This AI-Controlled Roach Breeding Site Is a Nightmare Factory

Posted on by

In the city of Xichang, located in the southwestern Sichuan province, there is a massive, artificial intelligence-powered roach breeding farm that is producing more than six billion cockroaches per year.

The facility, which is described by the South China Morning Post as a multi-story building about the size of two sports fields, is being operated by Chengdu-based medicine maker Gooddoctor Pharmaceutical Group. Its existence raises a number of questions like, “Oh god, why?” and “Who asked for this monstrosity?”

Inside the breeding site, the environment is described as “warm, humid, and dark” all-year round. The layout is wide open, allowing the roaches to roam around freely, find food and water, and reproduce whenever and wherever the right mood strikes.

The insect sex pit is managed by what the South China Morning Post describes as a “smart manufacturing system” that is controlled primarily by algorithms. The system is in charge of analyzing more than 80 categories of data collected from throughout the facility. Everything from the temperature to the level of food consumption is monitored by AI, which is programmed to learn from historical data to determine the best conditions for peak roach fornication.

The billions of roaches that pass through the facility each year never get to see the light of day. From their birth inside the building until their death months or years later, they are locked within the walls of the moist coitus cabin.

Each and every one of the insects is eventually fed into machines and crushed up to be used in a “healing potion” manufactured by the pharmaceutical company responsible for the facility.

The potion—which is described as having a tea-like color, a slightly sweet taste, and a fishy smell—sells for about $8 for two 100ml bottles. While it is used primarily as a fix for stomach issues, the medicine can be prescribed by doctors for just about anything.

Source: This AI-Controlled Roach Breeding Site Is a Nightmare Factory

Many Satellites run Windows 95 – and are ripe for hacking

Posted on by

Hundreds of multi-ton liabilities—soaring faster than the speed of sound, miles above the surface of the earth—are operating on Windows-95.They’re satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they’re invaluable resources. Even though they’re old, it’s more expensive to take satellites down than it is to just leave them up. So they stay up.Unfortunately, these outdated systems makes old satellites prime targets for cyber attacks.A malicious actor could fake their IP address, which gives information about a user’s computer and its location. This person could then get access to the satellite’s computer system, and manipulate where the satellite goes or what it does. Alternatively, an actor could jam the satellite’s radio transmissions with earth, essentially disabling it.

Source: We don’t know what to do if a satellite gets hacked | The Outline

Hackers Steal Data on 14 Million Users From Ride-Hail App Careem

Posted on by

Careem, a ride-hail startup based in Dubai and operating in 14 countries, announced today that hackers stole data belonging to 14 million riders and drivers.

The company discovered the breach on January 14 but waited to notify its customers because the investigation was ongoing. “Cybercrime investigations are immensely complicated and take time. We wanted to make sure we had the most accurate information before notifying people,” Careem said in a statement, noting it worked with cybersecurity experts and law enforcement to investigate the breach.

The stolen data includes customer names, email addresses, phone numbers, and trip history. Careem said that it discovered no evidence that passwords or credit card information had been breached.

However, the company is recommending that its users change their passwords anyway, especially if they used their Careem password on other websites. Careem also warned its users to watch their bank statements for signs of fraud or suspicious activity.

Source: Hackers Steal Data on 14 Million Users From Ride-Hail App Careem

Forget the Double Helix—Scientists Discovered a New DNA Structure Inside Human Cells

Posted on by

For the first time ever, scientists have identified the existence of a new DNA structure that looks more like a twisted, four-stranded knot than the double helix we all know from high school biology.

The newly identified structure, detailed Monday in the journal Nature Chemistry, could play a crucial role in how DNA is expressed.

Some research had previously suggested the existence of DNA in this tangled form, dubbed an i-motif, but it had never before been detected in living cells outside of the test tube. Researchers at the Garvan Institute of Medical Research in Australia, though, found that not only does the structure exist in living human cells, but it is even quite common.

A rendering of the “twisted knot” DNA structure.
Illustration: Zeraati et al., Nat Chem, 2018

Its existence in living cells indicates that the structure likely plays a significant role in cell biology. In the double helix, nitrogen bases of adenine (A) forms a base pair with thymine (T), and cytosine (C) forms a base pair with guanine (G). Base pairs are stacked on top of one another, with two strands of a sugar-phosphate backbone twisting around them to form an elegant, spiraling ladder. This structure plays an important role in protein synthesis.

The twisted knot structure only occurs in a relatively small region of a genome, like a knot in the helical double strands of DNA. In the twisted knot structure, Cs bind to Cs instead of to Gs.

