Hacker Uses Exploit to Generate Verge Cryptocurrency out of Thin Abir

An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air.

The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker’s gains.

Verge devs: Not a >51% attack

The incident took place yesterday, and initially, users thought it was a “>51% attack,” an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions.

Rumors swirled around all day yesterday, as users feared the attacker might use his dominant network position to siphon funds from their accounts.

The Verge team eventually came out and clarified the details surrounding the incident, denouncing rumors of a 51% attack, but not revealing additional info about the real cause of the incident.

[…]

Nonetheless, users who looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s.

[…]

According to unofficial estimations, some users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.

News of the hash attack and the fear of a sudden influx of new Verge coins led to a drop of between 7% and 8% in Verge’s exchange rate. According to CoinMarketCap, Verge is today’s 21st largest cryptocurrency based on market cap. This is the second security incident involving the Verge dev team, with a mysterious hack happening last fall.

Source: Hacker Uses Exploit to Generate Verge Cryptocurrency out of Thin Air

So – how useless is a virtual currency that backrolls a full day of transactions?

Secret Service Warns of Chip Card Scheme: replacing the chip and then draining after activation

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.

According to an alert sent to banks late last month, the entire scheme goes as follows:

1. Criminals intercept mail sent from a financial institution to large corporations that contain payment cards, targeting debit payment cards with access to large amount of funds.

2. The crooks remove the chip from the debit payment card using a heat source that warms the glue.

3. Criminals replace the chip with an old or invalid chip and repackage the payment card for delivery.

4. Criminals place the stolen chip into an old payment card.

5. The corporation receives the debit payment card without realizing the chip has been replaced.

6. The corporate office activates the debit payment card; however, their payment card is inoperable thanks to the old chip.

7. Criminals use the payment card with the stolen chip for their personal gain once the corporate office activates the card.

The reason the crooks don’t just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated.

Source: Secret Service Warns of Chip Card Scheme — Krebs on Security

DronesForLess leaks customer purchasing data

The DronesForLess.co.uk site was left wide open by its operators, who failed to protect critical parts of its web infrastructure from curious people, as spotted by Alan at secret-bases.co.uk, who told The Register.

We discovered more than 10,000 online purchase receipts had been saved to its web servers without any encryption or even password protection whatsoever – and the sensitive customer details in those receipts were exceptionally easy to access. Even your grandparents could have found it using Internet Explorer.

Details available for world+dog to browse through included names, addresses, phone numbers, email addresses, IP addresses, devices used to connect to the site, details of ordered items, the card issuer (e.g. Visa) and the last 4 digits of credit cards used to pay for goods.

Orders placed by police and military personnel included:

  • A purchase of a DJI Phantom 3 quadcopter by a serving Metropolitan Police officer, delivered to the force’s Empress State Building HQ in London, and made with a non-police email address composed of his unit’s very distinctive abbreviation
  • A British Army Reserve major who had an £1,100 drone posted to his unit’s HQ
  • A member of the Ministry of Defence’s procurement division who bought a DJI Inspire 2, complete with spare battery and accidental damage insurance
  • A member of the National Crime Agency, who appeared to have used his ***@nca.x.gsi.gov.uk secure email address to buy a Nikon Coolpix digital camera

It was unclear whether these purchases were for personal or governmental use.

Other orders seen by The Reg include ones placed by: staff from privatised defence research firm Qinetiq; the UK’s Defence Science and Technology Laboratory’s radar R&D base at Portsdown Hill; the Brit Army’s Infantry Trials and Development Unit; UK police forces up and down the country; local councils; governmental agencies; and thousands more orders placed by private individuals.

Source: Is it a bird? Is it a plane? No, it’s a terrible leak of drone buyers’ data • The Register

Researchers develop device that can ‘hear’ your internal voice

Researchers have created a wearable device that can read people’s minds when they use an internal voice, allowing them to control devices and ask queries without speaking.

The device, called AlterEgo, can transcribe words that wearers verbalise internally but do not say out loud, using electrodes attached to the skin.

“Our idea was: could we have a computing platform that’s more internal, that melds human and machine in some ways and that feels like an internal extension of our own cognition?” said Arnav Kapur, who led the development of the system at MIT’s Media Lab.

