Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker – Slashdot

This CLI debugging interface grants the attacker full access to the computer’s hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system.

Source: Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker – Slashdot

Uber begins collection of rider location data – whether using the app or not

The app update (it’s 3.222.4, for those keeping track) changes the way Uber collects location data from its users. Previously, Uber only collected location information while a user had the app open – now, Uber asks users to always share their location with the ride-hailing company.

Uber says that, even though it can harvest your location constantly while its app is running in the background on your phone, it won’t use that capability. Instead, Uber claims it just needs a little bit more location data to improve its service, and it has to ask for constant access because of the way device-level permissions are structured.

Specifically, Uber wants access to a rider’s location from the moment she requests a ride until five minutes after the driver drops her off, even if the app is not in the foreground of her phone. Previously, Uber would not collect a rider’s background location during the trip, or her location after drop-off.

Source: Uber begins background collection of rider location data | TechCrunch

They have many excuses as to why, but who knows what the truth is? You have become the product of Uber and having them follow you around is just creepy.

The FBI Just Got Disturbing New Hacking Powers

Under the old version of “Rule 41,” agencies like the FBI needed to apply for a warrant in the right jurisdiction to hack a computer, presenting difficulties when investigating crimes involving suspects who had anonymized their locations or machines in multiple places. Under the new version, a federal judge can approve a single search warrant covering multiple computers even if their owners are innocent or their locations are unknown.

Source: The FBI Just Got Disturbing New Hacking Powers

So, who cares about innocent until proven guilty? Or probable cause? Or mass surveillance and breach of privacy? Or security for your own devices?

TensorFlow — Googles’ Open Source Software Library for Machine Intelligence

TensorFlow™ is an open source software library for numerical computation using data flow graphs. Nodes in the graph represent mathematical operations, while the graph edges represent the multidimensional data arrays (tensors) communicated between them. The flexible architecture allows you to deploy computation to one or more CPUs or GPUs in a desktop, server, or mobile device with a single API. TensorFlow was originally developed by researchers and engineers working on the Google Brain Team within Google’s Machine Intelligence research organization for the purposes of conducting machine learning and deep neural networks research, but the system is general enough to be applicable in a wide variety of other domains as well

Source: TensorFlow — an Open Source Software Library for Machine Intelligence

Everything finds every file you search for in your Windows

“Everything” is search engine that locates files and folders by filename instantly for Windows.Unlike Windows search “Everything” initially displays every file and folder on your computer (hence the name “Everything”).You type in a search filter to limit what files and folders are displayed.

Source: Everything

Acquired administrator level access to all of the Microsoft Azure managed Red Hat Update Infrastructure that supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.

Acquired administrator level access to all of the [Microsoft Azure](https://azure.microsoft.com) managed [Red Hat Update Infrastructure](https://access.redhat.com/documentation/en/red-hat-update-infrastructure/3.0.beta.1/paged/system-administrator-guide/chapter-1-about-red-hat-update-infrastructure) that supplies all the packages for all [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) instances booted from the Azure marketplace.

Basically it’s easy to find all servers, then bump up a package version number, upload it to the update host and get all the Red Hat servers to download and execute that package.

These Are The 48 Organizations That Now Have Access To Every Brit’s Browsing History

While the UK was obsessing with Brexit and its aftermath, parliament quietly passed a contentious snooping law that gives authorities, everyone from police and spies to food regulators, fire officials and tax inspectors, the right to legally look at the internet browsing records of everyone in the country.
[…]
Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list:

Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of Health
Home Office
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gambling Commission
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
Information Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust

Source: These Are The 48 Organizations That Now Have Access To Every Brit’s Browsing History

That’s a lot of places to potentially spill a very important dataset! Remember, they only have to break into one of the above places for it all…

Battery breakthrough will let phones charge in seconds and last for a week

charge has been created by researchers at the University of Central Florida.

The high-powered battery is packed with supercapacitors that can store a large amount of energy. It looks like a thin piece of flexible metal that is about the size of a finger nail and could be used in phones, electric vehicles and wearables, according to the researchers.