This phenomenon was first observed in labs in the 1990s, but for a long time it seemed that the structure could only occur under acidic conditions that did not exist inside a living cell. More recent work has shown the knots could also occur in other environments. On a hunch, Garvan Institute researchers developed an antibody that could sniff out i-motifs in the genome and identify them, tagging them with an immunofluorescent glow. This allowed researchers to see how frequently and where these knots of DNA occur. They found that the i-motifs are could fold and unfold depending on the acidity of their surroundings, and that the codes were generally found in areas of the genome involved in whether or not a certain gene gets expressed. This suggests the i-motifs may be some kind of switch that can regulate gene expression.

Source: Forget the Double Helix—Scientists Discovered a New DNA Structure Inside Human Cells

Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!

Posted on by

The Disaster Formerly Known as Yahoo! has been fined $35m by US financial watchdog, the SEC, for failing to tell anyone about one of the world’s largest ever computer security breaches.

Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database – including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions – had been grabbed by Russian hackers back in December 2014 – just days after the break-in occurred.

Security staff informed senior Yahoo! management and its legal department, who then demonstrated the same kind of business and strategic nous that saw the company fold into itself when they decided to, um, not tell anyone.

It wasn’t until two years later when telco giant Verizon said it wanted to buy the troubled company that Yahoo! finally revealed the massive breach.

The SEC is, understandably, not overly impressed. “Yahoo! failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors,” it said Tuesday, before the co-director of its enforcement division, Steven Peikin, gave what amounts to a vicious burn in the regulatory world.

“We do not second-guess good faith exercises of judgment about cyber-incident disclosure,” said Peikin. “But we have also cautioned that a company’s response to such an event could be so lacking that an enforcement action would be warranted. This is clearly such a case.”

Another SEC staffer – director of its San Francisco office, Jina Choi, also piled in, noting that: “Yahoo!’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach. Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

So, about that…

Yahoo! should have let investors know about the massive breach in its quarterly and annual reports because of the huge business and legal implications to its business, the SEC said.

But it didn’t of course – probably because it was already desperate to get someone to buy it following years of abortive efforts by CEO Marissa Meyer to turnaround what was once the internet’s poster child.

The SEC also found that Yahoo! did not share information on the breach with either auditors or its outside lawyers. The Canadian who helped the Russians gain access to the data faces eight years in jail.

Source: Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup! • The Register

McAfee’s Cryptocurrency Leaks Personal Information for Thousands of Investors

Posted on by

On Mar 30, researchers at Kromtech Security identified a database open to the public containing full names, addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver’s licenses, and other IDs for over 25,000 investors of the newly created Bezop. The information was found within a MongoDB database without any security.

John Mcafee, an adviser on the board for Bezop, described Bezop as “a distributed version of Amazon.com” in a recent Twitter post.  It is that, but it’s also a cryptocurrency.  Bezop is adding, and has in fact already added, it’s own cryptocurrency, which they call “Bezop tokens”, into the stream of transactions.

[…]

It does not seem to be a very good start for a company such as this to place personal information of anyone on the Internet and open to the public, especially it’s early investors.  In fact, it’s a little difficult to grasp how it could happen, even if by mistake.   Given the changes to MongoDB, it would have to have been deliberately configured to be public, a configuration which should not even be risked internally.

Making your investor’s personal information public is obviously not a good practice and a huge mistake to make.  We hope that they ensure that their new product, which uses MongoDB as part of it’s design, and any future bounty programs using the same, will be configured far more securely than this MongoDB instance turned out to be.  Ease of use should never be placed above security, even during the development cycle.

At the time of this report, Bezop has been notified and have made no comment, but they have secured the database.

In our previous research we have learned that it takes about 3 hours for a misconfigured MongoDB server to be compromised.

Source: Cryptocurrency Leaks Personal Information for Thousands of I

But really – who uses MongoDB anymore?!

Gaia creates richest star map of our Galaxy – and beyond / Gaia / Space Science / Our Activities / ESA

Posted on by

ESA’s Gaia mission has produced the richest star catalogue to date, including high-precision measurements of nearly 1.7 billion stars and revealing previously unseen details of our home Galaxy.

A multitude of discoveries are on the horizon after this much awaited release, which is based on 22 months of charting the sky. The new data includes positions, distance indicators and motions of more than one billion stars, along with high-precision measurements of asteroids within our Solar System and stars beyond our own Milky Way Galaxy.

[…]

The new data release, which covers the period between 25 July 2014 and 23 May 2016, pins down the positions of nearly 1.7 billion stars, and with a much greater precision. For some of the brightest stars in the survey, the level of precision equates to Earth-bound observers being able to spot a Euro coin lying on the surface of the Moon.

