A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique.
What’s more surprising, is that the technique was first detailed way back in December 2017, but despite its numerous benefits and ease of exploitation, it has not received either media coverage nor has it been seen employed in malware campaigns.
Discovered by Sebastián Castro, a security researcher for CSL, the technique targets one of the parameters of Windows user accounts known as the Relative Identifier (RID).
The RID is a code added at the end of account security identifiers (SIDs) that describes that user’s permissions group. There are several RIDs available, but the most common ones are 501 for the standard guest account, and 500 for admin accounts.
Image: Sebastian Castro
Castro, with help from CSL CEO Pedro García, discovered that by tinkering with registry keys that store information about each Windows account, he could modify the RID associated with a specific account and grant it a different RID, for another account group.
The technique does not allow a hacker to remotely infect a computer unless that computer has been foolishly left exposed on the Internet without a password.
But in cases where a hacker has a foothold on a system –via either malware or by brute-forcing an account with a weak password– the hacker can give admin permissions to a compromised low-level account, and gain a permanent backdoor with full SYSTEM access on a Windows PC.
Since registry keys are also boot persistent, any modifications made to an account’s RID remain permanent, or until fixed.
The attack is also very reliable, being tested and found to be working on Windows versions going from XP to 10 and from Server 2003 to Server 2016, although even older versions should be vulnerable, at least in theory.
“It is not so easy to detect when exploited, because this attack could be deployed by using OS resources without triggering any alert to the victim,” Castro told ZDNet in an interview last week.
“On the other hand, I think is easy to spot when doing forensics operations, but you need to know where to look at.
“It is possible to find out if a computer has been a victim of RID hijacking by looking inside the [Windows] registry and checking for inconsistencies on the SAM [Security Account Manager],” Castro added.
The Pando aspen grove, located in central Utah, is the largest organism on the planet by weight. From the surface, it may look like a forest that spans more than 100 U.S. football fields, but each tree shares the exact same DNA and is connected to its clonal brethren through an elaborate underground root system. Although not quite as large in terms of area as the massive Armillaria gallica fungus in Michigan, Pando is much heavier, weighing in at more than 6 million kilograms. Now, researchers say, the grove is in danger, being slowly eaten away by mule deer and other herbivores—and putting the fate of its ecosystem in jeopardy.
“This is a really unusual habitat type,” says Luke Painter, an ecologist at Oregon State University in Corvallis who was not involved with the research. “A lot of animals depend on it.”
Aspen forests such as the Pando grove and many others reproduce in two ways. The first is the familiar system in which mature trees drop seeds that grow into new trees. But more commonly, aspen and some other tree species reproduce by sending out sprouts from their roots, which grow up through the soil into entire new trees. The exact amount of time it took the Pando grove to reach its modern extent is unknown, says Paul Rogers, an ecologist at Utah State University in Logan. “However, it’s very likely that it’s centuries old, and it’s just as likely that it’s millennia old.”
Scientists first noticed the Pando shrinking in the late ’90s. They suspected elk, cattle, and most prominently deer were eating the new shoots, so in the new study Rogers and colleagues divided the forest into three experimental groups. One section was completely unfenced, allowing animals to forage freely on the baby aspen. A second section was fenced and left alone. And a third section was fenced and then treated in some places with strategies to spur aspen growth, such as shrub removal and controlled burning; in other places it was left untreated.
Aerial photos of the Pando grove spanning 1939 to 2011, which show the grove thinning over time
USDA Aerial Photography Field Office, Salt Lake City, Utah
The good news, at least for Pando, is that it appears that keeping out the deer is enough to solve the problem. But fencing the entirety of the grove is neither practical nor palatable, says Rogers, who partners with the U.S. Forest Service’s Rocky Mountain Research Station in Fort Collins, Colorado, as part of the Western Aspen Alliance, a group committed to improving aspen management and restoring their ecosystems. “Everybody, including myself, doesn’t want fences around this iconic grove. We don’t want to go to nature to see a bunch of fences.”
The alternative, he says, is to do something about the mule deer population. The thinning of the forest has only started to occur in the past century or so. This time frame roughly coincides with when humans entered the area, building cabins, banning hunting, and removing carnivores like wolves that would ordinarily prey on the deer. These human activities, Rogers says, has turned Pando into a safe haven for the deer, artificially inflating their numbers in the area.
