2D spray on transparent wireless antennae created

Metals are widely used for antennas; however, their bulkiness limits the fabrication of thin, lightweight, and flexible antennas. Recently, nanomaterials such as graphene, carbon nanotubes, and conductive polymers came into play. However, poor conductivity limits their use. We show RF devices for wireless communication based on metallic two-dimensional (2D) titanium carbide (MXene) prepared by a single-step spray coating. We fabricated a ~100-nm-thick translucent MXene antenna with a reflection coefficient of less than −10 dB. By increasing the antenna thickness to 8 μm, we achieved a reflection coefficient of −65 dB. We also fabricated a 1-μm-thick MXene RF identification device tag reaching a reading distance of 8 m at 860 MHz. Our finding shows that 2D titanium carbide MXene operates below the skin depth of copper or other metals as well as offers an opportunity to produce transparent antennas.

Source: 2D titanium carbide (MXene) for wireless communication | Science Advances

Windows handwriting recognition on? Then all your typing is stored in plain text on your PC.

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

Source: This Windows file may be secretly hoarding your passwords and emails | ZDNet

Quantum chicken-or-egg experiment blurs the distinction between before and after

In the everyday world, events occur in a definite order—your alarm clock rings before you wake up, or vice versa. However, a new experiment shows that when fiddling with a photon, it can be impossible to say in which order two events occur, obliterating our common sense notion of before and after and, potentially, muddying the concept of causality. Known as a quantum switch, the setup could provide a useful new tool in budding quantum information technologies.

Quantum mechanics already torpedoes our notion that an object can be in only one place at a time. Thanks to the weirdness of quantum mechanics, a tiny particle like an electron can be in multiple places at once. The quantum switch achieves something similar for two events, A and B, showing that A can occur before B and B can occur before A.

“I’m very excited to see people realizing our idea with an actual experiment,” says Giulio Chiribella of the University of Oxford in the United Kingdom, one of the theorists who in 2009 first proposed the concept.


The quantum switch could have applications in budding technologies that, for example, manipulate and transmit information encoded in the quantum states of individual photons and other quantum particles. Such devices must pass particles through quantum channels, such as optical fibers, that invariably suffer from noise. But even if two such channels are too noisy to transmit quantum information, they could in principle be fashioned into a quantum switch to enable the information to flow, Jacquiline Romero, a quantum physicist and member of the Queensland team, says. “You introduce indefinite order and suddenly you can communicate,” she says. “That’s pretty cool!”

Source: Quantum chicken-or-egg experiment blurs the distinction between before and after | Science | AAAS

Quantum mechanics defies causal order, experiment confirms

An experiment has confirmed that quantum mechanics allows events to occur with no definite causal order. The work has been carried out by Jacqui Romero, Fabio Costa and colleagues at the University of Queensland in Australia, who say that gaining a better understanding of this indefinite causal order could offer a route towards a theory that combines Einstein’s general theory of relativity with quantum mechanics

In classical physics – and everyday life – there is a strict causal relationship between consecutive events. If a second event (B) happens after a first event (A), for example, then B cannot affect the outcome of A. This relationship, however, breaks down in quantum mechanics because the temporal spread of a particles’s wave function can be greater than the separation in time between A and B. This means that the causal order of A and B cannot be always be distinguished by a quantum particle such as a photon.


As well as making an experimental connection between relativity and quantum mechanics, the researchers point out that their quantum switch could find use in quantum technologies. “This is just a first proof of principle, but on a larger scale indefinite causal order can have real practical applications, like making computers more efficient or improving communication,” says Costa.

Quantum mechanics defies causal order, experiment confirms

FAQs on Plastics – Our World in Data

A huge amount of information on plastic, with great visualisations

This post draws on data and research discussed in our entry on Plastic Pollution.

Source: FAQs on Plastics – Our World in Data

Earth at Night visualised with light intensity as terrain height

Explore the Earth at night as seen by Suomi NPP VIIRS using the Esri ArcGIS API for JavaScript. Lights are rendered as 3D terrain.