As well as storing a lot of energy rapidly, the small battery can be recharged more than 30,000 times. Normal lithium-ion batteries begin to tire within a few hundred charges. They typically last between 300 to 500 full charge and drain cycles before dropping to 70 per cent of their original capacity.

It is uncommon for a lithium-ion battery to withstand more than 1,500 charges before it fails, the Florida researchers claimed. Other estimates put the lifecycle of batteries currently on the market at a maximum of 7,000 charges.

Source: Battery breakthrough will let phones charge in seconds and last for a week

Google’s AI translation tool seems to have invented its own secret internal language

If you can translate from A to B and from B to C can you translate from A to C without learning the translations directly? Well yes you can. So the translate AI has created its’ own language B (we think) that can function as a midpoint between not only A and C, but also D,E,F, etc.
Would it be what Esperanto wanted to be?

Source: Google’s AI translation tool seems to have invented its own secret internal language | TechCrunch

The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant

In January, Motherboard reported on the FBI’s “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.

In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case.

The figures illustrate the largest ever known law enforcement hacking campaign to date, and starkly demonstrate what the future of policing crime on the dark web may look like. This news comes as the US is preparing to usher in changes that would allow magistrate judges to authorize the mass hacking of computers, wherever in the world they may be located.

Source: The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant

Thermoelectric paint enables walls to convert heat into electricity

Already researchers have developed photovoltaic paint, which can be used to make “paint-on solar cells” that capture the sun’s energy and turn it into electricity. Now in a new study, researchers have created thermoelectric paint, which captures the waste heat from hot painted surfaces and converts it into electrical energy.

“I expect that the thermoelectric painting technique can be applied to waste heat recovery from large-scale heat source surfaces, such as buildings, cars, and ship vessels,” Jae Sung Son, a coauthor of the study and researcher at the Ulsan National Institute of Science and Technology (UNIST)

Source: Thermoelectric paint enables walls to convert heat into electricity

Surveillance camera compromised in 98 seconds

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network.

According to Graham’s series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Note: it was infected by another botnet first and then after 98 seconds by Mirai

Mirai conducts a brute force password attack via telnet using 61 default credentials to gain access to the DVR software in video cameras and to other devices such as routers and CCTV cameras.

After the first stage of Mirai loads, “it then connects out to download the full virus,” Graham said in a Twitter post. “Once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims.”

Graham said the defense recommended by the Christian Science Monitor – changing the default password of devices before connecting them to the Internet – doesn’t help because his Mirai-infected camera has a telnet password that cannot be changed.

“The correct mitigation is ‘put these devices behind your firewall’,” Graham said.

Source: Surveillance camera compromised in 98 seconds

Royal Navy to lose missiles and be left only with guns

Royal Navy warships will be left without anti-ship missiles and be forced to rely on naval guns because of cost-cutting, the Ministry of Defence has admitted.

The Navy’s Harpoon missiles will retire from the fleet’s frigates and destroyers in 2018 without a replacement, while there will also be a two year gap without helicopter-launched anti-shipping missiles.

Naval sources said the decision was “like Nelson deciding to get rid of his cannons and go back to muskets” and one senior former officer said warships would “no longer be able to go toe-to-toe with the Chinese or Russians”.

Source: Royal Navy to lose missiles and be left only with guns

Britain has passed the ‘most extreme surveillance law ever passed in a democracy’

The UK has just passed a massive expansion in surveillance powers, which critics have called “terrifying” and “dangerous”.

The new law, dubbed the “snoopers’ charter”, was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government.

Four years and a general election later — May is now prime minister — the bill was finalized and passed on Wednesday by both parliamentary houses.

But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government “document everything we do online”.

It’s no wonder, because it basically does.

The law will force internet providers to record every internet customer’s top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand — though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions — such as journalists and medical staff — are layered with marginally better protections.

In other words, it’s the “most extreme surveillance law ever passed in a democracy,” according to Jim Killock, director of the Open Rights Group.

