Converting Cancer Cells to Fat Cells to Stop Cancer’s Spread

A method for fooling breast cancer cells into fat cells has been discovered by researchers from the University of Basel. The team were able to transform EMT-derived breast cancer cells into fat cells in a mouse model of the disease – preventing the formation of metastases. The proof-of-concept study was published in the journal Cancer Cell.

Malignant cells can rapidly respond and adapt to changing microenvironmental conditions, by reactivating a cellular process called epithelial-mesenchymal transition (EMT), enabling them to alter their molecular properties and transdifferentiate into a different type of cell (cellular plasticity).

Senior author of the study Gerhard Christofori, professor of biochemistry at the University of Basel, commented in a recent press release: “The breast cancer cells that underwent an EMT not only differentiated into fat cells, but also completely stopped proliferating.”

“As far as we can tell from long-term culture experiments, the cancer cells-turned-fat cells remain fat cells and do not revert back to breast cancer cells,” he explained.

Source: Converting Cancer Cells to Fat Cells to Stop Cancer’s Spread | Technology Networks

Forget Finding Nemo: This AI can identify a single zebrafish out of a 100-strong shoal

AI systems excel in pattern recognition, so much so that they can stalk individual zebrafish and fruit flies even when the animals are in groups of up to a hundred.

To demonstrate this, a group of researchers from the Champalimaud Foundation, a private biomedical research lab in Portugal, trained two convolutional neural networks to identify and track individual animals within a group. The aim is not so much to match or exceed humans’ ability to spot and follow stuff, but rather to automate the process of studying the behavior of animals in their communities.

“The ultimate goal of our team is understanding group behavior,” said Gonzalo de Polavieja. “We want to understand how animals in a group decide together and learn together.”

The resulting machine-learning software, known as, is described as “a species-agnostic system.” It’s “able to track all individuals in both small and large collectives (up to 100 individuals) with high identification accuracy—often greater than 99.9 per cent,” according to a paper published in Nature Methods on Monday.

The software is split into a crossing-detector network and an identification network. First, it was fed video footage of the animals interacting in their enclosures. For example in the zebrafish experiment, the system pre-processes the fish as coloured blobs and learns to identify the animals as individuals or which ones are touching one another or crossing past each other in groups. The identification network is then used to identify the individual animals during each crossing event.

Surprisingly, it reached an accuracy rate of up to 99.96 per cent for groups of 60 zebrafish and increased to 99.99 per cent for 100 zebrafish. Recognizing fruit flies is harder. was accurate to 99.99 per cent for 38 fruit flies, but decreased slightly to 99.95 per cent for 72 fruit flies.

Source: Forget Finding Nemo: This AI can identify a single zebrafish out of a 100-strong shoal • The Register

Cottoning on: Chinese seed sprouts on moon

A small green shoot is growing on the moon in an out-of-this-world first after a cotton seed germinated on board a Chinese lunar lander, scientists said Tuesday.

The sprout has emerged from a lattice-like structure inside a canister since the Chang’e-4 lander set down earlier this month, according to a series of photos released by the Advanced Technology Research Institute at Chongqing University.

“This is the first time humans have done biological growth experiments on the ,” said Xie Gengxin, who led the design of the experiment.

The Chang’e-4 probe—named after a Chinese moon goddess—made the world’s first soft landing on the moon’s “dark side” on January 3, a major step in China’s ambitions to become a space superpower.

Scientists from Chongqing University —who designed the “mini lunar biosphere” experiment—sent an 18-centimetre (seven-inch) bucket-like container holding air, water and soil.

Inside are cotton, potato, and arabidopsis seeds—a plant of the mustard family—as well as fruit fly eggs and yeast.

Images sent back by the probe show a cotton sprout has grown well, but so far none of the other plants has taken, the university said.

Read more at:

Source: Cottoning on: Chinese seed sprouts on moon

Relying on karma: Research explains why outrage doesn’t usually result in revolution

If you’re angry about the political feud that drove the federal government to partially shut down, or about a golden parachute for a CEO who ran a business into the ground, you aren’t alone—but you probably won’t do much about it, according to new research by Carnegie Mellon University’s Tepper School of Business.

The research, coauthored by Rosalind Chow, Associate Professor of Organizational Behavior and Theory, and Jeffrey Galak, Associate Professor of Marketing, outlines how people respond to two types of injustices: when bad things happen to good people, and when good things happen to bad people.

In the first instance—a bad thing happening to a good person, such as a hurricane devastating a town—human beings are reliably motivated to help, but only in a nominal way, according to the research.

“Everybody wants to help. They just do it to a small degree,” Galak explains. “When a hurricane happens, we want to help, but we give them 10 bucks. We don’t try to build them a new house.”

This response illustrates that even a small amount can help us feel that justice is restored, Chow explains: “You checked the box of doing something good, and the world seems right again.”

But the converse is not necessarily true: When the universe rewards bad people despite their rotten behavior, people are usually reluctant to do anything about it, even when they’re angry at the unfairness of the situation.

That’s because people often feel that the forces at play in creating the unfair situation are beyond their control, or would at least be too personally costly to make the effort worthwhile, Galak says. So, we stay angry, but often we settle for the hope that karma will eventually catch up.