Source: Earth at Night

AI’s ‘deep-fake’ vids surge ahead in realism

Researchers from Carnegie Mellon University and Facebook Reality Lab are presenting Recycle-GAN, a generative adversarial system for “unsupervised video retargeting” this week at the European Conference on Computer Vision (ECCV) in Germany.

Unlike most methods, Recycle-GAN doesn’t rely on learning an explicit mapping between the images in a source and target video to perform a face swap. Instead, it’s an unsupervised learning method that begins to line up the frames from both videos based on “spatial and temporal information”.

In other words, the content that is transferred from one video to another not only relies on mapping the space but also the order of the frames to make sure both are in sync. The researchers use the comedians Stephen Colbert and John Oliver as an example. Colbert is made to look like he is delivering the same speech as Oliver, as his face is use to mimic the small movements of Oliver’s head nodding or his mouth speaking.

Here’s one where John Oliver is turned into a cartoon character.

It’s not just faces, Recycle-Gan can be used for other scenarios too. Other examples include synching up different flowers so they appear to bloom and die at the same time.

The researchers also play around with wind conditions, turning what looks like a soft breeze blowing into the trees into a more windy day without changing the background.

“I think there are a lot of stories to be told,” said Aayush Bansal, co-author of the research and a PhD. student at CMU.”It’s a tool for the artist that gives them an initial model that they can then improve,” he added.

Recycle-GAN might prove useful in other areas. Simulating various effects for video footage taken from self-driving cars could help them drive under different conditions.

“Such effects might be useful in developing self-driving cars that can navigate at night or in bad weather, Bansal said. These videos might be difficult to obtain or tedious to label, but its something Recycle-GAN might be able to generate automatically.

Source: The eyes don’t have it! AI’s ‘deep-fake’ vids surge ahead in realism • The Register

Solid-state battery startup secures backing from several automakers as it claims 2- 3x higher energy capacity, better safety through solid-state

Solid Power is a Colorado-based startup that spun out of a battery research program at the University of Colorado Boulder.

The company claims to have achieved a breakthrough by incorporating a high-capacity lithium metal anode in lithium batteries – creating a solid-state cell with an energy capacity “2-3X higher” than conventional lithium-ion.

They have already attracted investments from important companies, like A123 Systems and more recently BMW, which planned to validate their battery technology for the automotive market.

Now they are announcing this week the addition Hyundai, Samsung and several others to the list as they close a $20 million series A round of financing.

They are now working with two automakers and two battery cell suppliers for the auto industry.

Co-founder and CEO Doug Campbell commented on the announcement:

“We are at the center of the ‘electrification of everything’ with ASSB technology emerging as the clear leader in ‘post lithium-ion’ technologies. Solid-state batteries are a game changer for EV, electronics, defense, and medical device markets, and Solid Power’s technology is poised to revolutionize the industry with a competitive product paying special attention to safety, performance, and cost.”

In a press release, the company listed a bunch of advantages that they claim their technology has over current batteries:

  • 2 – 3X higher energy vs. current lithium-ion
  • Substantially improved safety due to the elimination of the volatile, flammable, and corrosive liquid electrolyte as used in lithium-ion
  • Low-cost battery-pack designs through:
    • Minimization of safety features
    • Elimination of pack cooling
    • Greatly simplified cell, module, and pack designs through the elimination of the need for liquid containment
  • High manufacturability due to compatibility with automated, industry-standard, roll-to-roll production

Solid Power said that it plans to use the funds from its Series A investment to “scale-up production via a multi-MWh roll-to-roll facility, which will be fully constructed and installed by the end of 2018 and fully operational in 2019.”

Source: Solid-state battery startup secures backing from several automakers as it claims breakthrough for electric vehicles | Electrek

Article 11, Article 13: EU’s Dangerous Copyright Bill Advances: massive censorship and upload filters (which are impossible) and huge taxes for links.