With the new data in hand, he’s planning to advocate for a culling of the deer population in the area. Although that may seem extreme, it may be the only chance to give Pando a chance a long-term survival. “The real problem,” Rogers says, “is that there are too many mouths to feed in this area.”
n line with our principles of transparency and to improve public understanding of alleged foreign influence campaigns, Twitter is making publicly available archives of Tweets and media that we believe resulted from potentially state-backed information operations on our service.
Examples of the content include:
While this dataset is of a size that a degree of capability for large dataset analysis is required, we hope to support broad analysis by making a public version of these datasets (with some account-specific information hashed) available. You can download the datasets below. No content has been redacted. Specialist researchers can request access to an unhashed version of these datasets, which will be governed by a data use agreement that will include provisions to ensure the data is used within appropriate legal and ethical parameters.
What’s included?
Our initial disclosures cover two previously disclosed campaigns, and include information from 3,841 accounts believed to be connected to the Russian Internet Research Agency, and 770 accounts believed to originate in Iran. For additional information about this disclosure, see our announcement.
These datasets include all public, nondeleted Tweets and media (e.g., images and videos) from accounts we believe are connected to state-backed information operations. Tweets deleted by these users prior to their suspension (which are not included in these datasets) comprise less than 1% of their overall activity. Note that not all of the accounts we identified as connected to these campaigns actively Tweeted, so the number of accounts represented in the datasets may be less than the total number of accounts listed here.
Astrobiologists are mostly interested in rocky exoplanets that lie in the habitable zone around their parent stars, where liquid water may exist on its surface. NASA’s Kepler spacecraft has spotted a handful of these in the so-called Goldilocks Zone – where it’s not too cold or too hot for life.
As such, a second team from Google and NASA’s lab has built a machine-learning-based tool known as INARA that can identify the chemical compounds in a rocky exoplanet’s atmosphere by studying its high-resolution telescope images.
To develop this software, the brainiacs simulated more than three million planets’ spectral signatures – fingerprints of their atmospheres’ chemical makeups – and labelled them as such to train a convolutional neural network (CNN). The CNN can therefore be used to automatically estimate the chemical composition of a planet from images and light curves of its atmosphere taken from NASA’s Kepler spacecraft. Basically, a neural network was trained to link telescope images to chemical compositions, and thus, you should it a given set of images, and it will spit out the associated chemical components – which can be used to assess whether those would lead to life bursting on the scene.
INARA takes seconds to figure out the biological compounds potentially present in a world’s atmosphere. “Given the scale of the datasets produced by the Kepler telescopes, and the even greater volume of data that will return to Earth from the soon-to-be-launched Transiting Exoplanet Survey Satellite (TESS) satellite, minimizing analysis time per planet can accelerate this research and ensure we don’t miss any viable candidates,” Mascaro concluded. ®
Microplastics were found in sea salt several years ago. But how extensively plastic bits are spread throughout the most commonly used seasoning remained unclear. Now, new research shows microplastics in 90 percent of the table salt brands sampled worldwide.
Of 39 salt brands tested, 36 had microplastics in them, according to a new analysis by researchers in South Korea and Greenpeace East Asia. Using prior salt studies, this new effort is the first of its scale to look at the geographical spread of microplastics in table salt and their correlation to where plastic pollution is found in the environment.
“The findings suggest that human ingestion of microplastics via marine products is strongly related to emissions in a given region,” said Seung-Kyu Kim, a marine science professor at Incheon National University in South Korea.
Raptors are one of the most important causes of fatalities due to their collisions with aircrafts as well as being the main victims of collisions with constructions. They are difficult to deter because they are not influenced by other airspace users or ground predators. Because vision is the primary sensory mode of many diurnal raptors, we evaluated the reactions of captive raptors to a “superstimulus” (a “paradoxical effect whereby animals show greater responsiveness to an exaggerated stimulus than to the natural stimulus”) that combined an “eye shape” stimulus (as many species have an aversion for this type of stimulus) and a looming movement (LE). This looming stimulus mimics an impending collision and induces avoidance in a wide range of species. In captivity, raptors showed a clear aversion for this LE stimulus. We then tested it in a real life setting: at an airport where raptors are abundant. This study is the first to show the efficiency of a visual non-invasive repellent system developed on the basis of both captive and field studies. This system deterred birds of prey and corvids through aversion, and did not induce habituation. These findings suggest applications for human security as well as bird conservation, and further research on avian visual perception and sensitivity to signals.
Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps.
The software sniffers said they first came across the exploitable programming blunder while digging into webpage code on dating websites. After discovering a Tinder.com subdomain – specifically, go.tinder.com – that had a cross-site scripting flaw, they got in touch with the hookup app’s makers to file a bug report.