On the rare occasions when people do decide to take action against a bad person, the research says they go for broke, spending all their resources and energy—not just a token amount—in an effort to deprive that person of everything they shouldn’t have gotten. The desire to completely wipe out a bad person’s ill-gotten gains is driven by a sense that justice will not be served until the bad person will be effectively deterred from future bad behavior, which is unlikely to be the case if the punishment is a slap on the wrist. For example, for individuals who believe that President Trump was unjustly rewarded the presidency, indictment may be seen as insufficient to deter future bad behavior on his part. Only by completely removing his fortune—impeachment from the presidency, dissolution of his businesses—does justice seem to be adequately served. But given that those outcomes are unlikely, many Americans stew in anger and hope for the best.

So when ordinary people see bad things happening to good people, pitching in a few dollars feels good enough. Pitching in a few dollars to punish a bad person who has been unjustly rewarded, however, doesn’t cut it; only when people feel that their actions are guaranteed to send an effective signal to the bad person will they feel compelled to act. Since that sort of guarantee is hard to come by, most people will just stand by and wait for karma to catch up.

Read more at:

Source: Relying on karma: Research explains why outrage doesn’t usually result in revolution

However, it doesn’t answer the question: what then does result in revolution?

202 Million private Chinese resumes exposed

On December 28th, Bob Diachenko, Director of Cyber Risk Research at and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance:


The same IP also appeared in Shodan search results:


Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with no password/login authentication needed to view and access the details of what appeared to be more than 200 million very detailed resumes of Chinese job seekers.

Each of the 202,730,434 records contained the details not only on the candidates’ skills and work experience but also on their personal info, such as mobile phone number, email, marriage, children, politics, height, weight, driver license, literacy level, salary expectations and more.


See more details in the PDF factsheet


The origin of the data remained unknown until one of my Twitter followers pointed to a GitHub repository (page is no longer available but it is still saved in Google cache)  which contained a web app source code with identical structural patterns as those used in the exposed resumes:







The tool named “data-import” (created 3 years ago) seems to have been created to scrape data (resumes) from different Chinese classifieds, like and others.




It is unknown, whether it was an official application or illegal one used to collect all the applicants’ details, even those labeled as ‘private’.

Upon additional request, the security team of did not confirm that the data originated from their source:

We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us.

It seems that the data is leaked from a third party who scrape data from many CV websites.

Shortly after my notification on Twitter, the database had been secured. It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline.

Source: No more privacy: 202 Million private resumes exposed – HackenProof Blog

A neural network can learn to organize the world it sees into concepts and MIT has found a way to show how it’s doing it

As good as they are at causing mischief, researchers from the MIT-IBM Watson AI Lab realized GANs are also a powerful tool: because they paint what they’re “thinking,” they could give humans insight into how neural networks learn and reason. This has been something the broader research community has sought for a long time—and it’s become more important with our increasing reliance on algorithms.

“There’s a chance for us to learn what a network knows from trying to re-create the visual world,” says David Bau, an MIT PhD student who worked on the project.

So the researchers began probing a GAN’s learning mechanics by feeding it various photos of scenery—trees, grass, buildings, and sky. They wanted to see whether it would learn to organize the pixels into sensible groups without being explicitly told how.

Stunningly, over time, it did. By turning “on” and “off” various “neurons” and asking the GAN to paint what it thought, the researchers found distinct neuron clusters that had learned to represent a tree, for example. Other clusters represented grass, while still others represented walls or doors. In other words, it had managed to group tree pixels with tree pixels and door pixels with door pixels regardless of how these objects changed color from photo to photo in the training set.

The GAN knows not to paint any doors in the sky.

MIT Computer Science & Artificial Intelligence Laboratory

“These GANs are learning concepts very closely reminiscent of concepts that humans have given words to,” says Bau.

Not only that, but the GAN seemed to know what kind of door to paint depending on the type of wall pictured in an image. It would paint a Georgian-style door on a brick building with Georgian architecture, or a stone door on a Gothic building. It also refused to paint any doors on a piece of sky. Without being told, the GAN had somehow grasped certain unspoken truths about the world.

This was a big revelation for the research team. “There are certain aspects of common sense that are emerging,” says Bau. “It’s been unclear before now whether there was any way of learning this kind of thing [through deep learning].” That it is possible suggests that deep learning can get us closer to how our brains work than we previously thought—though that’s still nowhere near any form of human-level intelligence.

Other research groups have begun to find similar learning behaviors in networks handling other types of data, according to Bau. In language research, for example, people have found neuron clusters for plural words and gender pronouns.

Being able to identify which clusters correspond to which concepts makes it possible to control the neural network’s output. Bau’s group can turn on just the tree neurons, for example, to make the GAN paint trees, or turn on just the door neurons to make it paint doors. Language networks, similarly, can be manipulated to change their output—say, to swap the gender of the pronouns while translating from one language to another. “We’re starting to enable the ability for a person to do interventions to cause different outputs,” Bau says.

