enderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device.
At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.
Manufacturers create apps to control smart cars — you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years.
That’s because only the dealership that originally sold the car can see who has access and manually remove someone from the app. A full factory reset of the vehicle doesn’t revoke mobile access, Henderson said. In order to revoke app access, you should go to a factory-authorized car dealership.
On smartphones, a factory reset wipes all the local data off the device so you can sell it to someone else. So-called internet of things devices store information in servers far away from the actual hardware. This means executing a factory reset on your car only resets the car — the data still exists in the cloud for other people to access.
Source: Why buying used cars could put your safety at risk
Gamalon uses a technique that it calls Bayesian program synthesis to build algorithms capable of learning from fewer examples. Bayesian probability, named after the 18th century mathematician Thomas Bayes, provides a mathematical framework for refining predictions about the world based on experience. Gamalon’s system uses probabilistic programming—or code that deals in probabilities rather than specific variables—to build a predictive model that explains a particular data set. From just a few examples, a probabilistic program can determine, for instance, that it’s highly probable that cats have ears, whiskers, and tails. As further examples are provided, the code behind the model is rewritten, and the probabilities tweaked. This provides an efficient way to learn the salient knowledge from the data.
Source: AI Software Juggles Probabilities to Learn from Less Data
Graph Engine – Open Source
Microsoft Graph Engine is a distributed in-memory data processing engine, underpinned by a strongly-typed in-memory key-value store and a general distributed computation engine.
This repository contains the source code of Graph Engine and its graph query language — Language Integrated Knowledge Query (LIKQ). LIKQ is a versatile graph query language on top of Graph Engine. It combines the capability of fast graph exploration and the flexibility of lambda expression: server-side computations can be expressed in lambda expressions, embedded in LIKQ, and executed on the server side during graph traversal. LIKQ is powering Academic Graph Search API, which is part of Microsoft Cognitive Services.
Source: GitHub – Microsoft/GraphEngine: Microsoft Graph Engine
As described by Hadley Wickham, tidy data has a specific structure:
each variable is a column
each observation is a row
each type of observational unit is a table
This means we end up with a data set that is in a long, skinny format instead of a wide format. Tidy data sets are easier to work with, and this is no less true when one starts to work with text. Most of the tooling and infrastructure needed for text mining with tidy data frames already exists in packages like dplyr, broom, tidyr, and ggplot2. Our goal in writing the tidytext package is to provide functions and supporting data sets to allow conversion of text to and from tidy formats, and to switch seamlessly between tidy tools and existing text mining packages.
Source: The Life-Changing Magic of Tidying Text
THE Royal Navy’s entire fleet of attack submarines is currently out of action. Repairs and maintenance to all seven have left none to defend our waters — or monitor Russia’s relentless probes. But …
Source: The Royal Navy’s ENTIRE fleet of attack submarines is out of action — and Theresa May doesn’t know because ‘chiefs fear reaction’
Fortunately the Vanguard nuclear deterrent fleet is still sailing. This is what happens when you keep taking “peace dividend” when there is no peace.
The government has received recommendations for a “future-proofed” new Espionage Act that would put leaking and whistleblowing in the same category as spying for foreign powers.
The plans would threaten leakers and journalists with the same extended jail sentences as agents working for of foreign powers. Sentences would apply even if – like Edward Snowden or Chelsea Manning – the leaker was not British, or in Britain, or was intent on acting in the public interest.
Source: Planned Espionage Act could jail journos and whistleblowers as spies • The Register
Free press and whistleblowing are necessary checks and balances on democracy. Killing them opens the way to a dictatorial corrupt nepotistic free for all, where the top layer of society distances themselves from the lower layer and crime becomes a necessity on the part of the lowest layers to survive.
The ability for companies to follow you from one platform to another — from your phone to your laptop to a physical store — is called cross-device tracking, and for businesses that want to market and sell stuff to you, it is basically the holy grail.
With robust tracking, a company can follow you basically from the moment you wake up and check social media feeds on your phone, through your commute, to work, back through the evening, and once more to your bed at night.
To get there, the FTC recently held a workshop on Cross-Device tracking, and has now published a report [PDF] highlighting some key facts about this increasingly popular practice.
Source: 5 Things We’ve Learned About How Companies Track You Online And Off – Consumerist
1. You don’t need always to be logged in to be tracked.
2. Cross-device tracking can actually improve account security.
3. Companies are not at all transparent about tracking practices.
4. Consumers have very little control.
5. The industry is working on some voluntary self-regulation… sort of.
Many charts don’t tell the truth. This is a simple guide to spotting them.
Source: How to Spot Visualization Lies
If you were to modify the above WRMHEADER or any of the three identified GUID objects you would find that on opening in Windows Media Player you are prompted with a warning from Windows Media Player.