As it turned out, the vulnerability they discovered went far beyond one subdomain on a site for lonely hearts. The team at VPNMentor said the since-patched security hole had left as many as 685 million netizens vulnerable to cross-site-scripting attacks, during which hackers attempt to steal data and hijack accounts. To pull off one of these scripting attacks, a victim would have to click on a malicious link or open a booby-trapped webpage while logged into a vulnerable service.
That staggering nine-figure number is because the security issue was actually within a toolkit, called branch.io, that tracks website and app users to figure out where they’ve come from, be it Facebook, email links, Twitter, etc. With the bug lurking in branch.io’s code and embedded in a ton of services and mobile applications, the number of people potentially at risk of being hacked via cross-site scripting soared past the half-a-billion mark, we’re told.
Back in 2016, an ambitious group of fans began work on an Unreal Engine 4 “reboot” of role-playing, light-sabering classic Star Wars: Knights of the Old Republic called Apeiron. The project has made impressive progress since then, but it emitted a tragic Wilhelm scream this week when Lucasfilm lawyers zapped it out of existence.
As is often the case with ambitious fan projects, Apeiron received a cease-and-desist letter from lawyers representing the series its team was trying to pay homage to. Apeiron’s developer, Poem Studios, took to Twitter to share the news. “After a few days, I’ve exhausted my options to keep it [Apeiron] afloat; we knew this day was a possibility. I’m sorry and may the force be with you,” Poem wrote alongside a screenshot of a letter purporting to be from Lucasfilm.
“Notwithstanding Poem Studios affection and enthusiasm for the Star Wars franchise and the original KOTOR game, we must object to any unlicensed use of Lucasfilm intellectual property,” reads Lucasfilm’s letter. It goes on to call Apeiron’s use of Star Wars characters, artwork, and images on its website and social media “infringing” and demands that 1) Star Wars materials are removed, 2) the Apeiron team ceases development and destroys its code, and 3) they don’t use any Lucasfilm properties in future games.
It’s only three senators and chances are you haven’t heard of the massive, millions affected data breach suffered by Google, that they didn’t report. Interestingly, if you try to Google the breach you get loads of hits on Google’s bug reporting program, but almost nothing on the breach. Google has done an astoundly good job of keeping this under their hats.
Wherever artificial intelligence is deployed, you will find it has failed in some amusing way. Take the strange errors made by translation algorithms that confuse having someone for dinner with, well, having someone for dinner.
But as AI is used in ever more critical situations, such as driving autonomous cars, making medical diagnoses, or drawing life-or-death conclusions from intelligence information, these failures will no longer be a laughing matter. That’s why DARPA, the research arm of the US military, is addressing AI’s most basic flaw: it has zero common sense.
“Common sense is the dark matter of artificial intelligence,” says Oren Etzioni, CEO of the Allen Institute for AI, a research nonprofit based in Seattle that is exploring the limits of the technology. “It’s a little bit ineffable, but you see its effects on everything.”
DARPA’s new Machine Common Sense (MCS) program will run a competition that asks AI algorithms to make sense of questions like this one:
A student puts two identical plants in the same type and amount of soil. She gives them the same amount of water. She puts one of these plants near a window and the other in a dark room. The plant near the window will produce more (A) oxygen (B) carbon dioxide (C) water.
A computer program needs some understanding of the way photosynthesis works in order to tackle the question. Simply feeding a machine lots of previous questions won’t solve the problem reliably.
These benchmarks will focus on language because it can so easily trip machines up, and because it makes testing relatively straightforward. Etzioni says the questions offer a way to measure progress toward common-sense understanding, which will be crucial.
Tech companies are busy commercializing machine-learning techniques that are powerful but fundamentally limited. Deep learning, for instance, makes it possible to recognize words in speech or objects in images, often with incredible accuracy. But the approach typically relies on feeding large quantities of labeled data—a raw audio signal or the pixels in an image—into a big neural network. The system can learn to pick out important patterns, but it can easily make mistakes because it has no concept of the broader world.
Using a technique called reinforcement learning, a researcher at Google Brain has shown that virtual robots can redesign their body parts to help them navigate challenging obstacle courses—even if the solutions they come up with are completely bizarre.
Embodied cognition is the idea that an animal’s cognitive abilities are influenced and constrained by its body plan. This means a squirrel’s thought processes and problem-solving strategies will differ somewhat from the cogitations of octopuses, elephants, and seagulls. Each animal has to navigate its world in its own special way using the body it’s been given, which naturally leads to different ways of thinking and learning.