The team has now released an app called GANpaint that turns this newfound ability into an artistic tool. It allows you to turn on specific neuron clusters to paint scenes of buildings in grassy fields with lots of doors. Beyond its silliness as a playful outlet, it also speaks to the greater potential of this research.

“The problem with AI is that in asking it to do a task for you, you’re giving it an enormous amount of trust,” says Bau. “You give it your input, it does it’s ‘genius’ thinking, and it gives you some output. Even if you had a human expert who is super smart, that’s not how you’d want to work with them either.”

With GANpaint, you begin to peel back the lid on the black box and establish some kind of relationship. “You can figure out what happens if you do this, or what happens if you do that,” says Hendrik Strobelt, the creator of the app. “As soon as you can play with this stuff, you gain more trust in its capabilities and also its boundaries.”

Source: A neural network can learn to organize the world it sees into concepts—just like we do – MIT Technology Review

GPU Accelerated Realtime Skin Smoothing Algorithms Make Actors Look Perfect

A recent Guardian article about the need for actors and celebrities — male and female — to look their best in a high-definition media world ended on the note that several low-profile Los Angeles VFX outfits specialize in “beautifying actors” in movies, TV shows and video ads. They reportedly use a software named “Beauty Box,” resulting in films and other motion content that are — for lack of a better term — “motion Photoshopped.” After some investigating, it turns out that “Beauty Box” is a sophisticated CUDA and OpenGL accelerated skin-smoothing plugin for many popular video production software that not only smooths even terribly rough or wrinkly looking skin effectively, but also suppresses skin spots, blemishes, scars, acne or freckles in realtime, or near realtime, using the video processing capabilities of modern GPUs.

The product’s short demo reel is here with a few examples. Everybody knows about photoshopped celebrities in an Instagram world, and in the print magazine world that came long before it, but far fewer people seem to realize that the near-perfect actor, celebrity, or model skin you see in high-budget productions is often the result of “digital makeup” — if you were to stand next to the person being filmed in real life, you’d see far more ordinary or aged skin from the near-perfection that is visible on the big screen or little screen. The fact that the algorithms are realtime capable also means that they may already be being used for live television broadcasts without anyone noticing, particularly in HD and 4K resolution broadcasts. The question, as was the case with photoshopped magazine fashion models 25 years ago, is whether the technology creates an unrealistic expectation of having to have “perfectly smooth looking” skin to look attractive, particularly in people who are past their teenage years.

Source: GPU Accelerated Realtime Skin Smoothing Algorithms Make Actors Look Perfect – Slashdot

If by perfect you mean looks like shot in a soft porn out of focus kind of way – but it’s pretty creepy

Amazon’s Ring Security Cameras Allow Anyone to Watch Easily – And They Do!

But for some who’ve welcomed in Amazon’s Ring security cameras, there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices.

Ring has a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house. The company has marketed its line of miniature cameras, designed to be mounted as doorbells, in garages, and on bookshelves, not only as a means of keeping tabs on your home while you’re away, but of creating a sort of privatized neighborhood watch, a constellation of overlapping camera feeds that will help police detect and apprehend burglars (and worse) as they approach. “Our mission to reduce crime in neighborhoods has been at the core of everything we do at Ring,” founder and CEO Jamie Siminoff wrote last spring to commemorate the company’s reported $1 billion acquisition payday from Amazon, a company with its own recent history of troubling facial recognition practices. The marketing is working; Ring is a consumer hit and a press darling.

Despite its mission to keep people and their property secure, the company’s treatment of customer video feeds has been anything but, people familiar with the company’s practices told The Intercept. Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click. The Information, which has aggressively covered Ring’s security lapses, reported on these practices last month.

At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access. The Ukraine team was also provided with a corresponding database that linked each specific video file to corresponding specific Ring customers.

“If [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.””

At the same time, the source said, Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs. For someone who’d been given this top-level access — comparable to Uber’s infamous “God mode” map that revealed the movements of all passengers — only a Ring customer’s email address was required to watch cameras from that person’s home.

Source: For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching

Netflix password sharing may soon be impossible due to new AI tracking

A video software firm has come up with a way to prevent people from sharing their account details for Netflix and other streaming services with friends and family members.

UK-based Synamedia unveiled the artificial intelligence software at the CES 2019 technology trade show in Las Vegas, claiming it could save the streaming industry billions of dollars over the next few years.

Casual password sharing is practised by more than a quarter of millennials, according to figures from market research company Magid.

Separate figures from research firm Parks Associates predicts that by $9.9 billion (£7.7bn) of pay-TV revenues and $1.2 billion of revenue from subscription-based streaming services will be lost to credential sharing each year.

The AI system developed by Synamedia uses machine learning to analyse account activity and recognise unusual patterns, such as account details being used in two locations within similar time periods.

The idea is to spot instances of customers sharing their account credentials illegally and offering them a premium shared account service that will authorise a limited level of password sharing.

“Casual credentials sharing is becoming too expensive to ignore. Our new solution gives operators the ability to take action,” said Jean Marc Racine, Synamedia’s chief product officer.

“Many casual users will be happy to pay an additional fee for a premium, shared service with a greater number of concurrent users. It’s a great way to keep honest people honest while benefiting from an incremental revenue stream.”