Members of the European Parliament voted Wednesday to approve a sweeping overhaul of the EU’s copyright laws that includes two controversial articles that threaten to hand more power to the richest tech companies and generally break the internet.

Overall, MEPs voted in favor of the EU Copyright Directive with a strong majority of 438 to 226. But the process isn’t over. There are still more parliamentary procedures to go through, and individual countries will eventually have to decide how they intend to implement the rules. That’s part of the reason that it’s so difficult to raise public awareness on this issue.

Momentum to oppose the legislation built up earlier this summer, culminating with Parliament deciding to open it up for amendments in July. Many people may have thought the worst was over. It wasn’t—but make no mistake, today’s vote in favor of the directive was extremely consequential.

The biggest issue with this legislation has been Articles 11 and 13. These two provisions have come to be known as the “link tax” and “upload filter” requirements, respectively.

In brief, the link tax is intended to take power back from giant platforms like Google and Facebook by requiring them to pay news outlets for the privilege of linking or quoting articles. But critics say this will mostly harm smaller websites that can’t afford to pay the tax, and the tech giants will easily pay up or just decide not link to news. The latter outcome has already happened when this was tried in Spain. On top of inhibiting the spread of news, the link tax could also make it all but impossible for Wikipedia and other non-profit educational sources to do their work because of their reliance on links, quotes, and citation.

The upload filter section of the legislation demands that all platforms aside from “small/micro enterprises” use a content ID system of some sort to prevent any copyrighted works from being uploaded. Sites will face all copyright liabilities in the event that something makes it past the filter. Because even the best filtering systems, like YouTube’s, are still horrible, critics say that the inevitable outcome is that over-filtering will be the default mode of operation. Remixing, meme-making, sharing of works in the public domain, and other fair use practices would likely all fall victim to platforms that would rather play it safe, just say no to flagged content, and avoid legal battles. Copyright trolls will likely be able to fraudulently claim ownership of intellectual property with little recourse for their victims.

We’ve gone further in-depth on all of the implications of the copyright directive, but the fact is, it’s full of vagaries and blind spots that make it impossible to say just how it will shake out. Joe McNamee, executive director of digital rights association EDRi, recently told The Verge, “The system is so complicated that last Friday the [European Parliament] legal affairs committee tweeted an incorrect assessment of what’s happening. If they don’t understand the rules, what hope the rest of us?” As we come closer to living parallel lives online and IRL, such sweeping legislation is dangerous to play with.

Source: Article 11, Article 13: EU’s Dangerous Copyright Bill Advances

You know all those movies you bought from Apple? Um, well, think different: You didn’t. Didn’t you learn that from Amazon in 2009?

Remember when you decided to buy, rather than rent, that movie online? We have some bad news for you – you didn’t.

Biologist Anders Gonçalves da Silva was surprised this week to find three movies he had purchased through iTunes simply disappeared one day from his library. So he contacted Apple to find out what had happened.

And Apple told him it no longer had the license rights for those movies so they had been removed. To which he of course responded: Ah, but I didn’t rent them, I actually bought them through your “buy” option.

At which point da Silva learnt a valuable lesson about the realities of digital purchases and modern licensing rules: While he had bought the movies, what he had actually paid for was the ability to download the movie to his hard drive.

“Please be informed that the iTunes/App Store is a store front that give content providers a platform or a place to sell their items,” the company informed him. “We can only offer what has been made available to us. Since the content provider has removed these movies… I am unable to provide you the copy of the movies.”

Sure, he could stream it whenever he wanted since he had bought it, but once those licensing rights were up, if he hadn’t downloaded the movie, it was gone – forever.


And it’s not fair to single out just Apple either: pretty much every provider of digital content has the same rules. Amazon got in hot water a few years ago when its deal with Disney expired and customers discovered that their expensive movie purchases vanished over night. In 2009 thee was a similar ruckus when it pulled George Orwell’s classic 1984 from Kindles without notice.

