NSA opens Github repo

THE TECHNOLOGIES LISTED BELOW were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.


Humanity uploaded an AI to Mars and lets it shoot rocks with lasers

AEGIS doesn’t cover general operations, which are still directed by humans. Instead it lets Curiosity pick its own targets on which to focus its ChemCam, an instrument that first vaporizes Martian rocks with a laser and then studies the resulting gases. AEGIS does so after analysing images captured by Curiosity’s NavCam, which snaps stereo images, and also using ChemCam’s own Remote Micro-Imager context camera. Once it detects a worthy target, ChemCam puts the nuclear-powered space tank’s laser to work eliminating Martian pebbles.

The paper says AEGIS now goes to work after most of Curiosity’s short drives across Mars, and “has proven useful in rapidly gathering geochemical measurements and making use of otherwise idle time between the end of the drive and the next planning cycle.” 54 slices of idle time to be precise, as that’s the number of occasions on which Curiosity’s had enough juice to run it.

The software is making good assessments of what to zap and sniff: the paper says “in a number of cases [AEGIS] has chosen rock targets which were among the same ones that were independently ranked highly by the science team for study.” The result is better-targeted work, as Curiosity was previously set to do blind targeting “at pre-selected angles with respect to the rover, without knowing what it would find at that position post-drive.” Now it’s focussing in on outcrops, a desirable target.

Source: Humanity uploaded an AI to Mars and lets it shoot rocks with lasers

Navistone saves filled in form data on hundreds of sites before you submit it!

[As you fill out a form] You change your mind and close the page before clicking the Submit button and agreeing to Quicken’s privacy policy.[…]Your email address and phone number have already been sent to a server at “murdoog.com,” which is owned by NaviStone, a company that advertises its ability to unmask anonymous website visitors and figure out their home addresses. NaviStone’s code on Quicken’s site invisibly grabbed each piece of your information as you filled it out, before you could hit the “Submit” button.

During a recent investigation into how a drug-trial recruitment company called Acurian Health tracks down people who look online for information about their medical conditions, we discovered NaviStone’s code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.
Only one site of the dozens we reviewed, Gardeners.com, explicitly revealed in its privacy policy what it was doing. It read, “Information you enter is collected even if you cancel or do not complete an order.” The rest of the sites had the usual legalese in their policies about using standard tracking tech such as cookies and Web beacons, which did not describe the way this particular information capture works.

Source: Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data

Not only are they saving your data without your consent, they boast that they can send you post within 2 days. Once Gizmodo tested a few of the sites with their technology enabled, they denied everything, even though Gizmodo was sitting on the proof. Scumbags.

Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal

Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense.

That acquisition takes square aim at Walmart’s bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence.

Now, Walmart is telling some partners and suppliers that their software services should not run on Amazon Web Services cloud infrastructure, according to the Wall Street Journal.

The report quoted Bob Muglia, CEO of Snowflake Computing, saying that a Walmart (wmt, +0.98%) partner wanted to use his company’s data warehouse service, but was told it had to run on Microsoft (msft, +0.63%) Azure cloud instead of AWS.

Source: Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal

Mazda Getinfo allows you to use the USB port to edit the 2014+ Mazda Car’s infotainment system

mazda_getInfo – A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made

Inventory insurers in NL sneakily exclude smartphones

It turns out they won’t cover the cost of your smartphone breakages, because they are the most popular claims. And if they do cover your tablet, there are surcharges and other difficulties.

Allrisk inboedelverzekeraars hebben zich gewapend tegen kwetsbare smartphones, zo blijkt uit onderzoek van financieel communicatiebureau SevenEight onder 23 grote allrisk inboedelverzekeraars.

Source: Inboedelverzekeraar niet dol op smartphones – Emerce

Personal data on 198 million voters, including analytics data that suggests who a person is likely to vote for and why, was stored on an unsecured Amazon server.

A huge trove of voter data, including personal information and voter profiling data on what’s thought to be every registered US voter dating back more than a decade, has been found on an exposed and unsecured server, ZDNet has learned.

It’s believed to be the largest ever known exposure of voter information to date.

The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics
Each record lists a voter’s name, date of birth, home address, phone number, and voter registration details, such as which political party a person is registered with. The data also includes “profiling” information, voter ethnicities and religions, and various other kinds of information pertinent to a voter’s political persuasions and preferences, as modeled by the firms’ data scientists, in order to better target political advertising

Source: ZDNet

Revealed: Facebook exposed identities of moderators to suspected terrorists

A security lapse that affected more than 1,000 workers forced one moderator into hiding – and he still lives in constant fear for his safety

Source: Revealed: Facebook exposed identities of moderators to suspected terrorists

Facebook moderators like him first suspected there was a problem when they started receiving friend requests from people affiliated with the terrorist organizations they were scrutinizing.