However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile. There are several free DRM providers who could sign your media for you however as the barrier to entry to the DRM market is the aforementioned price tag, it makes you wonder how these files are being signed in the wild! As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning. For such an attack to work your target candidate must be running TorBrowser on Windows. When opening/downloading files, TorBrowser does warn you that 3rd party files can expose your IP address and should be accessed in tails. This is not an attack against Tor or the TorBrowser directly but a useful way that could be leveraged to identify people attempting to access illegal media content (such as Daesh propaganda).
Source: Windows DRM Social Engineering Attacks & TorBrowser – My Hacker House
We recently announced a new addition to Metasploit to help you do exactly that: the Hardware Bridge API. The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices. Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to do the same for all types of hardware. From within Metasploit you can now branch out into a Metasploit compatible hardware device to remotely control and use it for your penetration testing needs.
If your device supports CAN, Metasploit will automatically provide several interactive vehicle-related commands. This will also mark your Hardware Bridge (HWBridge) session as an Automotive session that can be viewed in your session list or via modules that are designed to work only on automotive systems. This allows exploit developers to focus on writing automotive tools without having to worry about the attached hardware. It also provides internal Metasploit APIs to make common automotive calls easier, such as getting the vehicle speed or requesting a security access token from the Engine Control Unit (ECU).
Source: Exiting the Matrix: Introducing Metasploit’s Ha… | Rapid7 Community and Blog
Initially used to improve the experience for visually impaired members of the Facebook community, the company’s Lumos computer vision platform is now powering image content search for all users. This means you can now search for images on Facebook with key words that describe the contents of a photo, rather than being limited by tags and captions.
To accomplish the task, Facebook trained an ever-fashionable deep neural network on tens of millions of photos. Facebook’s fortunate in this respect because its platform is already host to billions of captioned images. The model essentially matches search descriptors to features pulled from photos with some degree of probability.
Facebook isn’t the only one racing to apply recent computer vision advances to existing products. Pinterest’s visual search feature has been continuously improved to let users search images by the objects within them. This makes photos interactive and more importantly it makes them commercializable.
Google on the other hand open sourced its own image captioning model last fall that can both identify objects and classify actions with accuracy over 90 percent. The open source activity around TensorFlow has helped the framework gain prominence and become very popular with machine learning developers.
Facebook is focused on making machine learning easy for teams across the company to integrate into their projects. This means improving the use of the company’s general purpose FBLearner Flow.
“We’re currently running 1.2 million AI experiments per month on FBLearner Flow, which is six times greater than what we were running a year ago,” said Joaquin Quiñonero Candela, Facebook’s director of applied machine learning.
Lumos was built on top of FBLearner Flow. It has already been used for over 200 visual models. Aside from image content search, engineers have used the tool for fighting spam.
Source: Facebook’s AI unlocks the ability to search photos by what’s in them | TechCrunch
A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp (MSFT.O).
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.
“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.
Source: Google, unlike Microsoft, must turn over foreign emails: U.S. judge
I guess Rueter finds that invasion of privacy is no meaningful interference.
A genetically modified bacterium destroys tumors by provoking an immune response, according to a study published Wednesday.
Using mice and cultures of human cancer cells, a South Korean-led scientific team demonstrated that Salmonella typhimurium engineered to make a foreign protein caused immune cells called macrophages and neutrophils to mobilize against the cancer.
Tumors shrank below detectable levels in 11 out of 20 mice injected with the modified Salmonella, said the study, published in Science Translational Medicine.
Go to j.mp/salcancer for the study. The first author was Jin Hai Zheng of Chonnam National University Hwasun Hospital, in Jeonnam, South Korea.
The engineered Salmonella provoke a sustained immune response, in addition to preventing the spread of a human colon cancer implanted in a mouse. The bacterium also were found to be nontoxic, multiplying almost exclusively inside tumors.
UC San Diego researcher Jeff Hasty has developed engineered Salmonella that deliver cancer-killing toxins inside the tumor. This bacterium periodically self-destructs when it reaches a certain population density, releasing the toxins. Some of the engineered Salmonella survive, rebuilding the population until it reaches the self-destruct density. So the tumor receives periodic doses of targeted chemotherapy.
Source: GM Salmonella destroys cancer
California electronics maker Vizio will cough up $2.2m after its smart TVs spied on millions of people.
America’s trade watchdog, the FTC, said today the payment will settle a complaint filed by the state of New Jersey accusing Vizio of violating privacy regulations: the biz had collected the viewing habits of 11 million television sets throughout the country without warning or permission.
According to the state attorney general’s federal complaint [PDF], from February 2014 to March 2016, Vizio noted down exactly what its customers were watching and then resold all those records as summaries to third parties – which were mostly advertising companies.