Source: You know all those movies you bought from Apple? Um, well, think different: You didn’t • The Register

Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit

It’s tricky. Computers have to follow what is being said by whom, the context of the conversation and often some real world facts to understand cultural references. Feeding machines single sentences is often ineffective; it’s a difficult task for humans to detect if individual remarks are cheeky too.

The researchers, therefore, built a system designed to inspect individual sentences as well as the ones before and after it. The model is made up of several bidirectional long-short term memory networks (BiLSTMs) stitched together, and was accurate at spotting a sarcastic comment about 70 per cent of the time.

“Typical LSTMs read and encode the data – a sentence – from left to right. BiLSTMs will process the sentence in a left to right and right to left manner,” Reza Ghaeini, coauthor of the research on arXiv and a PhD student at Oregon State University, explained to The Register this week.

“The outcome of the BiLSTM for each position is the concatenation of forward and backward encodings of each position. Therefore, now each position contains information about the whole sentence (what is seen before and what will be seen after).”

So, where’s the best place to learn sarcasm? Reddit’s message boards, of course. The dataset known as SARC – geddit? – contains hundreds of thousands of sarcastic and non-sarcastic comments and responses.

“It is quite difficult for both machines and humans to distinguish sarcasm without context,” Mikhail Khodak, a graduate student at Princeton who helped compile SARC, previously told El Reg.

“One of the advantages of our corpus is that we provide the text preceding each statement as well as the author of the statement, so algorithms can see whether it is sarcastic in the context of the conversation or in the context of the author’s past statements.”

Source: Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit • The Register

Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

The European Court of Human Rights (ECHR) ruled this week that the United Kingdom government’s surveillance regime violated human rights laws.

The matter first came to light in 2013 when NSA whistleblower Edward Snowden revealed British surveillance practices—namely that the government intercepts social media, messages, and phone calls regardless of criminal record or suspicions of criminal activity.

The ECHR decided the surveillance program violates Article 8 of the European Convention on Human Rights—the right to a private life and a family life—due to what the court regarded as “insufficient oversight” of the selection of collected communications.

The court also believes that journalistic sources were not adequately protected. ECHR judges wrote, “In view of the potential chilling effect that any perceived interference with the confidentiality of journalists’ communications and, in particular, their sources might have on the freedom of the press, the Court found that the bulk interception regime was also in violation of article 10.”

In 2016, the UK Investigatory Powers Tribunal also ruled that intelligence agencies violated human rights through bulk collection and unsatisfactory oversight.

A group of human rights organizations including Big Brother Watch and Amnesty International brought the case to the court. The advocacy groups focused on the power granted by the Regulation of Investigatory Powers Act 2000 (RIPA), which was replaced in 2016 by the Investigatory Powers Act in 2016, a bill that hasn’t yet gone into effect.

“This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr. Snowden’s courageous whistleblowing,” Silkie Carlo, director of the Big Brother Watch, said in a statement. “Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion.”

The ECHR did deviate from these watchdog groups with the court ruling that the practice of sharing collected information with foreign nations—as opposed to oversight of the collection itself—does not violate freedom of speech or the right to a private life.

Source: Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

Facebook creates an AI-based tool to automate bug fixes

SapFix, which is still under development, is designed to generate fixes automatically for specific bugs before sending them to human engineers for approval.

Facebook, which announced the tool today ahead of its @Scale conference in San Jose, California, for developers building large-scale systems and applications, calls SapFix an “AI hybrid tool.” It uses artificial intelligence to automate the creation of fixes for bugs that have been identified by its software testing tool Sapienz, which is already being used in production.

SapFix will eventually be able to operate independently from Sapienz, but for now it’s still a proof-of-concept that relies on the latter tool to pinpoint bugs first of all.

SapFix can fix bugs in a number of ways, depending on how complex they are, Facebook engineers Yue Jia, Ke Mao and Mark Harman wrote in a blog post announcing the tools. For simpler bugs, SapFix creates patches that revert the code submission that introduced them. In the case of more complicated bugs, SapFix uses a collection of “templated fixes” that were created by human engineers based on previous bug fixes.