An urgent investigation by Facebook’s security team established that personal profiles belonging to content moderators had been exposed.
Facebook then discovered that the personal Facebook profiles of its moderators had been automatically appearing in the activity logs of the groups they were shutting down.
In one exchange, before the Facebook investigation was complete, D’Souza sought to reassure the moderators that there was “a good chance” any suspected terrorists notified about their identity would fail to connect the dots.

“Keep in mind that when the person sees your name on the list, it was in their activity log, which contains a lot of information,” D’Souza wrote, “there is a good chance that they associate you with another admin of the group or a hacker …”
The bug in the software was not fixed for another two weeks, on 16 November 2016. By that point the glitch had been active for a month. However, the bug was also retroactively exposing the personal profiles of moderators who had censored accounts as far back as August 2016.

Facebook offered to install a home alarm monitoring system and provide transport to and from work to those in the high risk group. The company also offered counseling through Facebook’s employee assistance program, over and above counseling offered by the contractor, Cpl.
“Our investigation found that only a small fraction of the names were likely viewed, and we never had evidence of any threat to the people impacted or their families as a result of this matter,” the spokesman said.
He was paid just €13 ($15) per hour for a role that required him to develop specialist knowledge of global terror networks and scour through often highly-disturbing material.

“You come in every morning and just look at beheadings, people getting butchered, stoned, executed,” he said.
The moderator said that when he started, he was given just two weeks training and was required to use his personal Facebook account to log into the social media giant’s moderation system.
In an attempt to boost morale among agency staff, Facebook launched a monthly award ceremony to celebrate the top quality performers. The prize was a Facebook-branded mug. “The mug that all Facebook employees get,” he noted.

Finally, a Tool for Making Totally Clear Ice Spheres 

Finally, a Tool for Making Totally Clear Ice Spheres 


Man Buys Two Metric Tons of LEGO Bricks; Sorts Them Via Machine Learning


Scientists win Nobel Prize in Chemistry for making tiny machines out of molecules


This year’s Nobel Prize in Chemistry has been awarded to three scientists who figured out how to build tiny machines out of molecules. The machines, which include a nano-sized car, are invisible to the human eye and have important implications in medicine and other fields. The researchers — Jean-Pierre Sauvage, J. Fraser Stoddart, and Bernard Feringa — will share the prize equally.

Tails 3.0 – anonymous live OS is out

Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card.

It aims at preserving your privacy and anonymity, and helps you to:

use the Internet anonymously and circumvent censorship;
all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.


Facebook’s Emotion Tech: Patents Show New Ways For Detecting And Responding To Users’ Feelings

Facebook’s newest patent, granted May 25, aims to monitor users’ typing speed to predict emotions and adapt messages in response.

We took a look at some of Facebook’s emotion-based patents to understand how the company is thinking about capturing and responding to people’s emotional reactions, which has been a tricky area for consumer tech companies but key to their future. On the one hand, they want to identify which content is most engaging and respond to audience’s reactions, on the other emotion-detection is technically difficult, not to mention a PR and ethical minefield.

Source: Facebook’s Emotion Tech: Patents Show New Ways For Detecting And Responding To Users’ Feelings

Dutch Usenetprovider Eweka forced by judge to hand over personal details to BREIN without judicial oversight

A Dutch judge has said that the usenet provider needs to hand over personal details to BREIN (the Dutch version of the RIAA) without any reason other than that BREIN wants them or face a fine of EUR 1000,- per day. It’s pretty bizarre that some commercial entity can raid anyones private data because they feel like it, but it looks like the North Holland judge prefers cash money to personal interests and judicial oversight.

De rechtbank Noord-Holland heeft vonnis gewezen in een zaak tussen BREIN en Usenetprovider Eweka. Eweka handelt onrechtmatig door BREIN niet terstond – zonder gerechtelijk vonnis – identificerende gegevens te verschaffen van een uploader van auteursrechtelijk beschermd materiaal. Dat moet alsnog gebeuren op verbeurte van een dwangsom van 1000 euro per dag.