Source: Netflix password sharing may soon be impossible due to new AI tracking | The Independent

I like the “keeping honest people honest” bit instead of “money grubbing firms richer”

Modlishka allows for very easy fishing / MITM

You basically just put it on a local domain, point people there and it forwards the traffic up and down to the target website – so no templates, no warnings. It will also push through two factor authentication requests and answers.

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).

Enjoy 🙂


Some of the most important ‘Modlishka’ features :

  • Support for majority of 2FA authentication schemes (by design).
  • No website templates (just point Modlishka to the target domain – in most cases, it will be handled automatically).
  • Full control of “cross” origin TLS traffic flow from your victims browsers.
  • Flexible and easily configurable phishing scenarios through configuration options.
  • Pattern based JavaScript payload injection.
  • Striping website from all encryption and security headers (back to 90’s MITM style).
  • User credential harvesting (with context based on URL parameter passed identifiers).
  • Can be extended with your ideas through plugins.
  • Stateless design. Can be scaled up easily for an arbitrary number of users – ex. through a DNS load balancer.
  • Web panel with a summary of collected credentials and user session impersonation (beta).
  • Written in Go.

In an email to ZDNet, Duszyński described Modlishka as a point-and-click and easy-to-automate system that requires minimal maintenance, unlike previous phishing toolkits used by other penetration testers.

“At the time when I started this project (which was in early 2018), my main goal was to write an easy to use tool, that would eliminate the need of preparing static webpage templates for every phishing campaign that I was carrying out,” the researcher told us.

“The approach of creating a universal and easy to automate reverse proxy, as a MITM actor, appeared to be the most natural direction. Despite some technical challenges, that emerged on this path, the overall result appeared to be really rewarding,” he added.

“The tool that I wrote is sort of a game changer, since it can be used as a ‘point and click’ proxy, that allows easy phishing campaign automation with full support of the 2FA (an exception to this is a U2F protocol based tokens – which is currently the only resilient second factor).


Y’know how you might look at someone and can’t help but wonder if they have a genetic disorder? We’ve taught AI to do the same

Artificial intelligence can potentially identify someone’s genetic disorders by inspecting a picture of their face, according to a paper published in Nature Medicine this week.

The tech relies on the fact some genetic conditions impact not just a person’s health, mental function, and behaviour, but sometimes are accompanied with distinct facial characteristics. For example, people with Down Syndrome are more likely to have angled eyes, a flatter nose and head, or abnormally shaped teeth. Other disorders like Noonan Syndrome are distinguished by having a wide forehead, a large gap between the eyes, or a small jaw. You get the idea.

An international group of researchers, led by US-based FDNA, turned to machine-learning software to study genetic mutations, and believe that machines can help doctors diagnose patients with genetic disorders using their headshots.

The team used 17,106 faces to train a convolutional neural network (CNN), commonly used in computer vision tasks, to screen for 216 genetic syndromes. The images were obtained from two sources: publicly available medical reference libraries, and snaps submitted by users of a smartphone app called Face2Gene, developed by FDNA.

Given an image, the system, dubbed DeepGestalt, studies a person’s face to make a note of the size and shape of their eyes, nose, and mouth. Next, the face is split into regions, and each piece is fed into the CNN. The pixels in each region of the face are represented as vectors and mapped to a set of features that are commonly associated with the genetic disorders learned by the neural network during its training process.

DeepGestalt then assigns a score per syndrome for each region, and collects these results to compile a list of its top 10 genetic disorder guesses from that submitted face.


An example of how DeepGestalt works. First, the input image is analysed using landmarks and sectioned into different regions before the system spits out its top 10 predictions. Image credit: Nature and Gurovich et al.

The first answer is the genetic disorder DeepGestalt believes the patient is most likely affected by, all the way down to its tenth answer, which is the tenth most likely disorder.

When it was tested on two independent datasets, the system accurately guessed the correct genetic disorder among its top 10 suggestions around 90 per cent of the time. At first glance, the results seem promising. The paper also mentions DeepGestalt “outperformed clinicians in three initial experiments, two with the goal of distinguishing subjects with a target syndrome from other syndromes, and one of separating different genetic subtypes in Noonan Syndrome.”

There’s always a but

A closer look, though, reveals that the lofty claims involve training and testing the system on limited datasets – in other words, if you stray outside the software’s comfort zone, and show it unfamiliar faces, it probably won’t perform that well. The authors admit previous similar studies “have used small-scale data for training, typically up to 200 images, which are small for deep-learning models.” Although they use a total of more than 17,000 training images, when spread across 216 genetic syndromes, the training dataset for each one ends up being pretty small.

For example, the model that examined Noonan Syndrome was only trained on 278 images. The datasets DeepGestalt were tested against were similarly small. One only contained 502 patient images, and the other 392.

Source: Y’know how you might look at someone and can’t help but wonder if they have a genetic disorder? We’ve taught AI to do the same • The Register

Professor exposing unethical academic publishing is being sued by university in childish discrediting counterclaims of being unethical for showing unethical behaviour

The three authors, who describe themselves as leftists, spent 10 months writing 20 hoax papers they submitted to reputable journals in gender, race, sexuality, and related fields. Seven were accepted, four were published online, and three were in the process of being published when questions raised in October by a skeptical Wall Street Journal editorial writer forced them to halt their project.