With these accurate measurements it is possible to separate the parallax of stars – an apparent shift on the sky caused by Earth’s yearly orbit around the Sun – from their true movements through the Galaxy.

The new catalogue lists the parallax and velocity across the sky, or proper motion, for more than 1.3 billion stars. From the most accurate parallax measurements, about ten per cent of the total, astronomers can directly estimate distances to individual stars.

Source: Gaia creates richest star map of our Galaxy – and beyond / Gaia / Space Science / Our Activities / ESA

Researchers are keeping pig brains alive outside the body

Posted on by

In a step that could change the definition of death, researchers have restored circulation to the brains of decapitated pigs and kept the reanimated organs alive for as long as 36 hours.

The feat offers scientists a new way to study intact brains in the lab in stunning detail. But it also inaugurates a bizarre new possibility in life extension, should human brains ever be kept on life support outside the body.

The work was described on March 28 at a meeting held at the National Institutes of Health to investigate ethical issues arising as US neuroscience centers explore the limits of brain science.

During the event, Yale University neuroscientist Nenad Sestan disclosed that a team he leads had experimented on between 100 and 200 pig brains obtained from a slaughterhouse, restoring their circulation using a system of pumps, heaters, and bags of artificial blood warmed to body temperature.

Source: Researchers are keeping pig brains alive outside the body – MIT Technology Review

The World’s First Working Projector Smartwatch Turns Your Arm Into a Big Touchscreen

Posted on by
GIF: Carnegie Mellon University & ASU Tech

Some smartwatches come with powerful processors, lots of storage, and robust software, but have limited capabilities compared to smartphones thanks to their tiny touchscreens. Researchers at Carnegie Mellon University, however, have now created a smartwatch prototype with a built-in projector that turns the wearer’s arm into a smartphone-sized touchscreen.

Despite what you may have seen on crowdfunding sites, the LumiWatch is the first smartwatch to integrate a fully-functional laser projector and sensor array, allowing a screen projected on a user’s skin to be poked, tapped, and swiped just like a traditional touchscreen. It seems like a gadget straight out of science fiction, but don’t reach for your credit card just yet, because it’s going to be a very long time before the technology created for this research project ends up in a consumer-ready device.

Source: The World’s First Working Projector Smartwatch Turns Your Arm Into a Big Touchscreen

The Golden State Killer Suspect’s DNA Was in a Publicly Available Database, and Yours Might Be Too

Posted on by

Plenty of people have voluntarily uploaded their DNA to GEDmatch and other databases, often with real names and contact information. It’s what you do if you’re an adopted kid looking for a long-lost parent, or a genealogy buff curious about whether you have any cousins still living in the old country. GEDmatch requires that you make your DNA data public if you want to use their comparison tools, although you don’t have to attach your real name. And they’re not the only database that has helped law enforcement track people down without their knowledge.

How DNA Databases Help Track People Down

We don’t know exactly what samples or databases were used in the Golden State Killer’s case; the Sacramento County District Attorney’s office gave very little information and hasn’t confirmed any further details. But here are some things that are possible.

Y chromosome data can lead to a good guess at an unknown person’s last name.

Cis men typically have an X and a Y chromosome, and cis women two X’s. That means the Y chromosome is passed down from genetic males to their offspring—for example, from father to son. Since last names are also often handed down the same way, in many families you’ll share a surname with anybody who shares your Y chromosome.

A 2013 Science paper described how a small amount of Y chromosome data should be enough to identify surnames for an estimated 12 percent of white males in the US. (That method would find the wrong surname for 5 percent, and the rest would come back as unknown.) As more people upload their information to public databases, the authors warned, the success rate will only increase.

This is exactly the technique that genealogical consultant Colleen Fitzpatrick used to narrow down a pool of suspects in an Arizona cold case. She seems to have used short tandem repeat (STR) data from the suspect’s Y chromosome to search the Family Tree DNA database, and she saw the name Miller in the results.

The police already had a long list of suspects in the Arizona case, but based on that tip they zeroed in on one with the last name Miller. As with the Golden State Killer case, police confirmed the DNA match by obtaining a fresh DNA sample directly from their subject—the Sacramento office said they got it from something he discarded. (Yes, this is legal, and it can be an item as ordinary as a used drinking straw.)

The authors of the Science paper point out that surname, location, and year of birth are often enough to find an individual in census data.

 SNP files can find family trees.

When you download your “raw data” after mailing in a 23andme or Ancestry test, what you get is a list of locations on your genome (called SNPs, for single nucleotide polymorphisms) and two letters indicating your status for each. For example, at a certain SNP you may have inherited an A from one parent and a G from the other.