Kapur describes the headset as an “intelligence-augmentation” or IA device, and was presented at the Association for Computing Machinery’s Intelligent User Interface conference in Tokyo. It is worn around the jaw and chin, clipped over the top of the ear to hold it in place. Four electrodes under the white plastic device make contact with the skin and pick up the subtle neuromuscular signals that are triggered when a person verbalises internally. When someone says words inside their head, artificial intelligence within the device can match particular signals to particular words, feeding them into a computer.

1:22
Watch the AlterEgo being demonstrated – video

The computer can then respond through the device using a bone conduction speaker that plays sound into the ear without the need for an earphone to be inserted, leaving the wearer free to hear the rest of the world at the same time. The idea is to create a outwardly silent computer interface that only the wearer of the AlterEgo device can speak to and hear.

[…]

The AlterEgo device managed an average of 92% transcription accuracy in a 10-person trial with about 15 minutes of customising to each person. That’s several percentage points below the 95%-plus accuracy rate that Google’s voice transcription service is capable of using a traditional microphone, but Kapur says the system will improve in accuracy over time. The human threshold for voice word accuracy is thought to be around 95%.

Kapur and team are currently working on collecting data to improve recognition and widen the number of words AlterEgo can detect. It can already be used to control a basic user interface such as the Roku streaming system, moving and selecting content, and can recognise numbers, play chess and perform other basic tasks.

The eventual goal is to make interfacing with AI assistants such as Google’s Assistant, Amazon’s Alexa or Apple’s Siri less embarrassing and more intimate, allowing people to communicate with them in a manner that appears to be silent to the outside world – a system that sounds like science fiction but appears entirely possible.

The only downside is that users will have to wear a device strapped to their face, a barrier smart glasses such as Google Glass failed to overcome. But experts think the technology has much potential, not only in the consumer space for activities such as dictation but also in industry.

Source: Researchers develop device that can ‘hear’ your internal voice | Technology | The Guardian

Delta, Best Buy, and Sears Customers May Have Had Personal Info Stolen in Hack of [24]7.ai chat system

Hundreds of thousands of online shoppers may have had their name, address, and credit information stolen by hackers thanks to a security issue with the online customer service software from [24]7.ai.

Customers that shopped online at Delta, Sears, Kmart, and Best Buy could have been affected thanks to malware that was infecting [24]7.ai’s online chat tool between September 26 and October 12, 2017.

[24]7.ai provides the live chat on those company’s websites. Your information may have potentially been compromised even if you didn’t use the chat tool but made a purchase online from one of the retailers during that time period.

Currently, none of the named companies have confirmed that information has been stolen, only that the opportunity for it to have happened was there, CNET reports. Delta has gone as far as to say that even if the breach did affect its site, that it would only impact “a small subset” of customers.

Source: Delta, Best Buy, and Sears Customers May Have Had Personal Info Stolen in Hack

Cambridge Analytica whistleblower: Facebook data could have come from more than 87 million users

Cambridge Analytica whistleblower Christopher Wylie says the data the firm gathered from Facebook could have come from more than 87 million users and could be stored in Russia.
The number of Facebook users whose personal information was accessed by Cambridge Analytica “could be higher, absolutely,” than the 87 million users acknowledged by Facebook, Wylie told NBC’s Chuck Todd during a “Meet the Press” segment Sunday.
Wylie added that his lawyer has been contacted by US authorities, including congressional investigators and the Department of Justice, and says he plans to cooperate with them.
“We’re just setting out dates that I can actually go and sit down and meet with the authorities,” he said.
The former Cambridge Analytica employee said that “a lot of people” had access to the data and referenced a “genuine risk” that the harvested data could be stored in Russia.
“It could be stored in various parts of the world, including Russia, given the fact that the professor who was managing the data harvesting process was going back and forth between the UK and to Russia,” Wylie said.
Aleksander Kogan, a Russian data scientist who gave lectures at St. Petersburg State University, gathered Facebook data from millions of Americans. He then sold it to Cambridge Analytica, which worked with President Donald Trump’s 2016 presidential campaign.
When asked if he thought Facebook was even able to calculate the number of users affected, Wylie stressed that data can be copied once it leaves a database.
“I know that Facebook is now starting to take steps to rectify that and start to find out who had access to it and where it could have gone, but ultimately it’s not watertight to say that, you know, we can ensure that all the data is gone forever,” he said.