One of their papers, about canine rape culture in dog parks in Portland, Ore., was initially recognized for excellence by the journal Gender, Place, and Culture, the authors reported.

The hoax was dubbed “Sokal Squared,” after a similar stunt pulled in 1996 by Alan Sokal, then a physicist at New York University.

After their ruse was revealed, the three authors described their project in an October article in the webzine Areo, which Pluckrose edits. Their goal, they wrote, was to “to study, understand, and expose the reality of grievance studies, which is corrupting academic research.” They contend that scholarship that tends to social grievances now dominates some fields, where students and others are bullied into adhering to scholars’ worldviews, while lax publishing standards allow the publication of clearly ludicrous articles if the topic is politically fashionable.


In November the investigating committee reported that the dog-park article contained knowingly fabricated data and thus constituted research misconduct. The review board also determined that the hoax project met the definition for human-subjects research because it involved interacting with journal editors and reviewers. Any research involving human subjects (even duped journal editors, apparently) needs IRB approval first, according to university policy.

“Your efforts to conduct human-subjects research at PSU without a submitted nor approved protocol is a clear violation of the policies of your employer,” McLellan wrote in an email to Boghossian.

The decision to move ahead with disciplinary action came after a group of faculty members published a letter in the student newspaper decrying the hoax as “lies peddled to journals, masquerading as articles.” These “lies” are designed “not to critique, educate, or inspire change in flawed systems,” they wrote, “but rather to humiliate entire fields while the authors gin up publicity for themselves without having made any scholarly contributions whatsoever.” Such behavior, they wrote, hurts the reputations of the university as well as honest scholars who work there. “Worse yet, it jeopardizes the students’ reputations, as their degrees in the process may become devalued.”


Meanwhile, within the first 24 hours of news leaking about the proceedings against him, more than 100 scholars had written letters defending Boghossian, according to his media site, which posted some of them.

Steven Pinker, a professor of psychology at Harvard University, was among the high-profile scholars who defended him. “Criticism and open debate are the lifeblood of academia; they are what differentiate universities from organs of dogma and propaganda,” Pinker wrote. “If scholars feel they have been subject to unfair criticism, they should explain why they think the critic is wrong. It should be beneath them to try to punish and silence him.”

Richard Dawkins, an evolutionary biologist, author, and professor emeritus at the University of Oxford, had this to say: “If the members of your committee of inquiry object to the very idea of satire as a form of creative expression, they should come out honestly and say so. But to pretend that this is a matter of publishing false data is so obviously ridiculous that one cannot help suspecting an ulterior motive.”

Sokal, who is now at University College London, wrote that Boghossian’s hoax had served the public interest and that the university would become a “laughingstock” in academe as well as the public sphere if it insisted that duping editors constituted research on human subjects.

One of Boghossian’s co-author, Lindsay, urged him in the video they posted to emphasize that the project amounted to an audit of certain sectors of academic research. “People inside the system aren’t allowed to question the system? What kind of Orwellian stuff is that?” Lindsay asked.

Source: Proceedings Start Against ‘Sokal Squared’ Hoax Professor – The Chronicle of Higher Education

Pots and kettles? I think it’s just the American way of getting back at someone who has made you blush – destroy at all costs!

T-Mobile, Sprint, and AT&T Are Selling Customers’ Real-Time Location Data, And It’s Falling Into the Wrong Hands

Nervously, I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. Armed with just the number and a few hundred dollars, he said he could find the current location of most phones in the United States.

The bounty hunter sent the number to his own contact, who would track the phone. The contact responded with a screenshot of Google Maps, containing a blue circle indicating the phone’s current location, approximate to a few hundred metres.

Queens, New York. More specifically, the screenshot showed a location in a particular neighborhood—just a couple of blocks from where the target was. The hunter had found the phone (the target gave their consent to Motherboard to be tracked via their T-Mobile phone.)

The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.

Whereas it’s common knowledge that law enforcement agencies can track phones with a warrant to service providers, IMSI catchers, or until recently via other companies that sell location data such as one called Securus, at least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard. Compounding that already highly questionable business practice, this spying capability is also being resold to others on the black market who are not licensed by the company to use it, including me, seemingly without Microbilt’s knowledge.

Source: T-Mobile, Sprint, and AT&T Are Selling Customers’ Real-Time Location Data, And It’s Falling Into the Wrong Hands

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)

Among the 49 bug fixes were patches for remote code execution flaws in DHCP (CVE-2019-0547) and an Exchange memory corruption flaw (CVE-2019-0586) that Trend Micro ZDI researcher Dustin Childs warns is particularly dangerous as it can be exploited simply by sending an email to a vulnerable server.

“That’s a bit of a problem, as receiving emails is a big part of what Exchange is meant to do,” Childs explained.

“Microsoft lists this as Important in severity, but taking over an Exchange server by simply sending it an email puts this in the Critical category to me. If you use Exchange, definitely put this high on your test and deploy list.”