Genetic testing sites will have tools to compare your DNA with others in their database, but you can also download your raw data and submit it to other sites, including GEDmatch or Family Tree DNA. (23andme and Ancestry allow you to download your data, but they don’t accept uploads.)

But you don’t have to send a spit sample to one of those companies to get a raw data file. The DNA Doe project describes how they sequenced the whole genome of an unidentified girl from a cold case and used that data to construct a SNP file to upload to GEDmatch. They found someone with enough of the same SNPs that they were probably a close cousin. That cousin also had an account at Ancestry, where they had filled out a family tree with details of their family members. The tree included an entry for a cousin of the same age as the unidentified girl, and whose death date was listed as “missing—presumed dead.” It was her.

Your DNA Is Not Just Yours

When you send in a spit sample, or upload a raw data file, you may only be thinking about your own privacy. I have nothing to hide, you might tell yourself. Who cares if somebody finds out that I have blue eyes or a predisposition to heart disease?

But half of your DNA belongs to your biological mother, and half to your biological father. Another half—cut a different way—belongs to each of your children. On average, you share half your DNA with a sibling, and a quarter with a half-sibling, grandparent, aunt, uncle, niece or nephew. You share about an eighth with a first cousin, and so on. The more of your extended family who are into genealogy, the more likely you are to have your DNA in a public database, already contributed by a relative.

In the cases we mention here, the breakthrough came when DNA was matched, through a public database, to a person’s real name. But your DNA is, in a sense, your most identifying information.

For some cases, it may not matter whether your name is attached. Facebook reportedly spoke with a hospital about exchanging anonymized data. They didn’t need names because they had enough information, and good enough algorithms, that they thought they could identify individuals based on everything else. (Facebook doesn’t currently collect DNA information, thank god. There is a public DNA project that signs people up using a Facebook app, but they say they don’t pass the data to Facebook itself.)

And remember that 2013 study about tracking down people’s surnames? They grabbed whole-genome data from a few high-profile people who had made theirs public, and showed that the DNA files were sometimes enough information to track down an individual’s full name. It may be impossible for DNA to be totally anonymous.

Can You Protect Your Privacy While Using DNA Databases?

If you’re very concerned about privacy, you’re best off not using any of these databases. But you can’t control whether your relatives use them, and you may be looking for a long-lost family member and thus want to be in a database while minimizing the risks.

Source: The Golden State Killer Suspect’s DNA Was in a Publicly Available Database, and Yours Might Be Too

‘Forget the Facebook leak’: China is mining data directly from workers’ brains on an industrial scale

Posted on by

the workers wear caps to monitor their brainwaves, data that management then uses to adjust the pace of production and redesign workflows, according to the company.

The company said it could increase the overall efficiency of the workers by manipulating the frequency and length of break times to reduce mental stress.

Hangzhou Zhongheng Electric is just one example of the large-scale application of brain surveillance devices to monitor people’s emotions and other mental activities in the workplace, according to scientists and companies involved in the government-backed projects.

Concealed in regular safety helmets or uniform hats, these lightweight, wireless sensors constantly monitor the wearer’s brainwaves and stream the data to computers that use artificial intelligence algorithms to detect emotional spikes such as depression, anxiety or rage.

The technology is in widespread use around the world but China has applied it on an unprecedented scale in factories, public transport, state-owned companies and the military to increase the competitiveness of its manufacturing industry and to maintain social stability.

It has also raised concerns about the need for regulation to prevent abuses in the workplace.

The technology is also in use at in Hangzhou at State Grid Zhejiang Electric Power, where it has boosted company profits by about 2 billion yuan (US$315 million) since it was rolled out in 2014, according to Cheng Jingzhou, an official overseeing the company’s emotional surveillance programme.

“There is no doubt about its effect,” Cheng said.

Source: ‘Forget the Facebook leak’: China is mining data directly from workers’ brains on an industrial scale | South China Morning Post

Chinese government admits collection of deleted WeChat messages

Posted on by

Chinese authorities revealed over the weekend that they have the capability of retrieving deleted messages from the almost universally used WeChat app. The admission doesn’t come as a surprise to many, but it’s rare for this type of questionable data collection tactic to be acknowledged publicly.As noted by the South China Morning Post, an anti-corruption commission in Hefei province posted Saturday to social media that it has “retrieved a series of deleted WeChat conversations from a subject” as part of an investigation.The post was deleted Sunday, but not before many had seen it and understood the ramifications. Tencent, which operates the WeChat service used by nearly a billion people (including myself), explained in a statement that “WeChat does not store any chat histories — they are only stored on users’ phones and computers.”The technical details of this storage were not disclosed, but it seems clear from the commission’s post that they are accessible in some way to interested authorities, as many have suspected for years. The app does, of course, comply with other government requirements, such as censoring certain topics.There are still plenty of questions, the answers to which would help explain user vulnerability: Are messages effectively encrypted at rest? Does retrieval require the user’s password and login, or can it be forced with a “master key” or backdoor? Can users permanently and totally delete messages on the WeChat platform at all?