Source: Britain has passed the ‘most extreme surveillance law ever passed in a democracy’ | ZDNet

NIH Scientists Identify Potent Antibody that Neutralizes Nearly All HIV Strains

Scientists from the National Institutes of Health have identified an antibody from an HIV-infected person that potently neutralized 98 percent of HIV isolates tested, including 16 of 20 strains resistant to other antibodies of the same class. The remarkable breadth and potency of this antibody, named N6, make it an attractive candidate for further development to potentially treat or prevent HIV infection, say the researchers.

Source: NIH Scientists Identify Potent Antibody that Neutralizes Nearly All HIV Strains | NIH: National Institute of Allergy and Infectious Diseases

Siri on apple lockscreens leads to people being able to break into the device

A series of YouTube videos are pointing out a flaw that could allow users to access photos on an iPhone without entering in a passcode. This requires physical access to the device, and Siri on the lock screen needs to be enabled.

Source: This Weird Trick Apparently Lets You Bypass Any iPhone’s Lock Screen

It allows you to access the contacts and photos

The Secret Service Has Lost 1,024 Computers Since 2001

The US Secret Service is tasked with keeping the President and members of his family safe. But newly released documents show that the agency has had trouble keeping tabs on its own equipment. Since 2001, the agency has lost at least 1,024 computers, 736 mobile phones, and 121 guns.

Judicial Watch obtained the numbers through a Freedom of Information Act (FOIA) request filed in January. The Secret Service released the numbers this week, which is broken down into different categories of lost and stolen equipment. Of the 1,024 total computers lost or stolen, the Secret Service has misplaced 744 laptops, 258 desktops, and 22 tablets.

Source: The Secret Service Has Lost 1,024 Computers Since 2001

I have no idea how many personnel the US secret Service has, so can’t say if this is a lot or a little.

Three Mobile hack: millions of UK customers breached

hree has suffered a massive data breach in which the personal information and contact details of millions of customers could have been accessed. It is believed to one of the largest hacks of its kind to affect people living in Britain.

Here’s everything you need to know about the hack.
What happened?

UK-based cyber criminals managed to gain access to the upgrade database in Three’s computer system.

The database contains the personal information of those who are eligible for an upgrade, but it is not clear exactly how many customers this includes. The company has not outlined whether the system includes those who have previously upgraded or historic customers that have left the network.

Attackers allegedly accessed the database using stolen employee credentials, which allowed them to login to the system without Three noticing. Once in, they tricked it into sending high-end upgrade handsets to an address where they could intercept them.

Three has not said whether the accessed customer data was also stolen.
What customer details did they access?

Three has confirmed that the data accessed included names, phone numbers, addresses, dates of birth, and some email addresses.

Source: Three Mobile hack: how to protect yourself if you’ve been affected 

Apple Will Fix ‘Touch Disease’ on Your iPhone for Just $150

Apple now has a repair program in place to address the so-called “Touch Disease” problem that the iPhone repair community first raised in August. Over time, some iPhone 6 Plus users reported that the touchscreen on the phones became unresponsive, with a flickering gray bar eventually showing up at the top of the screen.

Dubbed Touch Disease by the repair vendor iFixit, the repair was relatively simple, but it required opening up the phone and soldering the two chips that cover the touch responsiveness on the iPhone. Apple Stores and Certified Apple Repair techs didn’t have the equipment for a fix, which led many users paying for more expensive logic board replacements.

Now Apple has an official program in place

Source: Apple Will Fix ‘Touch Disease’ on Your iPhone for Just $150

Apple is blaming touch disease on dropping the phone on hard surfaces, but given the prevalence of the problem, it sounds like it’s shifting the blame, which it has to, considering If you’re having that problem and your phone isn’t cracked or broken, Apple says it will repair it for $150.

Miles Deep – AI Porn Video Editor

Using a deep convolutional neural network with residual connections, Miles Deep quickly classifies each second of a pornographic video into 6 categories based on sexual act with 95% accuracy. Then it uses that classification to automatically edit the video. It can remove all the scenes not containing sexual contact, or edit out just a specific act.