“Evolution plays a vital role in shaping an organism’s body to adapt to its environment,” David Ha, a computer scientist and AI expert at Google Brain, explained in his new study. “The brain and its ability to learn is only one of many body components that is co-evolved together.”
[…]
Using the OpenAI Gym framework, Ha was able to provide an environment for his walkers. This framework looks a lot like an old-school, 2D video game, but it uses sophisticated virtual physics to simulate natural conditions, and it’s capable of randomly generating terrain and other in-game elements.
As for the walker, it was endowed with a pair of legs, each consisting of an upper and lower section. The bipedal bot had to learn how to navigate through its virtual environment and improve its performance over time. Researchers at DeepMind conducted a similar experiment last year, in which virtual bots had to learn how to walk from scratch and navigate through complex parkour courses. The difference here is that Ha’s walkers had the added benefit of being able to redesign their body plan—or at least parts of it. The bots could alter the lengths and widths of their four leg sections to a maximum of 75 percent of the size of the default leg design. The walkers’ pentagon-shaped head could not be altered, serving as cargo. Each walker used a digital version of LIDAR to assess the terrain immediately in front of it, which is why (in the videos) they appear to shoot a thin laser beam at regular intervals.
Using reinforcement-learning algorithms, the bots were given around a day or two to devise their new body parts and come up with effective locomotion strategies, which together formed a walker’s “policy,” in the parlance of AI researchers. The learning process is similar to trial-and-error, except the bots, via reinforcement learning, are rewarded when they come up with good strategies, which then leads them toward even better solutions. This is why reinforcement learning is so powerful—it speeds up the learning process as the bots experiment with various solutions, many of which are unconventional and unpredictable by human standards.
Left: An unmodified walker joyfully skips through easy terrain. Right: With training, a self-modified walker chose to hop instead.
GIF: David Ha/Google Brain/Gizmodo
For the first test (above), Ha placed a walker in a basic environment with no obstacles and gently rolling terrain. Using its default body plan, the bot adopted a rather cheerful-looking skipping locomotion strategy. After the learning stage, however, it modified its legs such that they were thinner and longer. With these modified limbs, the walker used its legs as springs, quickly hopping across the terrain.
The walker chose a strange body plan and an unorthodox locomotion strategy for traversing challenging terrain.
GIF: David Ha/Google Brain/Gizmodo
The introduction of more challenging terrain (above), such as having to walk over obstacles, travel up and down hills, and jump over pits, introduced some radical new policies, namely the invention of an elongated rear “tail” with a dramatically thickened end. Armed with this configuration, the walkers hopped successfully around the obstacle course.
By this point in the experiment, Ha could see that reinforcement learning was clearly working. Allowing a walker “to learn a better version of its body obviously enables it to achieve better performance,” he wrote in the study.
Not content to stop there, Ha played around with the idea of motivating the walkers to adopt some design decisions that weren’t necessarily beneficial to its performance. The reason for this, he said, is that “we may want our agent to learn a design that utilizes the least amount of materials while still achieving satisfactory performance on the task.”
The tiny walker adopted a very familiar gait when faced with easy terrain.
GIF: David Ha/Google Brain/Gizmodo
So for the next test, Ha rewarded an agent for developing legs that were smaller in area (above). With the bot motivated to move efficiently across the terrain, and using the tiniest legs possible (it no longer had to adhere to the 75 percent rule), the walker adopted a rather conventional bipedal style while navigating the easy terrain (it needed just 8 percent of the leg area used in the original design).
The walker struggled to come up with an effective body plan and locomotion style when it was rewarded for inventing small leg sizes.
GIF: David Ha/Google Brain/Gizmodo
But the walker really struggled to come up with a sensible policy when having to navigate the challenging terrain. In the example shown above, which was the best strategy it could muster, the walker used 27 percent of the area of its original design. Reinforcement learning is good, but it’s no guarantee that a bot will come up with something brilliant. In some cases, a good solution simply doesn’t exist.
Today, the EU held a routine vote on regulations for self-driving cars, when something decidedly out of the ordinary happened…
The autonomous vehicle rules contained a clause that affirmed that “data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on databases inapplicable.”
This is pretty inoffensive stuff. Copyright protects creative work, not factual data, and the telemetry generated by your car — self-driving or not — is not copyrighted.
But just before the vote, members of the European Peoples’ Party (the same bloc that pushed through the catastrophic new Copyright Directive) stopped the proceedings with a rare “roll call” and voted down the clause.
