Flip-flop qubits: Radical new quantum computing design invented

Tosi’s conceptual breakthrough is the creation of an entirely new type of qubit, using both the nucleus and the electron. In this approach, a qubit ‘0’ state is defined when the spin of the electron is down and the nucleus spin is up, while the ‘1’ state is when the electron spin is up, and the nuclear spin is down.

“We call it the ‘flip-flop’ qubit,” said Tosi. “To operate this qubit, you need to pull the electron a little bit away from the nucleus, using the electrodes at the top. By doing so, you also create an electric dipole.”

“This is the crucial point,” adds Morello. “These electric dipoles interact with each other over fairly large distances, a good fraction of a micron, or 1,000 nanometres.

“This means we can now place the single-atom qubits much further apart than previously thought possible,” he continued. “So there is plenty of space to intersperse the key classical components such as interconnects, control electrodes and readout devices, while retaining the precise atom-like nature of the quantum bit.”

Source: Flip-flop qubits: Radical new quantum computing design invented

DolphinAttack allows control of voice activated devices without you knowing it

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.

The researchers didn’t just activate basic commands like “Hey Siri” or “Okay Google,” though. They could also tell an iPhone to “call 1234567890” or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to “open the backdoor” (a pin would also be required, an August spokesperson clarifies). Even an Audi Q3 could have its navigation system redirected to a new location. “Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user,” the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.

Source: A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa

Amazon was tricked by a fake law firm into removing a hot product, costing this seller $200,000

Shortly before Amazon Prime Day in July, the owner of the Brushes4Less store on Amazon’s marketplace received a suspension notice for his best-selling product, a toothbrush head replacement.

The email that landed in his inbox said the product was being delisted from the site because of an intellectual property violation. In order to resolve the matter and get the product reinstated, the owner would have to contact the law firm that filed the complaint.

But there was one problem: the firm didn’t exist.
[…]
“Just five minutes of detective work would have found this website is a fraud, but Amazon doesn’t seem to want to do any of that,” the owner said. “This is like the Wild Wild West of intellectual property complaints.”
[…]
the issue with Amazon was finally resolved on Tuesday after two months of waiting.

Source: Amazon was tricked by a fake law firm into removing a hot product, costing this seller $200,000

Equifax loses 143 million US, UK and Canadian customer records in data breach.

September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Source: Cybersecurity Incident & Important Consumer Information | Equifax

Flat UI Elements Attract Less Attention and Cause Uncertainty

In an eyetracking experiment comparing different clickability clues, weak and flat signifiers required more user effort than strong ones.
[…]
We conducted a quantitative experiment using eyetracking equipment and a desktop computer. We recruited 71 general web-users to participate in the experiment. Each participant was presented with one version of the 9 sites and given the corresponding task for that page. As soon as participants saw the target UI element that they wanted to click to complete the task, they said “I found it” and stopped.

We tracked the eye movements of the participants as they were performing these tasks. We measured the number of fixations on each page, as well as the task time. (A fixation happens when the gaze lingers on a spot of interest on the page).

Both of these measures reflect user effort: the more fixations and time spent doing the task, the higher the processing effort, and the more difficult the task. In addition, we created heatmap visualizations by aggregating the areas that participants looked at the most on the pages.
[…]
When we compared average number of fixations and average amount of time people spent looking at each page, we found that:

The average amount of time was significantly higher on the weak-signifier versions than the strong-signifier versions. On average participants spent 22% more time (i.e., slower task performance) looking at the pages with weak signifiers.
The average number of fixations was significantly higher on the weak-signifier versions than the strong-signifier versions. On average, people had 25% more fixations on the pages with weak signifiers.

(Both findings were significant by a paired t-test with sites as the random factor, p < 0.05.) This means that, when looking at a design with weak signifiers, users spent more time looking at the page, and they had to look at more elements on the page. Since this experiment used targeted findability tasks, more time and effort spent looking around the page are not good. These findings don’t mean that users were more “engaged” with the pages. Instead, they suggest that participants struggled to locate the element they wanted, or weren’t confident when they first saw it.