And in case those human-designed template fixes aren’t up to the job, SapFix will then attempt what’s called a “mutation-based fix,” which works by continually making small modifications to the code that caused the software to crash, until a solution is found.

SapFix goes further by generating multiple potential fixes for each bug, then submits these for human evaluation. It also performs tests on each of these fixes so engineers can see if they might cause other problems, such as compilation errors and other crashes somewhere else.

Source: Facebook creates an AI-based tool to automate bug fixes – SiliconANGLE

Cold Boot Attacks are back – plug a sleeping laptop into some kit and read all the memory, slurp all the passwords

Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple.

And because these computers are everywhere, Olle and Pasi are sharing their research with companies like Microsoft, Apple and Intel, but also the public. The pair are presenting their research at the SEC-T conference in Sweden on September 13, and at Microsoft’s BlueHat v18 in the US on September 27.


Because cold boot attacks are nothing new, there have been developments to make them less effective. One safeguard created by the Trusted Computing Group (TCG) was to overwrite the contents of the RAM when the power was restored.

And that’s where Olle and Pasi’s research comes in. The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.

Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk.

Source: The Chilling Reality of Cold Boot Attacks – F-Secure Blog

Plants communicate distress using their own kind of nervous system

Plants may lack brains, but they have a nervous system, of sorts. And now, plant biologists have discovered that when a leaf gets eaten, it warns other leaves by using some of the same signals as animals. The new work is starting to unravel a long-standing mystery about how different parts of a plant communicate with one another.

Animal nerve cells talk to each other with the aid of an amino acid called glutamate, which—after being released by an excited nerve cell—helps set off a wave of calcium ions in adjacent cells. The wave travels down the next nerve cell, which relays a signal to the next one in line, enabling long-distance communication.

Source: Plants communicate distress using their own kind of nervous system

Mikrotik routers pwned en masse, send network data to mysterious box

More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.

This is according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data dump of supposed CIA hacking tools.

Since mid-July, Netlab said, attackers have looked to exploit the flaw and enlist routers to do things like force connected machines to mine cryptocurrency, and, in this case, forward their details on traffic packets to a remote server.

“At present, a total of 7,500 MikroTik RouterOS device IPs have been compromised by the attacker and their TZSP traffic is being forwarded to some collecting IP addresses,” the researchers explained.

The infection does not appear to be targeting any specific region, as the hacked devices reside across five different continents with Russia, Brazil, and Indonesia being the most commonly impacted.

The researchers noted that the malware is also resilient to reboots.

Source: Mikrotik routers pwned en masse, send network data to mysterious box • The Register

Outlook, Skype ‘throttle’ users amid storm cloud drama, can’t login. Yay cloud!

Folks around the planet are today unable to use Microsoft Skype and Office 365’s Outlook due to a baffling “Throttled” error message.

The weird text box pops up in the chat software and cloud-backed email client, preventing people from sending messages, and talking to contacts.

This is, according to Microsoft, due to a botched update to Azure’s backend authentication systems. The internal upgrade was introduced as its engineers brought servers knocked out by storms in Texas back online, and promptly broke Outlook and Skype. Outlook Web Access is said to be unaffected.

Source: Ever wanted to strangle Microsoft? Now Outlook, Skype ‘throttle’ users amid storm cloud drama • The Register

Mobile spyware maker mSpy leaks 2 million records

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky. The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records.

“Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months,” wrote security researcher Brian Krebs.

Source: Mobile spyware maker leaks 2 million records | TechCrunch

Google Dataset Search



How Location Tracking Actually Works on Your Smartphone (and how to manipulate it – kind of)

As the recent revelation over Google’s background tracking of your location shows, it’s not as easy as it should be to work out when apps, giant tech companies and pocket devices are tracking your location and when they’re not. Here’s what you need to know about how location tracking works on a phone—and how to disable it.