Source: Usenetprovider Eweka moet persoonsgegevens overleggen – Emerce

Artificial tongues can discriminate between whiskeys

We present simple tongues consisting of fluorescent polyelectrolytes or chimeric green fluorescent proteins (GFPs) to discriminating 33 different whiskies according to their country of origin (Ireland, US, or Scotland), brand, blend status (blend or single malt), age, and taste (rich or light). The mechanism of action for these tongues is differential quenching of the fluorescence of the poly(aryleneethynylene)s or the GFPs by the complex mixture of colorants (vanillin, vanillic acid, oak lactones, tannins, etc.; the interactome) extracted from the oak barrels and added caramel coloring. The differential binding and signal generation of the interactomes to the polymers and proteins result from hydrophobic and electrostatic interactions. The collected quenching data, i.e., the response patterns, were analyzed by linear discriminant analysis. Our tongues do not need any sample preparation and are equal or superior to state-of-the-art mass spectrometric methods with respect to speed, resolution, and efficiency of discrimination.

Which means the artificial tongues can taste stuff without having to decompose it in any way either.

Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company’s servers.

Source: Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

The “Doubleswitch” social media attack: how to lock people out of social media accounts and use them to spread fake news

With the Doubleswitch attack, a hijacker takes control of a victim’s account through one of several attack vectors. People who have not enabled an app-based form of multifactor authentication for their accounts are especially vulnerable. For instance, an attacker could trick you into revealing your password through phishing. If you don’t have multifactor authentication, you lack a secondary line of defense. Once in control, the hijacker can then send messages and also subtly change your account information, including your username. The original username for your account is now available, allowing the hijacker to register for an account using that original username, while providing different login credentials. Now, if you try to recover your original account by resetting your password, the reset email will be sent directly to the hijacker.

Source: The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now

Artificial intelligence can now predict suicide risk with remarkable accuracy

In trials, results have been 80-90% accurate when predicting whether someone will attempt suicide within the next two years, and 92% accurate in predicting whether someone will attempt suicide within the next week.

The prediction is based on data that’s widely available from all hospital admissions, including age, gender, zip codes, medications, and prior diagnoses. Walsh and his team gathered data on 5,167 patients from Vanderbilt University Medical Center that had been admitted with signs of self-harm or suicidal ideation. They read each of these cases to identify the 3,250 instances of suicide attempts.

This set of more than 5,000 cases was used to train the machine to identify those at risk of attempted suicide compared to those who committed self-harm but showed no evidence of suicidal intent. The researchers also built algorithms to predict attempted suicide among a group 12,695 randomly selected patients with no documented history of suicide attempts. It proved even more accurate at making suicide risk predictions within this large general population of patients admitted to the hospital.

Source: Artificial intelligence can now predict suicide risk with remarkable accuracy

Hackers Can Spoof Phone Numbers, Track Users via 4G VoLTE Mobile Technology

A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries.
Researchers say that an attacker on the same network can send modified SIP INVITE messages to brute-force the mobile provider and get a list of all users on its network.
This could be an issue with lawful interception (surveillance) because it allows possible crime suspects a way to create covert data communications channels.
Researchers warn that this is a “critical” issue that may result in attackers accessing another person’s voice mail, or could cause problems for law enforcement monitoring criminals, who would be able to avoid surveillance by placing calls from another phone number.

Not mentioned by researchers, but a plausible scenario, is if tech support scammers would spoof the phone numbers of legitimate companies to call customers and obtain sensitive information such as passwords, card PINs, and other.
Researchers recommend that mobile telcos sanitize the headers of “200 OK” messages and remove any equipment info that may allow an attacker to create a virtual map of its network. This information is dangerous because it allows threat actors to plan and carry out finely-tuned attacks against the mobile operator.
Researchers discovered that by watching VoLTE traffic on an Android that’s initiating a call, intermediary messages exchanged before establishing a connection reveal information about the callee (victim)’s IMEI number.
attackers could initiate shadow calls, detect the victim’s approximate location, and hang up before the phone call is established.

Source: Hackers Can Spoof Phone Numbers, Track Users via 4G VoLTE Mobile Technology

Chinese Windows 10 doesn’t spy on you

Weg met telemetrie en ruime dataverzameling – het kan dus wel.

Source: Wil je privacy? Gebruik dan de Chinese Windows 10!

Microsoft has released a version of Windows 10 for the Chinese (!) market that doesn’t send all sorts of telemetry and private data to itself. This version is not available for the rest of us, in the rest of the world, Microsoft still has you as a secondary product.

Samsung forces unkillable adverts down Galaxy S8 buyers’ throats

“Hier heb ik geen 1000 dollar voor betaald!”