Unlike Yahoo’s recently released NSFW model, which uses a similar architecture, Miles Deep can tell the difference between nudity and various explicit sexual acts. As far as I know this is the first and only public pornography classification or editing tool.

Source: GitHub – ryanjay0/miles-deep: Deep Learning Porn Video Classifier/Editor with Caffe

Hard Drive Test Data – Determining Failure Rates and More

Since 2013, Backblaze has published statistics and insights based on the hard drives in our data center. You’ll find links to those reports below. We also publish the data underlying these reports, so that anyone can reproduce them. You’ll find an overview of this data and the download links further down this page.

Source: Hard Drive Test Data – Determining Failure Rates and More

CRISPR gene-editing tested in a person for the first time

A Chinese group has become the first to inject a person with cells that contain genes edited using the revolutionary CRISPR–Cas9 technique.

On 28 October, a team led by oncologist Lu You at Sichuan University in Chengdu delivered the modified cells into a patient with aggressive lung cancer as part of a clinical trial at the West China Hospital, also in Chengdu.

Earlier clinical trials using cells edited with a different technique have excited clinicians. The introduction of CRISPR, which is simpler and more efficient than other techniques, will probably accelerate the race to get gene-edited cells into the clinic across the world, says Carl June, who specializes in immunotherapy at the University of Pennsylvania in Philadelphia and led one of the earlier studies.

“I think this is going to trigger ‘Sputnik 2.0’, a biomedical duel on progress between China and the United States, which is important since competition usually improves the end product,” he says.

Source: CRISPR gene-editing tested in a person for the first time

A.I. Experiments by Google

AI Experiments is a showcase for simple experiments that let anyone play with artificial intelligence and machine learning in hands-on ways, through pictures, drawings, language, music, and more.

Source: A.I. Experiments

Virgin Galactic and Boom unveil Concorde 2.0 tester to restart supersonic travel

At a Colorado aircraft hangar, the two firms unveiled the triple-engined XB-1 prototype, a one-third sized prototype of the airliner they hope will be able to blast from London to New York in three hours and 15 minutes – air traffic control allowing.

“60 years after the dawn of the jet age, we’re still flying at 1960s speeds,” said Blake Scholl, chief executive officer and founder of Boom.

“Concorde’s designers didn’t have the technology for affordable supersonic travel, but now we do. Today, we’re proud to unveil our first aircraft as we look forward to first flight late next year.”

Boom, a product of the Y Combinator startup factory, claims that with advanced materials, more efficient engines that don’t require an afterburner that chews fuel, and a more efficient wing design, it can make supersonic travel a commercial reality for the cost of today’s business class – around $5,000 for a return transatlantic trip.

The firm envisages 170-foot long airliners with 60-foot wingspans that will seat 55 passengers, one on each side of the aisle. The finished craft will have a range of 4,500 nautical miles (long enough for New York or Washington to London), but Boom says it’ll be designed for refueling for trips with twice that range.

Source: Virgin Galactic and Boom unveil Concorde 2.0 tester to restart supersonic travel

Google’s Photo Scan App Makes Backing Up Old Snapshots Easy as Hell

The Photo Scan app launched by Google today for iOS and Android lets you scan printed photos in just a couple of seconds, using machine learning to correct imperfections in the capture process that they look great every time.

Here’s how it works: Download the app, and open it up. You’ll see a viewfinder. Hold your phone over the printed photo you want to make a digital copy of, and make sure it fits entirely in the frame. Tap the shutter button once.

Next, four white dots will appear on the screen in each corner of the photo you’re backing up. You connect the dots by moving your phone over the dots until they turn blue. After you’ve scanned each individual dot, the photo will be saved within the Photo Scan app and can be saved to your Google Photos library with the push of a button.

Source: Google’s Photo Scan App Makes Backing Up Old Snapshots Easy as Hell

Of course, you do give Google your old photos to analyse with an AI. Worry about the privacy aspect of that!

 
Skip to toolbar