Source: Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing) • The Register

Millions of Americans Are Wrong About Having a Food Allergy: about 1/2 who think they have don’t, but have never seen a doc about it

Millions of Americans might be mistaken about their self-professed food allergy, suggests a new survey. It found that while nearly 20 percent of people said they had a food allergy, only half as many people reported the sort of symptoms you’d expect from eating something you’re allergic to.

Researchers surveyed more than 40,000 adults via the phone and internet between October 2015 to September 2016. The volunteers were asked if they had any food allergies and about what symptoms they typically had. They were also asked if they had ever been formally tested and diagnosed with a food allergy by a doctor.

All told, 19 percent of the nationally representative group reported having a food allergy. But only 10.8 percent said they had symptoms consistent with an allergic reaction to food, such as hives, swelling of the lips or throat, and chest pain. The main culprits behind these allergies were shellfish, milk, and tree nuts. Those who didn’t have a convincing food allergy instead reported symptoms like stomach cramps, a stuffy nose, or nausea.

The findings, published Friday in JAMA Network Open, roughly match up to estimates from other studies, including those that confirmed a person’s food allergy with testing or medical records. In terms of the U.S. population, the study estimates, there are about 26 million adult Americans with a food allergy—and there are likely nearly as many Americans who wrongly say they have one. But that doesn’t mean huge swaths of people are pretending to have food allergies; it’s just that we could be a little confused about the terminology.

True allergies, as they’re known, happen when the immune system overreacts very quickly and in a specific way to a foreign substance harmless to us, whether it’s food or a piece of clothing. The antibodies usually responsible for an allergic reaction are called immunoglobulin E, or IgE. When doctors test for allergies, it’s IgE antibodies they’re looking for. But people can react badly to food for other reasons outside of this process.

Lactose intolerance is probably the best known example of this, and it happens because many adults are less able to break down lactose, the sugar commonly found in dairy products, into simpler sugars. Another genetic condition, celiac disease, makes people unable to digest gluten. Some people also seem to have delayed immune reactions to food without IgE in the picture, though we’re less sure about how commonly this happens and how to accurately diagnose it. Many doctors, for instance, criticize tests that promise to find these so-called food sensitivities with ease.

It’s likely then, the researchers say, that people might be mixing up a food intolerance or sensitivity with a food allergy.

What’s also concerning is that many people with likely food allergies in their survey have seemingly never talked to a doctor about it. Only half of the group said they had an official diagnosis from a physician. And while many of us develop food allergies early on in childhood, just about half reported finding out about their allergy as adults.

Source: Millions of Americans Are Wrong About Having a Food Allergy, Study Suggests

Sony appears to be blocking Kodi on its recent Android TVs

For the unfamiliar, Kodi is an open source, cross-platform streaming and media player solution that allows you to access and play local, network, and remote content. The UI has been extensively optimized over the last 15 years since the XBMC days to provide one of the best big-screen experiences out there, and it’s been one of the most popular HTPC media playback applications for years.

The official Kodi project Twitter account pointed out Sony’s deficiency a couple of days ago, but reports on the Kodi forums of issues installing and running the app from the Play Store go even further back to last year. A handful of affected enthusiasts believe they have discovered the cause of the problem: Sony seems to be blocking the package ID for the app from being installed/run. Supporting this theory is the fact that recompiling the app from scratch with a different ID allows it to work.

Humorously enough, Samsung’s official US Twitter account has jumped on Sony’s snafu to encourage users to switch brands — unfortunately overlooking the fact that Samsung’s TVs don’t run Android TV, and can’t use the Android Kodi app without an external device. Even so, anything that increases the pressure against Sony for this consumer-unfriendly move is a good thing.

Source: Sony appears to be blocking Kodi on its recent Android TVs

Snips – a private, offline voice assistant

Snips is the first Voice Platform where you can build an Voice Assistant that is Private by Design.

Source: Snips — Using Voice to Make Technology Disappear

Which means, unlike Alexa or Google Home, your voice data doesn’t get listened to by the cloud, doesn’t get saved by strangers targetting advertising at you and works when the Cloud ™ goes down.

The homepage

If you don’t want to put together all the bits and bobs (Raspberry Pi, mic, speaker, etc) you can get the Seeed Voice Interaction Development Kit for $115 and satellites (which relay commands to your base kit) for $85,-

The Snips makers page is the starting point to join and see projects

They have an app store with loads of intents pre programmed for you to install

This is a pretty good github page of awesome snips

An example including how to install from base on how to do a multiplication table game

Another example on how to integrate Sonos

The forum

And a telegram page

the Facebook page

It also integrates with home assistant

From Edgar BV Wiki

NSA to release a free reverse engineering tool GHIDRA

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it’s been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software.

GHIDRA’s existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA’s internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

According to these documents, GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.

GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.

According to GHIDRA’s description in the RSA conference session intro, the tool “includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed.”

US government workers to whom ZDNet has spoken today said the tool is well-known and liked, and generally used by operators in defensive roles, who normally analyze malware found on government networks.

Some people who know and used the tool and have shared opinions on social media, such as HackerNews, Reddit, and Twitter, have compared GHIDRA with IDA, a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.

Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.

The news of the NSA open-sourcing one of its internal tools should not surprise you. The NSA has open-sourced all sorts of tools over the past few years, with the most successful of them being Apache NiFi, a project for automating large data transfers between web apps, and which has become a favorite on the cloud computing scene.

In total, the NSA has open-sourced 32 projects as part of its Technology Transfer Program (TTP) so far and has most recently even opened an official GitHub account.

GHIDRA will be demoed at the RSA conference on March 5 and is expected to be released soon after on the agency’s Code page and GitHub account.

Source: NSA to release a free reverse engineering tool | ZDNet

A mathematical approach for understanding intra-plant communication

A team of researchers at the Gran Sasso Science Institute (GSSI) and Istituto Italiano di Technologia (IIT) have devised a mathematical approach for understanding intra-plant communication. In their paper, pre-published on bioRxiv, they propose a fully coupled system of non-linear, non-autonomous discontinuous and ordinary differential equations that can accurately describe the adapting behavior and growth of a single plant, by analyzing the main stimuli affecting plant behavior.

Recent studies have found that rather than being passive organisms, can actually exhibit complex behaviors in response to environmental stimuli, for instance, adapting their resource allocation, foraging strategies, and growth rates according to their surrounding environment. How plants process and manage this network of stimuli, however, is a complex biological question that remains unanswered.

Researchers have proposed several mathematical models to achieve a better understanding of plant behavior. Nonetheless, none of these models can effectively and clearly portray the complexity of the stimulus-signal-behavior chain in the context of a plant’s internal communication network.

Read more at:

Source: A mathematical approach for understanding intra-plant communication

Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone’s passcode screen to view photos, contacts, and even launch browser windows.

Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone’s phone to receive a Skype call, answer it without unlocking the handset, and then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone. This is handy for thieves, pranksters, prying partners, and so on. Here’s a video demonstrating the bypass…

Kunushevci, a 19-year-old bug researcher from Kosovo, said he was an everyday user of the Skype for Android app when he noticed that something appeared to be amiss with the way the VoIP app accessed files on the handset. Curious, he decided to put his white hat on, and take a closer look.

Source: Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass • The Register

Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices

Uploaded to Github on Thursday, a tool called Crashcast enables the almost instantaneous takeover all of Chromecast streaming devices left accessible online by mistake. This same misconfiguration issue was taken advantage of by the hacker duo Hacker Giraffe and j3ws3r earlier this week to broadcast a message in support of the YouTube star Felix Kjellberg, more widely known as PewDiePie, to thousands of Chromecast owners.

The prank was intended to draw attention, the hacker said, to the fact that thousands of Chromecast devices globally have been left exposed unnecessarily.

Hacker Giraffe, who not too long ago pulled a similar prank using internet-connected printers, said on Thursday that the backlash caused by the Chromecast high jinks led them to give up hacking. The fear of getting caught and prosecuted, the hacker wrote on Pastebin, was causing “all kinds of fears and panic attacks.”

“I just wanted to inform people of their vulnerable devices while supporting a YouTuber I liked. I never meant any harm, nor did I ever have any ill intentions,” they added.

But now a tool which accomplishes the same feat is accessible to virtually anyone, thanks to Amir Khashayar Mohammadi, a security and freelance researcher. Mohammadi tells Gizmodo, however, that the tool he’s released is merely a proof-of-concept uploaded to further research into the problem, and is not intended for people to use maliciously.

Crashcast shown preparing to broadcast a YouTube video to 176,642 Chromecast devices.

Luckily, the problem is a fairly benign one. The tool doesn’t allow for remote code execution, so forcing the device to play random YouTube videos is about all that can be accomplished. “You’re not necessarily hacking anything here,” says Mohammadi, who blogs and publishes papers on the website “All you’re doing is issuing a cURL command which in this case tells the Chromecast to view a video.”

“There is no authentication or bypass, you’re actually doing what the Chromecast is intended to do, except the reason this works is because they’re all being exposed to the internet,” he continued, adding: “I mean honestly, why would anyone leave their Chromecast on the internet? It makes no sense. You’re literally asking for it.”

Source: Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices

Scientists Have ‘Hacked Photosynthesis’ In Search Of More Productive Crops: 40% bigger, growing faster

There’s a big molecule, a protein, inside the leaves of most plants. It’s called Rubisco, which is short for an actual chemical name that’s very long and hard to remember.

Amanda Cavanagh, a biologist and post-doctoral researcher at the University of Illinois, calls herself a big fan of Rubisco. “It’s probably the most abundant protein in the world,” she says. It’s also super-important.

Scientist Amanda Cavanagh snap freezes plant samples with liquid nitrogen to study how the metabolism differs between unmodified plants and plants engineered with alternate pathways for photorespiration.

Claire Benjamin/RIPE Project

Rubisco has one job. It picks up carbon dioxide from the air, and it uses the carbon to make sugar molecules. It gets the energy to do this from the sun. This is photosynthesis, the process by which plants use sunlight to make food, a foundation of life on Earth. Yay for Rubisco!