Source: Samsung verrast gebruikers met advertenties op Galaxy S8 – Webwereld

They come with the gaming service which cannot be disabled or uninstalled unless you’re root. Considering you pay through the nose for the most breakable piece of hardware there is, this sounds like a great reason to not buy Samsung any more.

Apple Rolls Out New Feature That Permanently Associates Devices with Apps, Even After Deletion

Tim Cook once scolded Travis Kalanick about Uber’s practice of tracking users even after they deleted the app from their iPhones. But in its newest operating system, iOS 11, Apple is rolling out a feature that will allow the same type of tracking—but with fewer privacy implications.

Apple’s new feature is called DeviceCheck and, if developers choose to use it, it will allow them to fingerprint and persistently track users’ iPhones, even if a user deletes the app or wipes their phone completely, using Apple as an intermediary.

To be clear, this kind of fingerprinting does not allow for location tracking. It lets developers keep track of former users’ devices so that, if they ever come back to the app, the developers will know they’ve been there before.

Source: Apple Rolls Out New Feature That Permanently Associates Devices with Apps, Even After Deletion

So what happens if you buy a second hand iphone?

Malware Uses Router LEDs to Air Gap Data From Secure Networks

This malware will intercept specific data passing through the router, break it down into its binary format, and use a router LED to signal the data to a nearby attacker, with the LED turned on standing for a binary one and the LED turned off representing a binary zero.

An attacker with a clear line of sight to the equipment can record the blinking operation. This “attacker” can be a security camera, a company insider, recording equipment mounted on a drone, and various other setups where a video recording device has a clear sight of the router or switch’s blinking LEDs.
The more router LEDs, the higher the exfiltration speed

During their tests, researchers say they’ve tested various configurations for the video recording setup, such as optical sensors, security/CCTV cameras, extreme cameras, smartphone cameras, wearable/hidden cameras, and others.

The research team says it achieved the best results with optical sensors because they are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment.

Researchers say that by using optical sensors, they were able to exfiltrate data at a rate of more than 1000 bit/sec per LED. Since routers and switches have more than one LED, the exfiltration speed can be increased many times over if multiple LEDs are used for data exfiltration. Basically, the more ports the router and switch has, the more data the malware can steal from the device.

Source: Malware Uses Router LEDs to Steal Data From Secure Networks

Scientists Are Now Using AI to Predict Autism in Infants

Despite all the headway that science has made in understanding autism in recent years, knowing which children will one day develop autism is still almost impossible to predict. Children diagnosed with autism appear to behave normally until around two, and until then there is often no indication that anything is wrong.
In a paper out Wednesday in Science Translational Medicine, researchers from the University of North Carolina at Chapel Hill and Washington University School of Medicine scanned the brains of 59 high-risk, 6-month-old infants to examine how different regions of the brain connect and interact. At age two, after 11 of those infants had been diagnosed with autism, they scanned their brains again.
Using this method, researchers were able to accurately predict nine of the 11 infants who would wind up with an autism diagnosis. And it did not incorrectly predict any of the children who were not autistic.

“Our treatments of autism today have a modest impact at best,” said Joseph Piven, a psychiatrist at UNC Chapel Hill and author of the study, told Gizmodo. “People with autism continue to have challenges throughout their life. But there’s general consensus in the field that diagnosing earlier means better results.”

Source: Scientists Are Now Using AI to Predict Autism in Infants

The open source community is nasty and that’s just the docs

The 2017 Open Source Survey was hosted on GitHub, which “collected responses from 5,500 randomly sampled respondents sourced from over 3,800 open source repositories” and then added “over 500 responses from a non-random sample of communities that work on other platforms.” The questionnaire was also made available in Traditional Chinese, Japanese, Spanish, and Russian.

Interestingly, those behind the survey broke out “negative incidents” into a separate spreadsheet in that trove. That data reveals that 18 per cent of open source contributors have “personally experienced a negative interaction with another user in open source”. Fully half of participants “have witnessed one between other people”.

Most of the negative behaviour is explained as “rudeness”, which has been experienced witnessed by 45 per cent of participants and experienced by 16 per cent. GitHub’s summary of the survey says really nasty stuff like “sexual advances, stalking, or doxxing are each encountered by less than five per cent of respondents and experienced by less than two per cent (but cumulatively witnessed by 14%, and experienced by three per cent).” Twenty five per cent of women respondents reported experiencing “language or content that makes them feel unwelcome”, compared to 15 per cent of men.

This stuff has consequences: 21 per cent of those who see negative behaviour bail from projects they were working on.

Source: The open source community is nasty and that’s just the docs

Skip to toolbar