In other words, they’ve snuck in a space for the telemetry generated by autonomous vehicles to become someone’s property. This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims — data that will not be public domain (as copyright law dictates), but will instead be someone’s exclusive purview, to release or withhold as they see fit.
Who will own this data? It’s unlikely that it will be the owners of the vehicles. Just look at the data generated by farmers who own John Deere tractors. These tractors create a wealth of soil data, thanks to humidity sensors, location sensors and torque sensors — a centimeter-accurate grid of soil conditions in the farmer’s own field.
But all of that data is confiscated by John Deere, locked up behind the company’s notorious DRM and only made available in fragmentary form to the farmer who generated it (it comes bundled with the app that you get if you buy Monsanto seed) — meanwhile, the John Deere company aggregates the data for sale into the crop futures market.
It’s already the case that most auto manufacturers use license agreements and DRM to lock up your car so that you can’t fix it yourself or take it to an independent service center. The aggregated data from millions of self-driving cars across the EU aren’t just useful to public safety analysts, consumer rights advocates, security researchers and reviewers (who would benefit from this data living in the public domain) — it is also a potential gold-mine for car manufacturers who could sell it to insurers, market researchers and other deep-pocketed corporate interests who can profit by hiding that data from the public who generate it and who must share their cities and streets with high-speed killer robots.
Genetic testing has helped plenty of people gain insight into their ancestry, and some services even help users find their long-lost relatives. But a new study published this week in Science suggests that the information uploaded to these services can be used to figure out your identity, regardless of whether you volunteered your DNA in the first place.
The researchers behind the study were inspired by the recent case of the alleged Golden State Killer.
Earlier this year, Sacramento police arrested 72-year-old Joseph James DeAngelo for a wave of rapes and murders allegedly committed by DeAngelo in the 1970s and 1980s. And they claimed to have identified DeAngelo with the help of genealogy databases.
Traditional forensic investigation relies on matching certain snippets of DNA, called short tandem repeats, to a potential suspect. But these snippets only allow police to identify a person or their close relatives in a heavily regulated database. Thanks to new technology, the investigators in the Golden State Killer case isolated the genetic material that’s now collected by consumer genetic testing companies from the suspected killer’s DNA left behind at a crime scene. Then they searched for DNA matches within these public databases.
This information, coupled with other historical records, such as newspaper obituaries, helped investigators create a family tree of the suspect’s ancestors and other relatives. After zeroing on potential suspects, including DeAngelo, the investigators collected a fresh DNA sample from DeAngelo—one that matched the crime scene DNA perfectly.
But while the detective work used to uncover DeAngelo’s alleged crimes was certainly clever, some experts in genetic privacy have been worried about the grander implications of this method. That includes Yaniv Erlich, a computer engineer at Columbia University and chief science officer at MyHeritage, an Israel-based ancestry and consumer genetic testing service.
Erlich and his team wanted to see how easy it would be in general to use the method to find someone’s identity by relying on the DNA of distant and possibly unknown family members. So they looked at more than 1.2 million anonymous people who had gotten testing from MyHeritage, and specifically excluded anyone who had immediate family members also in the database. The idea was to figure out whether a stranger’s DNA could indeed be used to crack your identity.
They found that more than half of these people had distant relatives—meaning third cousins or further—who could be spotted in their searches. For people of European descent, who made up 75 percent of the sample, the hit rate was closer to 60 percent. And for about 15 percent of the total sample, the authors were also able to find a second cousin.
Much like the Golden State investigators, the team found they could trace back someone’s identity in the database with relative ease by using these distant relatives and other demographic but not overly specific information, such as the target’s age or possible state residence.
[…]
According to the researchers, it will take only about 2 percent of an adult population having their DNA profiled in a database before it becomes theoretically possible to trace any person’s distant relatives from a sample of unknown DNA—and therefore, to uncover their identity. And we’re getting ever closer to that tipping point.
“Once we reach 2 percent, nearly everyone will have a third cousin match, and a substantial amount will have a second cousin match,” Erlich explained. “My prediction is that for people of European descent, we’ll reach that threshold within two or three years.”
[…]
What this means for you: If you want to protect your genetic privacy, the best thing you can do is lobby for stronger legal protections and regulations. Because whether or not you’ve ever submitted your DNA for testing, someone, somewhere, is likely to be able to pick up your genetic trail.
Artificially intelligent bots are notoriously bad at communicating with, well, anything. Conversations with the code, whether it’s between themselves or with people, often go awry, and veer off topic. Grammar goes out the window, and sentences become nonsensical.