“But it has what we like to call one fatal flaw,” Cavanagh continues. Unfortunately, Rubisco isn’t picky enough about what it grabs from the air. It also picks up oxygen. “When it does that, it makes a toxic compound, so the plant has to detoxify it.”

Plants have a whole complicated chemical assembly line to carry out this detoxification, and the process uses up a lot of energy. This means the plant has less energy for making leaves, or food for us. (There is a family of plants, including corn and sugar cane, that developed another type of workaround for Rubisco, and those plants are much more productive.)

Cavanagh and her colleagues in a research program called Realizing Increased Photosynthetic Efficiency (RIPE), which is based at the University of Illinois, have spent the last five years trying to fix Rubisco’s problem. “We’re sort of hacking photosynthesis,” she says.

They experimented with tobacco plants, just because tobacco is easy to work with. They inserted some new genes into these plants, which shut down the existing detoxification assembly line and set up a new one that’s way more efficient. And they created super tobacco plants. “They grew faster, and they grew up to 40 percent bigger” than normal tobacco plants, Cavanagh says. These measurements were done both in greenhouses and open-air field plots.

Source: Scientists Have ‘Hacked Photosynthesis’ In Search Of More Productive Crops : The Salt : NPR

Once considered outlandish, the idea that plants help their relatives is taking root

For people, and many other animals, family matters. Consider how many jobs go to relatives. Or how an ant will ruthlessly attack intruder ants but rescue injured, closely related nestmates. There are good evolutionary reasons to aid relatives, after all. Now, it seems, family feelings may stir in plants as well.

A Canadian biologist planted the seed of the idea more than a decade ago, but many plant biologists regarded it as heretical—plants lack the nervous systems that enable animals to recognize kin, so how can they know their relatives? But with a series of recent findings, the notion that plants really do care for their most genetically close peers—in a quiet, plant-y way—is taking root. Some species constrain how far their roots spread, others change how many flowers they produce, and a few tilt or shift their leaves to minimize shading of neighboring plants, favoring related individuals.

“We need to recognize that plants not only sense whether it’s light or dark or if they’ve been touched, but also whom they are interacting with,” says Susan Dudley, a plant evolutionary ecologist at McMaster University in Hamilton, Canada, whose early plant kin recognition studies sparked the interest of many scientists.

Beyond broadening views of plant behavior, the new work may have a practical side. In September 2018, a team in China reported that rice planted with kin grows better, a finding that suggested family ties can be exploited to improve crop yields. “It seems anytime anyone looks for it, they find a kin effect,” says André Kessler, a chemical ecologist at Cornell University.

Source: Once considered outlandish, the idea that plants help their relatives is taking root | Science | AAAS

German Politicians Hit With Unprecedented Leak of Private Information

On Thursday, authorities in Germany were made aware of an enormous leak of personal information belonging to artists, media figures, and politicians—including Chancellor Angela Merkel. The hack is being called the “biggest data dump” in German history and appears to contain a treasure trove of information that could be used for identity theft.

Early reports and tweets identified the source of the leak as a now-suspended Twitter account with the handle “@_0rbit” and username “G0d.” According to multiple reports, the account began posting the data in December, Advent-calender-style. The astounding collection of stolen information reportedly includes email addresses, documents, private correspondence, credit card information, passwords, family information, and even photocopies of personal ID cards. The victims included the members of virtually every political party in German Parliament, TV journalists, musicians, and YouTube stars.

While the Twitter account and an associated Blogspot have been removed, the information was still relatively easy to track down. One security researcher on Twitter noted that this dump was incredibly labor intensive with hundreds of mirror links ensuring the information would be difficult to take down. At least one link that Gizmodo viewed on Imgur disappeared a few minutes later.


One good thing that could come out of this mess is, politicians have begun to call for stronger data protection and security measures in Germany. Britta Haßelmann, the parliamentary executive director of the Greens, released a statement asking for proactive measures that include “a renunciation of state-run security with vulnerabilities, end-to-end encryption and the strengthening of independent supervisory structures.”

Source: German Politicians Hit With Unprecedented Leak of Private Information

And suddenly they sit up and notice when it affects them personally

Ethereum Plans To Cut Its Absurd Energy Consumption By 99 Percent

Ethereum mining consumes a quarter to half of what Bitcoin mining does, but that still means that for most of 2018 it was using roughly as much electricity as Iceland. Indeed, the typical Ethereum transaction gobbles more power than an average U.S. household uses in a day. “That’s just a huge waste of resources, even if you don’t believe that pollution and carbon dioxide are an issue. There are real consumers — real people — whose need for electricity is being displaced by this stuff,” says Vitalik Buterin, the 24-year-old Russian-Canadian computer scientist who invented Ethereum when he was just 18.

Buterin plans to finally start undoing his brainchild’s energy waste in 2019. This year Buterin, the Ethereum Foundation he cofounded, and the broader open-source movement advancing the cryptocurrency all plan to field-test a long-promised overhaul of Ethereum’s code. If these developers are right, by the end of 2019 Ethereum’s new code could complete transactions using just 1 percent of the energy consumed today.

Source: Ethereum Plans To Cut Its Absurd Energy Consumption By 99 Percent – Slashdot

Skip to toolbar