total global emissions [we look at the role that air travel plays in climate change in more detail in an upcoming article]. International shipping contributes a similar amount, at 10.6%.

Rail travel and freight emits very little – only 1% of transport emissions. Other transport – which is mainly the movement of materials such as water, oil, and gas via pipelines – is responsible for 2.2%.

Source: Cars, planes, trains: where do CO2 emissions from transport come from? – Our World in Data

Listening in on your XR11 remote from 20m away

Posted on by

Guardicore discovered a new attack vector on Comcast’s XR11 voice remote that would have allowed attackers to turn it into a listening device – potentially invading your privacy in your living room. Prior to its remediation by Comcast, the attack, dubbed WarezTheRemote, was a very real security threat: with more than 18 million units deployed across homes in the USA, the XR11 is one of the most widespread remote controls in existence.

WarezTheRemote used a man-in-the-middle attack to exploit remote’s RF communication with the set-top box and over-the-air firmware upgrades – by pushing a malicious firmware image back the remote, attackers could have used the remote to continuously record audio without user interaction.

The attack did not require physical contact with the targeted remote or any interaction from the victim – any hacker with a cheap RF transceiver could have used it to take over an XR11 remote. Using a 16dBi antenna, we were able to listen to conversations happening in a house from about 65 feet away. We believe this could have been amplified easily using better equipment.

We worked with Comcast’s security team after finding the vulnerability and they have released fixes that remediate the issues that made the attack possible.

You can download our full research paper for the technical details of the WarezTheRemote project. You’ll find much more information on the reverse-engineering process inside, as well as a more bits-and-bytes perspective on the vulnerability and the exploit.

Source: A New Attack Vector Discovered in Comcast’s Remote | Guardicore

Nvidia unveils $59 Nvidia Jetson Nano 2GB mini AI board

Posted on by

New Jetson Nano mini AI computer

The Jetson Nano 2GB Developer Kit, announced this week, is a single-board computer – like the Raspberry Pi – though geared towards machine learning rather than general computing. If you like the idea of simple AI projects running on a dedicated board, such as building your own mini self-driving car or an object-recognition system for your home, this one might be for you.

It runs Nvidia CUDA code and provides a Linux-based environment. At only $59 a pop, it’s pretty cheap and a nifty bit of hardware if you’re just dipping your toes in deep learning. As its name suggests, it has 2GB of RAM, plus four Arm Cortex-A57 CPU cores clocked at 1.43GHz and a 128-core Nvidia Maxwell GPU. There are other bits and pieces like gigabit Ethernet, HDMI output, a microSD slot for storage, USB interfaces, GPIO and UART pins, Wi-Fi depending on you region, and more.

“While today’s students and engineers are programming computers, in the near future they’ll be interacting with, and imparting AI to, robots,” said Deepu Talla, vice president and general manager of Edge Computing at Nvidia. “The new Jetson Nano is the ultimate starter AI computer that allows hands-on learning and experimentation at an incredibly affordable price.”

Source: Nvidia unveils $59 Nvidia Jetson Nano 2GB mini AI board, machine learning that slashes vid-chat data by 90%, and new super for Britain • The Register