Source: Flat UI Elements Attract Less Attention and Cause Uncertainty

Apache REST / Struts easily exploitable through browser

Servers and data stored by dozens of Fortune 100 companies are at risk, including airlines, banks and financial institutions, and social media sites.

A critical security vulnerability in open-source server software enables hackers to easily take control of an affected server — putting sensitive corporate data at risk.

The vulnerability allows an attacker to remotely run code on servers that run applications using the REST plugin, built with Apache Struts, according to security researchers who discovered the vulnerability.

All versions of Struts since 2008 are affected, said the researchers.

[…]
Mo said that all a hacker needs “is a web browser.”

“I can’t stress enough how incredibly easy this is to exploit,” said Bas van Schaik, product manager at Semmle, a company whose analytical software was used to discover the vulnerability.

“If you know what request to send, you can start any process on the web server running a vulnerable application,” he said.

Source: ZDNet

Get patching!

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records

Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage bins containing seven years’ worth of subscriber data wide open on the ‘net. That data included addresses and contact numbers, information about their home gateways, and account settings.

Just before the weekend, Kromtech said the vulnerable AWS instance was operated by BroadSoft, a cloud service provider that had been using the S3 silos to hold the SQL database information that included customer records.

When Kromtech spotted the repository in late August, it realized that databases had been set to allow public access, rather than limit access to administrators or authorized users.

Source: Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records

Oh dear, is AWS so hard to configure then?!

After years of IBAN, only 1 NL bank has just figured out how to check the name with an account.

The Rabobank has started warning users when the name doesn’t match an IBAN account. A trivial function that used to work before IBAN but apparently was so hard to implement that users have had to wait for years to get. If you put in the wrong number – then sorry, you were screwed! Now for the rest of banking Netherlands, please?

Source: ‘Banken moeten Rabo snel volgen met naam-nummercontrole’ – Emerce

Does your monitor unplug from HDMI when you turn it off and mess up your desktop? Monitordetectkiller is the solution!

Remove Monitor Detection EDID override turn off disable monitor auto detect remove windows monitor autodetect

The computer detects when a TV/monitor is ‘turned off’ or ‘switched’ to another input. Then when powered-on or switched back, it gives the wrong resolution or breaks your extended display to reflect the single monitor, there may even be crashes and other issues.

Our hardware solution, the “MDK device” is a male to female modified adapter with integrated circuitry.

Now, the computer/device won’t receive a signal telling it the monitor is offline, thus avoiding any issues.

Source: Remove Monitor Detection disable monitor auto detect EDID

Data Breach Exposes Thousands of Job Seeker CVs Citing Top Secret Government Work

Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.
[…]
Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.

The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants.
[…]
Found on an insecure Amazon S3 bucket without the protection of a password, the cache of roughly 9,400 documents reveal extraordinary details about thousands of individuals who were formerly and may be currently employed by the US Department of Defense and within the US intelligence community.

Other documents reveal sensitive and personal details about Iraqi and Afghan nationals who have cooperated and worked alongside US military forces in their home countries, according to the security firm who discovered and reviewed the documents. Between 15 and 20 applicants reportedly meet this criteria.
[…]
Many of the files are timestamped and indicate that they were uploaded to the server in mid-February. Gizmodo has yet to confirm for how long the data was left publicly accessible, information only accessible to Amazon and the server’s owner.

“A cursory examination of some of the exposed resumes indicates not merely the varied and elite caliber of many of the applicants as experienced intelligence and military figures, but sensitive, identifying personal details,” UpGuard said in a statement.

Source: Data Breach Exposes Thousands of Job Seekers Citing Top Secret Government Work [Updated]

Facebook has mapped populations in 23 countries as it explores satellites to expand internet – it knows where you live!

Facebook doesn’t only know what its 2 billion users “Like.”

It now knows where millions of humans live, everywhere on Earth, to within 15 feet.