[…]
Well, a group of researchers at Stanford University in the US have figured out how to, in theory, prevent that chaos and confusion from happening. In an experiment, they trained neural networks to negotiate when buying stuff in hypothetical situations, mimicking the process of scoring and selling stuff on sites like Craigslist or Gumtree.
Here’s the plan: sellers post adverts trying to get rid off their old possessions. Buyers enquire about the condition of the items, and if a deal is reached, both parties arrange a time and place to exchange the item for cash.
Here’s an example of a conversation between a human, acting as a seller, and a Stanford-built bot, as the buyer:
Example of a bot (A) interacting with a human (B) to buy a Fitbit. Image credit: He et al.
The dialogue is a bit stiff, and the grammar is wrong in places, but it does the job even though no deal is reached. The team documented their work in this paper, here [PDF], which came to our attention this week.
The trick is to keep the machines on topic and stop them from generating gibberish. The researchers used supervised learning and reinforcement learning together with hardcoded rules to force the bots to stay on task.
The system is broadly split into three parts: a parser, a manager and a generator. The parser inspects keywords that signify a specific action that is being taken. Next, the manager stage chooses how the bot should respond. These actions, dubbed “course dialogue acts”, guide the bot through the negotiation task so it knows when to inquire, barter a price, agree or disagree. Finally, the generator produces the response to keep the dialogue flowing.
Diagram of how the system works. The interaction is split into a series of course dialogue acts, the manager chooses what action the bot should take, and a generator spits out words for the dialogue. Image credit: He et al.
In the reinforcement learning method, the bots are encouraged to reach a deal and penalized with a negative reward when it fails to reach an agreement. The researchers train the bot by collecting 6,682 dialogues between humans working on the Amazon Mechanical Turk platform.
They call it the Craigslist Negotiation Dataset since they modeled the scenarios by scraping postings for the items in the six most popular categories on Craigslist. These include items filed under housing, furniture, cars, bikes, phones and electronics.
The conversations are represented as a sequence of actions or course dialogue acts. A long short-term memory network (LSTM) encodes the course dialogue act and another LSTM decodes it.
The manager part chooses the appropriate response. For example, it can propose a price, argue to go lower or higher, and accepts or rejects a deal. The generator conveys all these actions in plain English.
During the testing phase, the bots were pitted against real humans. Participants were then asked to how humans the interaction seemed. The researchers found that their systems were more successful at bargaining for a deal and were more human-like than other bots.
It doesn’t always work out, however. Here’s an example of a conversation where the bot doesn’t make much sense.
A bot (A) trying to buy a Fitbit off a human seller (B). This time, however, it fails to communicate effectively. Image credit: He et al.
If you like the idea of crafting a bot to help you automatically negotiate for things online then you can have a go at making your own. The researchers have posted the data and code on CodaLab. ®
The vuln (CVE-2018-6977) allows an attacker with normal local user privileges to trigger an infinite loop in a 3D-rendering shader. According to VMware, a “specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device”.
If that happens, VMware warned, the hypervisor may rely on the host box’s graphics driver to ensure other users of the physical machine are not impacted by the infinite graphical loop.
“However, many graphics drivers may themselves get into to a denial-of-service condition caused by such infinite shaders, and as a result other VMs or processes running on the host might also be affected,” said VMware in a statement.
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.
The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.
Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.
Several states have instituted stricter voter ID laws since the 2016 presidential election; more, still, are purging voter rolls in the lead up to the election, and the recent Supreme Court decision to uphold Ohio’s aggressive purging law means you can expect many more people to be removed. So, even if you’re registered to vote (and you should really double check) you might find yourself turned away at the polls come November 6.
Why is Xiaomi’s fitness tracker detecting a heartbeat from a roll of toilet paper?
Weibo users are confused, but the answer isn’t as wild as it seems
Does a roll of toilet paper have a heart? Obviously not. So why does Xiaomi’s fitness band display a heart rate when it’s wrapped around a roll of toilet paper?
Weibo users have been discussing the phenomenon, with plenty of pictures from mystified users who say the Xiaomi Mi Band 3 fitness tracker is “detecting” a heart rate on toilet paper.
So we decided to get a Mi Band 3 — and of course, a roll of toilet paper — to check it out.
Bizarrely, it’s true.
It didn’t work all the time — only around a quarter of attempts gave us a heartbeat. The numbers were pretty random (ranging from 59bpm to 88bpm), but they were real.