The usage data was not only collected while customers were watching over-the-air or cable TV broadcasts, but also when they were watching DVDs or streaming video from websites and over-the-top services like Netflix.
Vizio harvested surveillance on people and their families so precise, it knew exactly what you were watching, second by second, and even took copies of the watched video, according to prosecutors. Additionally, we’re told, Vizio resold summaries of personal information about its customers it had gathered, including age, marital status, and household income, to advertisers without consent.
Source: Vizio coughs up $2.2m after its smart TVs spied on millions of families • The Register
No mention of the records having to be destroyed though?
Average compensation for staff in sales, trading, and research at the 12 largest global investment banks, of which Goldman is one, is $500,000 in salary and bonus, according to Coalition. Seventy-five percent of Wall Street compensation goes to these highly paid “front end” employees, says Amrit Shahani, head of research at Coalition.
For the highly paid who remain, there is a growing income spread that mirrors the broader economy, says Babson College professor Tom Davenport. “The pay of the average managing director at Goldman will probably get even bigger, as there are fewer lower-level people to share the profits with,” he says.
Goldman Sachs has already begun to automate currency trading, and has found consistently that four traders can be replaced by one computer engineer, Chavez said at the Harvard conference. Some 9,000 people, about one-third of Goldman’s staff, are computer engineers.
Goldman’s new consumer lending platform, Marcus, aimed at consolidation of credit card balances, is entirely run by software, with no human intervention, Chavez said. It was nurtured like a small startup within the firm and launched in just 12 months, he said. It’s a model Goldman is continuing, housing groups in “bubbles,” some on the now-empty trading spaces in Goldman’s New York headquarters: “Those 600 traders, there is a lot of space where they used to sit,” he said.
Source: As Goldman Embraces Automation, Even the Masters of the Universe Are Threatened
Previously, tourists, travelers and visa holders were warned they may have to hand over their online account names and handles so their public profiles can be studied by border agents and immigration officials.
Now Kelly wants to take that further, by demanding passwords from some visa applicants so g-men can log into Twitter, Facebook, online banking accounts, and so on, and rummage around for any eyebrow-raising non-public posts, messages and transactions. If you refuse, you can’t come in.
“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do,” Kelly explained, in response to a question from Representative Clay Higgins (R-LA).
“We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
Kelly said this invasive vetting of people’s online personas and accounts could take weeks or months, and that applicants would just have to wait until it was done. Representative Higgins said he agreed, and was anxious for Homeland Security and others to start trawling through people’s social media pages. Higgins said handing over such credentials should be mandatory.
Source: Want to come to the US? Be prepared to hand over your passwords if you’re on Trump’s hit list • The Register
The 4th reich keeps getting scarier.
Even though cash payments have decreased to 49% of our daily payments, people in the eurozone still think cash is important and shouldn’t be banned.
DNBulletin: Contant betalen moet mogelijk blijven
Source: DNBulletin: Contant betalen moet mogelijk blijven
There has been a movement to try to shame cash payments, into creating a shady overtone to them. In fact it’s none of anyones’ business what you are spending your money on and being able to monitor your expenditure is shameless. For the banks you become the product, for the government you fall more under their control.
Over the last few years, advances in science have made the kind of experiments once only accessible to PhDs with fancy labs far more attainable. College undergrads are constructing gene drives. Anyone can buy a kit on the internet to concoct their own bioluminescent beer.
The German government, it seems, is none too pleased with this development. Two weeks ago its consumer protection office issued a statement making clear just how upset it is: Any science enthusiast doing genetic engineering outside of a licensed facility, it wrote, might face a fine of €50,000 or up to three years in prison.
The law behind the German DIY bio crackdown isn’t new. The government was simply reminding so-called biohackers of a long-existing law that forbids genetic engineering experiments outside of laboratories supervised and licensed by the state.
“The statement has to be seen in light of the newly formed DIY biology scene and due to the appearance of low-priced DIY biology kits in online shops,” the BVL told Gizmodo, via email.
The BVL conceded that the new rules will make it virtually impossible for a lone scientist to meet the legal requirements to do genetic engineering. To begin with, any lab needs a project manager qualified by academic credentials such as a master’s degree in science. Labs also require a commissioner for biological safety who is similarly qualified.
“This makes genetic engineering experiments rather unattractive for individuals,” the BVL’s spokesman said.
Source: Germany Is Threatening Biohackers With Prison
On the one hand I understand the need for oversight and ethics, on the other hand, it should be a lot easier for individuals to play and learn in this field. It must be possible to balance the two needs.
Drones are getting more and more important in everyday’s life. Here’s everything you need to know about them, their benefits and how they will influence your future.