Location information is one of the prime bits of data any company can get on you, whether they want to personalize your weather reports or serve up an ad for a local bakery. As a result apps and mobile OSes are very keen to get hold of it. It’s a compromise though, and if you don’t want to give it away, you’ll have do without some location-based services (like directions to the park). Do you want convenience or privacy? You can’t have both, but know how it works, and when you can or should activate it should help.

Source: How Location Tracking Actually Works on Your Smartphone

Of course, you can’t stop Google entirely and if you use your browser then data will be sent to the sites you are visiting. It’s an unfortunate fact that this is inescapable using Android and IOS and the alternatives aren’t quite there yet. But for a layman, this is a pretty good starter guide.

BlackBerry KEY2 LE: proper keyboard but midrange specs

Out of thousands of smartphone vendors, TCL’s BlackBerry Mobile unit represents one of a tiny handful targeting enterprise users. But its two QWERTY models to date have been priced at a premium, north of £500. Unveiled at IFA this week, budget model the KEY2 LE cuts costs in a bid to attract the corporate bulk buyers.

The formula is straightforward. Take a midrange processor for endurance then beef this up with a hefty battery. While the KEY2 had a generous 6GB of RAM, the LE has a perfectly adequate 4GB. Savings have also been made by using a polycarbonate frame, a non-touch physical keyboard, a slower Snapdragon 636 (rather than 660) processor, and slightly cheaper camera sensors (13MP+5MP main).

The dimpled, grippy rubber-like material on the back feels fine, just not as plush as the KEY2. And somewhat disappointingly the power pack has been downgraded to 3,000mAh. That promises better-than-average endurance, into a second day for most, but not the extraordinary durability of the KEY2’s 3,500mAh, which makes it a must for long days of travel or shows like IFA.

BlackBerry KEY2 LE

To the naked eye it’s the same, very sharp 4.5-inch display. Oldies will find using a larger-than-default font is a must. I had a little go on the “Atomic”, red-tinted LE, which is clearly trying to strive after the shock and awe of the red and white BlackBerry Passport as one of the most striking phones ever made. I’m not sure it altogether works, as the rear material has a blueish tint.

Clearly TCL isn’t competing on specs. A full-touch device similarly kitted out would be around, or even under, £200 in 2018. The LE starts at £379 for the 4GB/32GB version. But you’re really buying it for the convenience keys and thoughtful suite of office tools and utilities. I can think of nothing as convenient as the “Productivity Bar” for checking incoming messages and appointments. And the paranoid will welcome a locked area for photos, files, apps and documents.

Source: BlackBerry KEY2 LE: Cheaper QWERTY, but not for what’s inside • The Register

It would be great if this had the specs to match – all for this one!

EU to recommend end to changing clocks twice a year

The European commission will recommend that EU member states abandon the practice of changing the clocks in spring and autumn, with many people in favour of staying on summer time throughout the year.

Jean-Claude Juncker, the commission’s president, said a recent consultation had shown that more than 80% of EU citizens were in favour of the move.

“We carried out a survey, millions responded and believe that in future, summer time should be year-round, and that’s what will happen,” he told the German broadcaster ZDF.

“I will recommend to the commission that, if you ask the citizens, then you have to do what the citizens say. We will decide on this today, and then it will be the turn of the member states and the European parliament.”

Any change would need approval from national governments and the European parliament to become law.

Source: EU to recommend end to changing clocks twice a year | World news | The Guardian

Here’s hoping! More daylight hours all through the year, no waking in the dark and walking home in the dark after work through the winter

Google Reportedly Bought Your Mastercard Data in Secret, and That’s Not Even the Bad News

Bloomberg reports that, after four years of negotiations, Google purchases a trove of credit card transaction data from Mastercard, allegedly for “millions of dollars.” Google then reportedly used that data to provide select advertisers with a tool called “store sales measurement” that the company quietly announced in a blog post last year, though it failed to mention the inclusion of Mastercard data in the workflow. The tool can track how online ads lead to real-world purchases, and that extra data is designed to make Google’s ad products more appealing to advertisers. (Read: everybody makes more money this way.) The public was not informed of the reported Mastercard deal, though advertisers have had access to the transaction data for at least a year, according to Bloomberg.