So what about other objects? We tried wrapping the Mi Band 3 around a mug, because we had a mug, and a banana, because the internet likes bananas. Both gave us a heart rate quickly and far more consistently than the toilet paper did.
59bpm? That roll of toilet paper is so chill right now. (Picture: Abacus)
But the Xiaomi band isn’t alone. We also tried the banana and mug with an Apple Watch Series 4 and a Ticwatch, an Android Wear smartwatch. Both also displayed a heartbeat for the two heartless objects, ranging from 33bpm on the banana (Apple Watch) to 130bpm for the mug (Ticwatch).
New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today.
The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress.
Congress ordered the GAO report in preparation to approve DOD funding of over $1.66 trillion, so the Pentagon could expand its weapons portfolio with new toys in the coming years.
But according to the new report, GAO testers “playing the role of adversary” found a slew of vulnerabilities of all sort of types affecting these new weapons systems.
“Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” GAO officials said.
The report detailed some of the most eye-catching hacks GAO testers performed during their analysis.
In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.
Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.
In one case, the test team took control of the operators’ terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.
Another test team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.
Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.
One test report indicated that the test t eam was able to guess an administrator password in nine seconds.
For example, in some cases, simply scanning a system caused parts of the system to shut down. One test had to be stopped due to safety concerns after the test team scanned the system.
Nearly all major acquisition programs that were operationally tested between 2012 and 2017 had mission-critical cyber vulnerabilities that adversaries could compromise.
Artificial intelligence can help developers design mobile phone apps that drain less battery, according to new research.
The system, dubbed DiffProff, will be presented this week at the USENIX Symposium on Operating Systems Design and Implementation conference in California, was developed by Charlie Hu and Abhilash Jindal, who have a startup devoted to better battery testing via software.
DiffProf rests on the assumption that apps that carry out the same function perform similar tasks in slightly different ways. For example, messaging apps like Whatsapp, Google Hangouts, or Skype, keep old conversations and bring up a keyboard so replies can be typed and sent. Despite this, Whatsapp is about three times more energy efficient than Skype.
“What if a feature of an app needs to consume 70 percent of the phone’s battery? Is there room for improvement, or should that feature be left the way it is?” said Hu, who is also a professor of electrical and computer engineering at Purdue University.
The research paper describing DiffProf is pretty technical. Essentially, it describes a method that uses “differential energy profiling” to create energy profiles for different apps. First, the researchers carry out a series of automated tests on apps by performing identical tasks on each app to work out energy efficiency.
Next, the profile also considers the app’s “call tree” also known as a call graph. These describe the different computer programs that are executed in order to perform a broader given task.
Apps that have the same function, like playing music or sending emails, should have similar call trees. Slight variances in the code, however, lead to different energy profiles. DiffProf uses an algorithm to compare the call trees and highlights what programs are causing an app to drain more energy.
Developers running the tool receive a list of Java packages, that describe the different software features, which appear in the both apps being compared. They can then work out which programs in the less energy efficient app suck up more juice and if it can be altered or deleted altogether. The tool is only useful if the source code for similar apps have significant overlap.
a new, free app promises to let you “sue anyone by pressing a button” and have an AI-powered lawyer fight your case.
Do Not Pay, a free service that launched in the iOS App store today, uses IBM Watson-powered artificial intelligence to help people win up to $25,000 in small claims court. It’s the latest project from 21-year-old Stanford senior Joshua Browder, whose service previously allowed people to fight parking tickets or sue Equifax; now, the app has streamlined the process. It’s the “first ever service to sue anyone (in all 3,000 counties in 50 states) by pressing a button.”
The crazy part: the robot lawyer actually wins in court. In its beta testing phase, which included releases in the UK and in select numbers across all 50 US states, Do Not Pay has helped its users get back $16 million in disputed parking tickets. In a phone call with Motherboard, Browder said that the success rate of Do Not Pay is about 50 percent, with average winnings of about $7,000.
[…]
The app works by having a bot ask the user a few basic questions about their legal issue. The bot then uses the answers to classify the case into one of 15 different legal areas, such as breach of contract or negligence. After that, Do Not Pay draws up documents specific to that legal area, and fills in the specific details. Just print it out, mail it to the courthouse, and violá—you’re a plaintiff. And if you have to show up to court in person, Do Not Pay even creates a script for the plaintiff to read out loud in court.