The company has created a data map of the human population by combining government census numbers with information it’s obtained from space satellites, according to Janna Lewis, Facebook’s head of strategic innovation partnerships and sourcing. A Facebook representative later told CNBC that this map currently covers 23 countries, up from 20 countries mentioned in this blog post from February 2016.

The mapping technology, which Facebook says it developed itself, can pinpoint any man-made structures in any country on Earth to a resolution of five meters.

Facebook is using the data to understand the precise distribution of humans around the planet.

That will help the company determine what types of internet service — based either on land, in the air or in space — it can use to reach consumers who now have no (or very low quality) internet connections.

Source: Facebook has mapped populations in 23 countries as it explores satellites to expand internet

Whilst an impressive feat, it’s pretty damn scary big brother wise!

Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak

Roughly four million records containing the personal details of Time Warner Cable (TWC) customers were discovered stored on an Amazon server without a password late last month.

The files, more than 600GB in size, were discovered on August 24 by the Kromtech Security Center while its researchers were investigating an unrelated data breach at World Wrestling Entertainment. Two Amazon S3 buckets were eventually found and linked to BroadSoft, a global communications company that partners with service providers, including AT&T and TWC.
[…]
he leaked data included usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction information
[…]
Other databases revealed billing addresses, phone numbers, and other contact info for at least hundreds of thousands of TWC subscribers. The servers also contained a slew of internal company records, including SQL database dumps, internal emails, and code containing the credentials to an unknown number of external systems..
[…]
CCTV footage, presumably of BroadSoft’s workers in Bengaluru, India—where the breach is believed to have originated—was also discovered on the Amazon bucket.

Source: Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak

Ouch!

Google Does No Evil – unless you criticise it!

The story in the New York Times this week was unsettling: The New America Foundation, a major think tank, was getting rid of one of its teams of scholars, the Open Markets group. New America had warned its leader Barry Lynn that he was “imperiling the institution,” the Times reported, after he and his group had repeatedly criticized Google, a major funder of the think tank, for its market dominance.
[…]
I published a story headlined, “Stick Google Plus Buttons On Your Pages, Or Your Search Traffic Suffers,” that included bits of conversation from the meeting.

The Google guys explained how the new recommendation system will be a factor in search. “Universally, or just among Google Plus friends?” I asked. ‘Universal’ was the answer. “So if Forbes doesn’t put +1 buttons on its pages, it will suffer in search rankings?” I asked. Google guy says he wouldn’t phrase it that way, but basically yes.
[…]
Google never challenged the accuracy of the reporting. Instead, a Google spokesperson told me that I needed to unpublish the story because the meeting had been confidential, and the information discussed there had been subject to a non-disclosure agreement between Google and Forbes. (I had signed no such agreement, hadn’t been told the meeting was confidential, and had identified myself as a journalist.)

It escalated quickly from there. I was told by my higher-ups at Forbes that Google representatives called them saying that the article was problematic and had to come down. The implication was that it might have consequences for Forbes, a troubling possibility given how much traffic came through Google searches and Google News.

Source: Yes, Google Uses Its Power to Quash Ideas It Doesn’t Like—I Know Because It Happened to Me

It ends up with the story being taken down and being scrubbed quickly from Google search…

Large diet study suggests it’s carbs, not fats, that are bad for your health

A large, 18-country study may turn current nutritional thinking on its head.

The new research suggests that it’s not the fat in your diet that’s raising your risk of premature death, it’s too many carbohydrates — especially the refined, processed kinds of carbs — that may be the real killer.

The research also found that eating fruits, vegetables and legumes can lower your risk of dying prematurely. But three or four servings a day seemed to be plenty. Any additional servings didn’t appear to provide more benefit.

What does all this mean to you? Well, a cheeseburger may be OK to eat, and adding lettuce and tomato to the burger is still good for you, but an excess of white flour burger buns may boost your risk of dying early.

People with a high fat intake — about 35 percent of their daily diet — had a 23 percent lower risk of early death and 18 percent lower risk of stroke compared to people who ate less fat, said lead author Mahshid Dehghan. She’s an investigator with the Population Health Research Institute at McMaster University in Ontario.