Source: Chinese government admits collection of deleted WeChat messages | TechCrunch

AI boffins rebel against closed-access academic journal Nature

Posted on by

Thousands of machine-learning wizards have signed an open statement boycotting a new AI-focused academic journal, disapproving of the paper’s policy of closed-access.Nature Machine Intelligence is a specialized journal concentrating on intelligent systems and robotics research. It’s expected to launch in January next year, and is part of Nature Publishing Group, one of the world’s top academic publishers.The joint statement written by Thomas Dietterich, a professor of computer science at Oregon State University in the US, and signed by more than 2,000 academics and researchers in industry, states that “they will not submit to, review, or edit for this new journal.”He said that free and open access journals speeds up scientific progress since it allows anyone to read the latest research and contribute their own findings. It also helps universities who can’t afford subscription fees or pay for their own papers to be open access.“It is important to note that in the modern scientific journal, virtually all of the work is done by academic researchers. We write the papers, we edit the papers, we typeset the papers, and we review the papers,” he told The Register.

Source: AI boffins rebel against closed-access academic journal that wants to have its cake and eat it • The Register

Revealed: how bookies use AI to keep gamblers hooked | Technology | The Guardian

Posted on by

The gambling industry is increasingly using artificial intelligence to predict consumer habits and personalise promotions to keep gamblers hooked, industry insiders have revealed.Current and former gambling industry employees have described how people’s betting habits are scrutinised and modelled to manipulate their future behaviour.“The industry is using AI to profile customers and predict their behaviour in frightening new ways,” said Asif, a digital marketer who previously worked for a gambling company. “Every click is scrutinised in order to optimise profit, not to enhance a user’s experience.”“I’ve often heard people wonder about how they are targeted so accurately and it’s no wonder because its all hidden in the small print.”Publicly, gambling executives boast of increasingly sophisticated advertising keeping people betting, while privately conceding that some are more susceptible to gambling addiction when bombarded with these type of bespoke ads and incentives.Gamblers’ every click, page view and transaction is scientifically examined so that ads statistically more likely to work can be pushed through Google, Facebook and other platforms.

[…]

Last August, the Guardian revealed the gambling industry uses third-party companies to harvest people’s data, helping bookmakers and online casinos target people on low incomes and those who have stopped gambling.

Despite condemnation from MPs, experts and campaigners, such practices remain an industry norm.

“You can buy email lists with more than 100,000 people’s emails and phone numbers from data warehouses who regularly sell data to help market gambling promotions,” said Brian. “They say it’s all opted in but people haven’t opted in at all.”

In this way, among others, gambling companies and advertisers create detailed customer profiles including masses of information about their interests, earnings, personal details and credit history.

[…]

Elsewhere, there are plans to geolocate customers in order to identify when they arrive at stadiums so they can prompted via texts to bet on the game they are about to watch.

The gambling industry earned£14bn in 2016, £4.5bn of which from online betting, and it is pumping some of that money into making its products more sophisticated and, in effect, addictive.

Source: Revealed: how bookies use AI to keep gamblers hooked | Technology | The Guardian

USB drive that crashes Windows

Posted on by

PoC for a NTFS crash that I discovered, in various Windows versions

Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state.

Reported to Microsoft on July 2017, they did not want to assign CVE for it nor even to write me when they fixed it.

Affected systems

  1. Windows 7 Enterprise 6.1.7601 SP1, Build 7601 x64
  2. Windows 10 Pro 10.0.15063, Build 15063 x64
  3. Windows 10 Enterprise Evaluation Insider Preview 10.0.16215, Build 16215 x64

Note: these are the only systems I have tested.

Does not seem to reproduce on my current build: 10.0.16299 Build 16299 x64 (didnt have time to see if it’s really fixed)

last email response 🙂

Hey Marius, Your report requires either physical access or social engineering, and as such, does not meet the bar for servicing down-level (issuing a security patch). […]

Your attempt to responsibly disclose a potential security issue is appreciated and we hope you continue to do so.

Regards,

https://github.com/mtivadar/windows10_ntfs_crash_dos

life-saving gravity-powered light

Posted on by

The second generation of a deciwatt gravity-powered lamp designed by the British industrial designers behind the Psion computer keyboard was launched today.