[…]
Browder told Motherboard that data protection is a central part of his service, which is free (users keep 100 percent of what they win in court, Browder says.) Per Do Not Pay’s privacy policy, all user data is protected with 256-bit encryption, and no third parties get access to personal user information such as home address, email address, or information pertaining to a particular case.
[…]
Of all of Do Not Pay’s legal disputes, Browder told Motherboard that he’s most proud of an instance where a woman took Equifax to court and won, twice. After her data was compromised by Equifax last year, she took the $3 billion company to small claims court and won. When Equifax appealed the verdict and sent a company lawyer to fight for an appeal, the woman won again.
Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses.
This time, it’s Chinese surveillance camera maker Xiongmai who was named and shamed by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed default credentials and unsigned firmware updates that could be delivered via the service.
As a result, SEC Consult warns, the cameras could be compromised to do everything from spy on their owners, to carry out botnet instructions and even to serve as an entry point for larger network intrusions.
“Our recommendation is to stop using Xiongmai and Xiongmai OEM devices altogether,” SEC Consult recommended.
“The company has a bad security track record including its role in Mirai and various other IoT botnets. There are vulnerabilities that have been published in 2017, which are still not fixed in the most recent firmware version.”
Enabled by default, the P2P Cloud service allows users to remotely connect to devices via either a web browser or an iOS/Android app and control the hardware without needing a local network connection.
A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday.
Google said it found no evidence of data misuse. Still, as part of the response to the incident, Google plans to shut down the social network permanently.
The company didn’t disclose the vulnerability when it fixed it in March because the company didn’t want to invite regulatory scrutiny from lawmakers, according to a report Monday by The Wall Street Journal. Google CEO Sundar Pichai was briefed on the decision to not disclose the finding, after an internal committee had already decided the plan, the Journal said.
Google said it found the bug as part of an internal review called Project Strobe, an audit started earlier this year that examines access to user data from Google accounts by third-party software developers. The bug gave apps access to information on a person’s Google+ profile that can be marked as private. That includes details like email addresses, gender, age, images, relationship statuses, places lived and occupations. Up to 438 applications on Google Plus had access to this API, though Google said it has no evidence any developers were aware of the vulnerability.
Researchers from Linköping University and the Royal Institute of Technology in Sweden have proposed a new device concept that can efficiently transfer the information carried by electron spin to light at room temperature—a stepping stone toward future information technology. They present their approach in an article in Nature Communications.
Light and electron charge are the main media for information processing and transfer. In the search for information technology that is even faster, smaller and more energy-efficient, scientists around the globe are exploring another property of electrons—their spin. Electronics that exploit both the spin and the charge of the electron are called “spintronics.”
[…]
“The main problem is that electrons easily lose their spin orientations when the temperature rises. A key element for future spin-light applications is efficient quantum information transfer at room temperature, but at room temperature, the electron spin orientation is nearly randomized.
[…]
Now, researchers from Linköping University and the Royal Institute of Technology have devised an efficient spin-light interface.
“This interface can not only maintain and even enhance the electron spin signals at room temperature. It can also convert these spin signals to corresponding chiral light signals travelling in a desired direction,” says Weimin Chen.
The key element of the device is extremely small disks of gallium nitrogen arsenide, GaNAs. The disks are only a couple of nanometres high and stacked on top of each other with a thin layer of gallium arsenide (GaAs) between to form chimney-shaped nanopillars. For comparison, the diameter of a human hair is about a thousand times larger than the diameter of the nanopillars.
The unique ability of the proposed device to enhance spin signals is due to minimal defects introduced into the material by the researchers. Fewer than one out of a million gallium atoms are displaced from their designated lattice sites in the material. The resulting defects in the material act as efficient spin filters that can drain electrons with an unwanted spin orientation and preserve those with the desired spin orientation.
“An important advantage of the nanopillar design is that light can be guided easily and more efficiently coupled in and out,” says Shula Chen, first author of the article.
Two days before Hurricane Maria devastated Puerto Rico, the NASA-Japan Global Precipitation Measurement Core Observatory satellite captured a 3-D view of the storm. At the time Maria was a Category 1 hurricane. The 3-D view reveals the processes inside the hurricane that would fuel the storm’s intensification to a category 5 within 24 hours. For the first time in 360-degrees, this data visualization takes you inside the hurricane. The precipitation satellite has an advanced radar that measures both liquid and frozen water. The brightly colored dots show areas of rainfall, where green and yellow show low rates and red and purple show high rates. At the top of the hurricane, where temperatures are colder, blue and purple dots show light and heavy frozen precipitation. The colored areas below the dots show how much rain is falling at the surface.