The researchers also noted that a very low intake of saturated fats (below 3 percent of daily diet) was associated with a higher risk of death in the study, compared to diets containing up to 13 percent daily.

At the same time, high-carb diets — containing an average 77 percent carbohydrates — were associated with a 28 percent increased risk of death versus low-carb diets, Dehghan said.

Source: Large diet study suggests it’s carbs, not fats, that are bad for your health

Uber riders can choose not to be tracked after they are dropped off

In response to a chorus of complaints from its users, Uber is revamping privacy settings that it rolled out last fall.

Beginning this week, Uber riders using the iOS version of the ride-hailing company’s app will find a new series of privacy prompts that includes the ability to deny Uber the right to track your whereabouts. Uber is working on similar tweaks to the Android version of its app.

The new options for Uber app users are: Always (Uber is allowed to collect rider location information from the moment the app is opened until the trip ends), While Using The App (information flows to Uber while the app is visible on the screen) and Never (no info is transmitted but riders have to manually input their pick-up and drop-off locations).

One of the old privacy features that gave many users pause was Uber’s ability to track the whereabouts of riders up to 5 minutes after a ride was completed.

Uber says the 5-minute feature was never activated on the iOS version of its app, and that it was disabled a few months after being initiated on the Android version.

Source: Uber riders can make their trips more private

Experts excited by brain ‘wonder-drug’ – BBC News

Scientists hope they have found a drug to stop all neurodegenerative brain diseases, including dementia.In 2013, a UK Medical Research Council team stopped brain cells dying in an animal for the first time, creating headline news around the world.But the compound used was unsuitable for people, as it caused organ damage.Now two drugs have been found that should have the same protective effect on the brain and are already safely used in people.”It’s really exciting,” said Prof Giovanna Mallucci, from the MRC Toxicology Unit in Leicester.She wants to start human clinical trials on dementia patients soon and expects to know whether the drugs work within two to three years.

Source: Experts excited by brain ‘wonder-drug’ – BBC News

An A.I. Says There Are Six Main Kinds of Stories

That’s what a group of researchers, from the University of Vermont and the University of Adelaide, set out to do. They collected computer-generated story arcs for nearly 2,000 works of fiction, classifying each into one of six core types of narratives (based on what happens to the protagonist):

1. Rags to Riches (rise)

2. Riches to Rags (fall)

3. Man in a Hole (fall then rise)

4. Icarus (rise then fall)

5. Cinderella (rise then fall then rise)

6. Oedipus (fall then rise then fall)

Their focus was on the emotional trajectory of a story, not merely its plot. They also analyzed which emotional structure writers used most, and how that contrasted with the ones readers liked best, then published a preprint paper of their findings on the scholarship website arXiv.org. More on that in a minute.

First, the researchers had to find a workable dataset. Using a collection of fiction from the digital library Project Gutenberg, they selected 1,737 English-language works of fiction between 10,000 and 200,000 words long. 

Source: An A.I. Says There Are Six Main Kinds of Stories

NASA Image and Video Library

The entire NASA image and video library is now searchable online!

NASA Image and Video Library

Source: NASA Image and Video Library

Make money with open source

Further on my preachings on making money from open source (see video), it turns out that there is a Fair Source license already available on Github

Not open source. Not closed source. The Fair Source License allows everyone to see the source code and makes the software free to use for a limited number of users in your organization. It offers some of the benefits of open source while preserving the ability to charge for the software.

re:Work / Google best business practices

re:Work is organized around some of the biggest ways you can make an impact in your workplace. Each subject contains guides, with tools and insights, for addressing specific challenges.

Source: re:Work

They look at Hiring, managers, people analytics and unbiasing. A treasure trove of business data.

Intel ME controller chip can be disabled after all – for governments

Security researchers at Moscow-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk.

Intel’s ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction with integrated peripherals. It handles much of the data travelling between the processor and external devices, and thus has access to most of the data on the host computer.