Few innovations we cover can claim to save lives, but this just might be one of them. The $5 Gravity Light, designed by London’s Therefore Inc, offers the world’s poorest a clean alternative to burning kerosene or biomass for lighting or radios.

The clever bit is a winch that unwinds incredibly slowly, but steadily enough to provide a low but usable voltage. The lamp was first featured here in 2012.

The second generation adds solar power and a rechargeable battery. The latter may be surprising – co-designer Jim Reeves said short-lived and costly rechargeable batteries were far from ideal. But things change, and the ability to store the energy is useful.

Source: Grab your lamp, you’ve pulled: Brits punt life-saving gravity-powered light

Europe divided over robot ‘personhood’

Posted on by

While autonomous robots with humanlike, all-encompassing capabilities are still decades away, European lawmakers, legal experts and manufacturers are already locked in a high-stakes debate about their legal status: whether it’s these machines or human beings who should bear ultimate responsibility for their actions.

The battle goes back to a paragraph of text, buried deep in a European Parliament report from early 2017, which suggests that self-learning robots could be granted “electronic personalities.” Such a status could allow robots to be insured individually and be held liable for damages if they go rogue and start hurting people or damaging property.

Those pushing for such a legal change, including some manufacturers and their affiliates, say the proposal is common sense. Legal personhood would not make robots virtual people who can get married and benefit from human rights, they say; it would merely put them on par with corporations, which already have status as “legal persons,” and are treated as such by courts around the world.

Source: Europe divided over robot ‘personhood’ – POLITICO

Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter

Posted on by

Indian Bitcoin exchange Coinsecure has mislaid 438.318 BTC belonging to its customers.

In a statement by parent firm Secure Bitcoin Traders Pvt, posted late on Thursday, the biz said its chief security officer had extracted a bunch of Bitcoin to distribute to punters – and discovered the funds were “lost in the process.”

The vanished Bitcoin stash was worth £2,493,590 ($3,547,745) at the time of publication, and apparently departed Coinsecure’s secure coin servers on April 9.

Earlier this week, folks began to smell a rat as the site went down for an unexpected nap that day:

Things proceeded to become more alarming for worried customers as Coinsecure stopped accepting deposits due to “backend updates.”

We’re told chief security officer Dr Amitabh Saxena and chief exec Mohit Kalra should have been the only ones with access to the wallet’s private keys. Here’s a crime report the biz filled out and submitted to Indian authorities:

Coinsecure FIR

With Bitcoin values tumbling after historic highs, it seems the quickest way to lose your cryptocurrency is to, er, deposit it somewhere.

Source: Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter • The Register

Google uses AI to seperate out audio from a single person in a high noise rate video

Posted on by

People are remarkably good at focusing their attention on a particular person in a noisy environment, mentally “muting” all other voices and sounds. Known as the cocktail party effect, this capability comes natural to us humans. However, automatic speech separation — separating an audio signal into its individual speech sources — while a well-studied problem, remains a significant challenge for computers. In “Looking to Listen at the Cocktail Party”, we present a deep learning audio-visual model for isolating a single speech signal from a mixture of sounds such as other voices and background noise. In this work, we are able to computationally produce videos in which speech of specific people is enhanced while all other sounds are suppressed. Our method works on ordinary videos with a single audio track, and all that is required from the user is to select the face of the person in the video they want to hear, or to have such a person be selected algorithmically based on context. We believe this capability can have a wide range of applications, from speech enhancement and recognition in videos, through video conferencing, to improved hearing aids, especially in situations where there are multiple people speaking.

A unique aspect of our technique is in combining both the auditory and visual signals of an input video to separate the speech. Intuitively, movements of a person’s mouth, for example, should correlate with the sounds produced as that person is speaking, which in turn can help identify which parts of the audio correspond to that person. The visual signal not only improves the speech separation quality significantly in cases of mixed speech (compared to speech separation using audio alone, as we demonstrate in our paper), but, importantly, it also associates the separated, clean speech tracks with the visible speakers in the video.

The input to our method is a video with one or more people speaking, where the speech of interest is interfered by other speakers and/or background noise. The output is a decomposition of the input audio track into clean speech tracks, one for each person detected in the video.