This is a hell of a bombshell, when you think about it. Thanks in part to heavy government regulation, your credit card and banking data has long been private. If you wanted to spend $98 at Sephora on a Tuesday afternoon, that transaction was between you, your bank, and Sephora. It now appears that Google has found a way to weasel its way into the data pipeline that connects consumers and their purchases. If you clicked on a Sephora ad while logged in to Google in the past year and then bought stuff at Sephora with a Mastercard in the past year, there’s a chance Google knows about that, at least on some level, and uses that data help its advertisers stuff their coffers.


This Orwellian ad engine does exist in Google’s new tool. Given the secrecy surrounding Google’s alleged Mastercard-assisted ad program, however, it’s hard to know what other tech giants are doing with our personal financial information. Amazon certainly knows a lot about the things we buy, and we learned earlier this year that the online retail giant was exploring the possibility of getting into the banking business itself. The Wall Street Journal has also reported that Amazon, like Facebook and Google, has had conversations with banks about gaining access to personal financial information.

Source: Google Reportedly Bought Your Banking Data in Secret, and That’s Not Even the Bad News

Social Mapper – A Social Media Mapping Tool that correlates profiles via facial recognition

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.



New attack on WPA/WPA2 using PMKID

In this writeup, I’ll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords.

In order to make use of this new attack you need the following tools:

This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).

The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.

At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).

The main advantages of this attack are as follow:

  • No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
  • No more waiting for a complete 4-way handshake between the regular user and the AP
  • No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
  • No more eventual invalid passwords sent by the regular user
  • No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
  • No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
  • No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string

Source: New attack on WPA/WPA2 using PMKID

The End for Fin7: Feds cuff suspected super-crooks after $$$m stolen from 15m+ credit cards

The FBI has arrested the alleged three leaders of an international crime syndicate that stole huge numbers of credit card numbers – which were subsequently sold on and used to rack up tens of millions of dollars in spending sprees.

Speaking in Seattle, USA, where the Feds’ cybersecurity taskforce is based, agents said the “Fin7” group was responsible for stealing more than 15 million credit card numbers at over 3,000 locations, impacting at least 100 businesses.

The group is alleged to have used phishing attacks, sending emails with attachments that launched a customized form of the Carbanak malware on victims’ computers. The group targeted people in charge of catering in three main industries – restaurants, hotels and casinos – and followed up the emails with phonecalls to those individuals, encouraging them to open the attachment, Uncle Sam’s agents said.

Once the software nasty was opened and installed, it would seek out credit card details and customers’ personal information from payment systems, and siphon them off to the Fin7 gang – which then sold the sensitive data on online marketplaces to crooks to exploit. Infosec biz FireEye has a summary of the malware, here.

The first suspected Fin7 kingpin was arrested back in January in Germany, the authorities said, but that indictment was kept under seal while the FBI continued its investigations. The unnamed individual has since been extradited to the US and will appear in court in Seattle in May.

The subsequent investigation then led to two further arrests: one in Poland and another in Spain. Both are currently in the middle of extradition hearings. The group operated through a front company based in Israel and Russia and operating throughout Eastern Europe.


Even though the estimated cost of the crime group is a drop in the bucket of what a senior director of credit card company Visa, Dan Schott, said is a $600 billion a year global business, he said that this case’s importance was that it showed the authorities were capable of fighting back “through cooperation across the private sector.”

FBI Special Agent Jay Tabb noted that the case is “the largest, certainly among the top three, criminal computer intrusion cases that the FBI is working right now in terms of loss, number of victims, the global reach, and the size of the organization, the organized crime syndicate doing this.”

Source: The End for Fin7: Feds cuff suspected super-crooks after $$$m stolen from 15m+ credit cards • The Register

Skip to toolbar