Source: 20 Ways Drones will Shape your Future
They also cover military UAVs
A new app from Fraunhofer development engineers looks directly inside objects and displays specific constituents. It has numerous uses: For instance, apples can be scanned for pesticide residues. Applications will be added successively following the Wikipedia principle.
Such scans usually require a special hyperspectral camera: It adjusts to different colored light each time and ascertains how much of a color’s light is reflected by an object, thus generating a complete spectral fingerprint of the object. The development engineers use a mathematical model to extract just about any information on an object, e.g. its constituents, from its spectral fingerprint. “Since hyperspectral cameras aren’t integrated in smartphones, we simply reversed this principle,” explains Seiffert. “The camera gives us a broadband three-channel sensor, that is, one that scans every wavelength and illuminates an object with different colored light.” This means that, instead of the camera measuring luminous intensity in different colors, the display successively illuminates the object with a series of different colors for fractions of a second. Thus, if the display casts only red light on the object, the object can only reflect red light – and the camera can only measure red light. Intelligent analysis algorithms enable the app to compensate a smartphone’s limited computing performance as well as the limited performance of the camera and display.
Source: New smartphone app looks inside objects
The availability of a universal quantum computer may have a fundamental impact on a vast number of research fields and on society as a whole. An increasingly large scientific and industrial community is working toward the realization of such a device. An arbitrarily large quantum computer may best be constructed using a modular approach. We present a blueprint for a trapped ion–based scalable quantum computer module, making it possible to create a scalable quantum computer architecture based on long-wavelength radiation quantum gates. The modules control all operations as stand-alone units, are constructed using silicon microfabrication techniques, and are within reach of current technology. To perform the required quantum computations, the modules make use of long-wavelength radiation–based quantum gate technology. To scale this microwave quantum computer architecture to a large size, we present a fully scalable design that makes use of ion transport between different modules, thereby allowing arbitrarily many modules to be connected to construct a large-scale device. A high error–threshold surface error correction code can be implemented in the proposed architecture to execute fault-tolerant operations. With appropriate adjustments, the proposed modules are also suitable for alternative trapped ion quantum computer architectures, such as schemes using photonic interconnects.
Source: Blueprint for a microwave trapped ion quantum computer
“An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication,” Cisco said today. “An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges.”
Note that “administrator” was italicized by the networking giant. Super serious.
Cisco pitches Prime Home as a “solution” for ISPs and connected device vendors, allowing companies to control devices such as ISP-issued cable modems, routers, and set top boxes in subscribers’ homes from afar. It uses “Broadband Forum’s TR-069 suite of protocols to provision and manage in-home devices.”
That means that a successful attack on an ISP’s installation of Prime Home would allow a criminal to take administrator-level control of the Prime Home GUI and meddle with all the devices connected to that particular service. As there are no workarounds or mitigations for the bug, Cisco is recommending that administrators install the update as soon as possible.
Source: Home-pwners: Cisco’s Prime Home lets hackers hijack people’s routers, no questions asked • The Register
The presence of a large underdensity, the dipole repeller, is predicted based on a study of the velocity field of our Local Group of galaxies. The combined effects of this super-void and the Shapley concentration control the local cosmic flow.
Our Local Group of galaxies is moving with respect to the cosmic microwave background (CMB) with a velocity 1 of V CMB = 631 ± 20 km s−1 and participates in a bulk flow that extends out to distances of ~20,000 km s−1 or more
Source: The dipole repeller
Figure 1: A face-on view of a slice 6,000 km s−1 thick, normal to the direction of the pointing vector rˆ=(0.604,0.720,−0.342).
Three different elements of the flow are presented: mapping of the velocity field is shown by means of streamlines (seeded randomly in the slice); red and grey surfaces present the knots and filaments of the V-web, respectively; and equi-gravitational potential (ϕ) surfaces are shown in green and yellow. The potential surfaces enclose the dipole repeller (in yellow) and the Shapley attractor (in green) that dominate the flow. The yellow arrow originates at our position and indicates the direction of the CMB dipole (galactic longitude l = 276°, galactic latitude b = 30°). The distance scale is given in units of km s−1.
Figure 2: A 3D view of the velocity field.
It is shown here by means of the flow streamlines (in black–blue, left panel) and of the anti-flow (in yellow–red, right panel). Anti-flow is defined here by the negative (namely, the reverse) of the velocity field. The same streamlines are seeded on a regular grid and are coloured according to the magnitude of the velocity. The flow streamlines diverge from the repeller and converge on the attractor. For the anti-flow, the divergence and convergence switch roles: they diverge from the attractor and converge on the repeller. The knots and filaments of the V-web are shown for reference. Cartesian supergalactic coordinates (SGX, SGY, SGZ) are assumed here. (For a 3D view, look at the accompanying Supplementary Video, at time 00:56–01:28.)