An Audio-Visual Speech Separation Model To generate training examples, we started by gathering a large collection of 100,000 high-quality videos of lectures and talks from YouTube. From these videos, we extracted segments with a clean speech (e.g. no mixed music, audience sounds or other speakers) and with a single speaker visible in the video frames. This resulted in roughly 2000 hours of video clips, each of a single person visible to the camera and talking with no background interference. We then used this clean data to generate “synthetic cocktail parties” — mixtures of face videos and their corresponding speech from separate video sources, along with non-speech background noise we obtained from AudioSet. Using this data, we were able to train a multi-stream convolutional neural network-based model to split the synthetic cocktail mixture into separate audio streams for each speaker in the video. The input to the network are visual features extracted from the face thumbnails of detected speakers in each frame, and a spectrogram representation of the video’s soundtrack. During training, the network learns (separate) encodings for the visual and auditory signals, then it fuses them together to form a joint audio-visual representation. With that joint representation, the network learns to output a time-frequency mask for each speaker. The output masks are multiplied by the noisy input spectrogram and converted back to a time-domain waveform to obtain an isolated, clean speech signal for each speaker. For full details, see our paper.

Our multi-stream, neural network-based model architecture.

Here are some more speech separation and enhancement results by our method, playing first the input video with mixed or noisy speech, then our results. Sound by others than the selected speakers can be entirely suppressed or suppressed to the desired level.

Application to Speech Recognition Our method can also potentially be used as a pre-process for speech recognition and automatic video captioning. Handling overlapping speakers is a known challenge for automatic captioning systems, and separating the audio to the different sources could help in presenting more accurate and easy-to-read captions.

You can similarly see and compare the captions before and after speech separation in all the other videos in this post and on our website, by turning on closed captions in the YouTube player when playing the videos (“cc” button at the lower right corner of the player). On our project web page you can find more results, as well as comparisons with state-of-the-art audio-only speech separation and with other recent audio-visual speech separation work. Indeed, with recent advances in deep learning, there is a clear growing interest in the academic community in audio-visual analysis. For example, independently and concurrently to our work, this work from UC Berkeley explored a self-supervised approach for separating speech of on/off-screen speakers, and this work from MIT addressed the problem of separating the sound of multiple on-screen objects (e.g., musical instruments), while locating the image regions from which the sound originates. We envision a wide range of applications for this technology. We are currently exploring opportunities for incorporating it into various Google products. Stay tuned!

Source: Research Blog: Looking to Listen: Audio-Visual Speech Separation

Watch artificial intelligence create a 3D model of a person—from just a few seconds of video

Posted on by

Transporting yourself into a video game, body and all, just got easier. Artificial intelligence has been used to create 3D models of people’s bodies for virtual reality avatars, surveillance, visualizing fashion, or movies. But it typically requires special camera equipment to detect depth or to view someone from multiple angles. A new algorithm creates 3D models using standard video footage from one angle.

The system has three stages. First, it analyzes a video a few seconds long of someone moving—preferably turning 360° to show all sides—and for each frame creates a silhouette separating the person from the background. Based on machine learning techniques—in which computers learn a task from many examples—it roughly estimates the 3D body shape and location of joints. In the second stage, it “unposes” the virtual human created from each frame, making them all stand with arms out in a T shape, and combines information about the T-posed people into one, more accurate model. Finally, in the third stage, it applies color and texture to the model based on recorded hair, clothing, and skin.

The researchers tested the method with a variety of body shapes, clothing, and backgrounds and found that it had an average accuracy within 5 millimeters, they will report in June at the Computer Vision and Pattern Recognition conference in Salt Lake City. The system can also reproduce the folding and wrinkles of fabric, but it struggles with skirts and long hair. With a model of you, the researchers can change your weight, clothing, and pose—and even make you perform a perfect pirouette. No practice necessary.

Source: Watch artificial intelligence create a 3D model of a person—from just a few seconds of video | Science | AAAS

Whois is dead as Europe hands DNS overlord ICANN its arse :(

Posted on by

The Whois public database of domain name registration details is dead.

In a letter [PDF] sent this week to DNS overseer ICANN, Europe’s data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.

The letter also has harsh words for ICANN’s proposed interim solution, criticizing its vagueness and noting it needs to include explicit wording about what can be done with registrant data, as well as introduce auditing and compliance functions to make sure the data isn’t being abused.

ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.

ICANN has already acknowledged it has no chance of doing so: a blog post by the company in response to the letter warns that without being granted a special temporary exemption from the law, the system will fracture.

“Unless there is a moratorium, we may no longer be able to give instructions to the contracted parties through our agreements to maintain Whois,” it warns. “Without resolution of these issues, the Whois system will become fragmented.”

We spoke with the president of ICANN’s Global Domains Division, Akram Atallah, and he told us that while there was “general agreement that having every thing public is not the right way to go”, he was hopeful that the letter would not result in the Whois service being turned off completely while a replacement was developed.

Source: Whois is dead as Europe hands DNS overlord ICANN its arse • The Register

It’s an important and useful tool – hopefully they will resolve this one way or another.