If compromised, it becomes a backdoor, giving an attacker control over the affected device.

Source: Intel ME controller chip has secret kill switch

Smart home IoT stuff gives away a lot of your personal patterns

Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic – reveals that even when data from devices is encrypted, the metadata can help identify both the device and what it is signaling.

Some devices such as the Nest indoor camera directly communicate with identifiable domain names – in this case ‘dropcam.com.’ That immediately identifies what the product is, and it is then possible to infer from that and the resulting signal what is happening: whether it has detected motion or whether it is live streaming.

Likewise the Sense sleep monitor, TP‑Link smart plug, and Amazon Echo. Even when the devices communicate with a generic DNS server – like Amazon’s AWS service – they typically have a specific IP address that can be used to identify the sensor (the Belkin WeMo switch for example communicated with the very-specific prod1-fs-xbcs-net-1101221371.us-east-1.elb.amazonaws.com address).

By digging into each device’s signal, the team was able to figure out with some certainty exactly what was happening: someone was waking up, someone was turning on a light switch, someone had walked into the kitchen, and so on.

Source: How the CIA, Comcast can snoop on your sleep patterns, sex toy usage

Inside the Massive 711 Million Record Onliner Spambot Dump

Last week I was contacted by someone alerting me to the presence of a spam list. A big one. That’s a bit of a relative term though because whilst I’ve loaded “big” spam lists into Have I been pwned (HIBP) before, the largest to date has been a mere 393m records and belonged to River City Media. The one I’m writing about today is 711m records which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe. This blog posts explains everything I know about it.

Source: Inside the Massive 711 Million Record Onliner Spambot Dump

Hit App Sarahah Quietly Uploads Your Address Book

Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google’s online stores, making it the No. 3 most downloaded free software title for iPhones and iPads.

Sarahah bills itself as a way to “receive honest feedback” from friends and employees. But the app is collecting more than just feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information.

Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah’s uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software, known as Burp Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, Burp Suite caught the app in the act of uploading his private data.

“As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” he said. He later verified the same occurs on Apple’s iOS, albeit after a prompt to “access contacts,” which also appears in newer versions of Android. Julian also noticed that if you haven’t used the application in a while, it’ll share all of your contacts again. He did some testing of the app on a Friday night, and when he booted the app on a Sunday morning, it pushed all of his contacts again.

Source: Hit App Sarahah Quietly Uploads Your Address Book

The callous way companies like this, Sonos, Uber, Google, Microsoft etc etc etc handle your privacy like it’s dogshit is completely incredible.

‘Data is the new oil’: Your personal information is now the world’s most valuable commodity

What “the big five” are selling — or not selling, as in the case of free services like Google or Facebook — is access. As we use their platforms, the corporate giants are collecting information about every aspect of our lives, our behaviour and our decision-making. All of that data gives them tremendous power. And that power begets more power, and more profit.

On one hand, the data can be used to make their tools and services better, which is good for consumers. These companies are able to learn what we want based on the way we use their products, and can adjust them in response to those needs.

“It enables certain companies with orders of magnitude more surveillance capacity than rivals to develop a 360-degree view of the strengths and vulnerabilities of their suppliers, competitors and customers,” says Frank Pasquale, professor of law at the University of Maryland and author of Black Box Society.

Access to such sweeping amounts of data also allows these giants to spot trends early and move on them, which sometimes involves buying up a smaller company before it can become a competitive threat. Pasquale points out that Google/Alphabet has been using its power “to bully or take over rivals and adjacent businesses” at a rate of about “one per week since 2010.”

But it’s not just newer or smaller tech companies that are at risk, says Taplin. “When Google and Facebook control 88 per cent of all new internet advertising, the rest of the internet economy, including things like online journalism and music, are starved for resources.”

Traditionally, this is where the antitrust regulators would step in, but in the data economy it’s not so easy. What we’re seeing for the first time is a clash between the concept of the nation state and these global, borderless corporations.

Source: ‘Data is the new oil’: Your personal information is now the world’s most valuable commodity

 
Skip to toolbar