Orkut Hello: The Man Behind Orkut Says His ‘Hello’ Platform Doesn’t Sell User Data

Posted on by

In 2004, one of the world’s most popular social networks, Orkut, was founded by a former Google employee named Orkut Büyükkökten. Later that year, a Harvard University student named Mark Zuckerberg launched ‘the Facebook’, which over the course of a year became ubiquitous in Ivy League universities and was eventually called Facebook.com.

Orkut was shut down by Google in 2014, but in its heyday, the network had hit 300 million users around the world. Facebook took five years to achieve that feat. At a time when the #DeleteFacebook movement is gaining traction worldwide in light of the Cambridge Analytica scandal, Orkut has made a comeback

“Hello.com is a spiritual successor of Orkut.com,” Büyükkökten told BloombergQuint. “The most important thing about Orkut was communities, because they brought people together around topics and things that interested them and provided a safe place for people to exchange ideas and share genuine passions and feelings. We have built the entire ‘Hello’ experience around communities and passions and see it as Orkut 2.0.”

Orkut has decided to make a comeback when Mark Zuckerberg, founder and CEO of Facebook, has been questioned by U.S. congressmen and senators about its policies and data collection and usage practices. That came after the Cambridge Analytica data leak which impacted nearly 87 million users, including Zuckerberg himself.

“People have lost trust in social networks and the main reason is social media services today don’t put the users first. They put advertisers, brands, third parties, shareholders before the users,” Büyükkökten said. “They are also not transparent about practices. The privacy policy and terms of services are more like black boxes. How many users actually read them?”

Büyükkökten said users need to be educated about these things and user consent is imperative in such situations when data is shared by such platforms. “On Hello, we do not share data with third parties. We have our own registration and login and so the data doesn’t follow you anywhere,”he said. “You don’t need to sell user data in order to be profitable or make money.”

Source: Orkut Hello: The Man Behind Orkut Says His ‘Hello’ Platform Doesn’t Sell User Data – Bloomberg Quint

I am very curious what his business model is then

Do you have a browser based bitcoin wallet? Check you’re not hacked if it’s JavaScript based

Posted on by 
A significant number of past and current cryptocurrency products
contain a JavaScript class named SecureRandom(), containing both
entropy collection and a PRNG. The entropy collection and the RNG
itself are both deficient to the degree that key material can be
recovered by a third party with medium complexity. There are a
substantial number of variations of this SecureRandom() class in
various pieces of software, some with bugs fixed, some with additional
bugs added. Products that aren't today vulnerable due to moving to
other libraries may be using old keys that have been previously
compromised by usage of SecureRandom().

Source: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected.

Cops Around the Country Can Now Unlock iPhones, Records Show

Posted on by

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

 

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI’s argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”

As part of the investigation, Motherboard found:

[…]

The GrayKey itself is a small, 4×4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen by Forbes says GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone.

The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6 digit passcodes.

Source: Cops Around the Country Can Now Unlock iPhones, Records Show – Motherboard

India completes its GPS alternative, for the second time

Posted on by

India has successfully conducted the satellite launch needed to re-construct its Indian Regional Navigation Satellite System (IRNSS).

The Indian Space Research Organisation’s Polar Satellite Launch Vehicle PSLV-C41 ascended on Thursday, April 12th. Atop the craft was a satellite designated IRNSS-1L, the last of seven satellites in India’s constellation of navigational craft.

India understands that satellite navigation services have become an assumed resource for all manner of applications, but that relying on another nation’s network is fraught with danger in the event of war or other disputes. Like Russia, China and the European Union, India has therefore decided it needs a satnav system of its own.

[…]

ndia’s already completed the network once before: in April 2016 we covered the launch of IRNSS-G, which at the time was the seventh satellite in the constellation. But just three months later, the first satellite in the fleet broke: IRNSS-1A’s atomic clocks clocked off, leaving India with insufficient satellites to deliver its hoped-for 10-metre accuracy over land.

A replacement satellite, IRNSS-1H, failed to reach its desired orbit in August 2017.

Much rejoicing has therefore followed IRNSS-1L’s success, including the following prime-ministerial Tweet.

India’s said IRNSS has only regional ambitions: its seven satellites cover India and about 1,500km beyond the nation’s borders. But that’s enough distance to help India launch missiles, like its 5,000-km-range Agni-5, deep into Pakistan, China or Russia. Don’t forget: India is a nuclear power! The nation’s suggested it might add some more sats to the service, which would likely extend its range and enhance its accuracy.

Component-makers have already started making receivers capable of linking to INRSS satellites and other similar services, so there’s a decent chance your smartphone will be able to talk to India’s satellites should you visit the region.

Source: India completes its GPS alternative, for the second time • The Register