Source: Cambridge Analytica whistleblower: Facebook data could have come from more than 87 million users – CNNPolitics

Sodexo Filmology attacked, kills service, tells users: good luck!

Sodexo Filmology said it had informed the Information Commissioner’s Office and a specialist forensic investigation team.

“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said.

“These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists.”

It added: “We sincerely apologise for any inconvenience this has caused you and are doing all that we can to provide access to your benefits via alternative means. We will share more information on this with you, or your provider, in the coming days.”

It seems the issue has been going on for several months, with one employee complaining on the Money Saving Expert forum in February that he had been the victim of attempted fraud.

Source: Cinema voucher-pusher tells customers: Cancel your credit cards, we’ve been ‘attacked’

India: Yeah, we would like to 3D-print igloos on the Moon

The Indian Space Research Organisation (ISRO) is planning to build igloos on the Moon with a view to creating an Antarctica-like outpost.

Dr Jitendra Singh of the Department of Atomic Energy and Department of Space gave the response to a question (PDF) asked in the Indian Parliament by Shri Suman Balka last week, a member of the Committee on Rural Development.

A sphere or igloo-like dome is the most efficient shape for a habitat in a vacuum, although construction will present a challenge.

No timeline was given for when the first Indian igloos might spring up on the lunar surface, but plans to send 3D printers to the moon are already being drawn up by boffins at the ISRO Satellite Centre.

The team also plans to use lunar regolith as a building material, and (as is the norm for ISRO) is quick to point out that their almost-but-not-quite lunar soil simulant can be manufactured far cheaper than the US version of the grey dust.

Source: India: Yeah, we would like to 3D-print igloos on the Moon • The Register

Yes, Cops Are Now Opening iPhones With Dead People’s Fingerprints

Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren’t authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim’s phone could contain information leading directly to the dealer.

And it’s entirely legal for police to use the technique, even if there might be some ethical quandaries to consider. Marina Medvin, owner of Medvin Law, said that once a person is deceased, they no longer have a privacy interest in their dead body. That means they no longer have standing in court to assert privacy rights.

Relatives or other interested parties have little chance of stopping cops using fingerprints or other body parts to access smartphones too. “Once you share information with someone, you lose control over how that information is protected and used. You cannot assert your privacy rights when your friend’s phone is searched and the police see the messages that you sent to your friend. Same goes for sharing information with the deceased – after you released information to the deceased, you have lost control of privacy,” Medvin added.

Police know it too. “We do not need a search warrant to get into a victim’s phone, unless it’s shared owned,” said Ohio police homicide detective Robert Cutshall, who worked on the Artan case. In previous cases detailed by Forbes police have required warrants to use the fingerprints of the living on their iPhones.

[…]

Police are now looking at how they might use Apple’s Face ID facial recognition technology, introduced on the iPhone X. And it could provide an easier path into iPhones than Touch ID.

Marc Rogers, researcher and head of information security at Cloudflare, told Forbes he’d been poking at Face ID in recent months and had discovered it didn’t appear to require the visage of a living person to work. Whilst Face ID is supposed to use your attention in combination with natural eye movement, so fake or non-moving eyes can’t unlock devices, Rogers found that the tech can be fooled simply using photos of open eyes. That was something also verified by Vietnamese researchers when they claimed to have bypassed Face ID with specially-created masks in November 2017, said Rogers.

Secondly, Rogers discovered this was possible from many angles and the phone only seemed to need to see one open eye to unlock. “In that sense it’s easier to unlock than Touch ID – all you need to do is show your target his or her phone and the moment they glance it unlocks,” he added. Apple declined to comment for this article.

Source: Yes, Cops Are Now Opening iPhones With Dead People’s Fingerprints

Great, Now Delta airlines Is Normalizing Casual Fingerprinting

Delta Airlines announced Monday that it’s rolling out biometric entry at its line of airport lounges. With the press of two fingers, Delta members will be able to enter any of Delta’s 50 exclusive lounges for drinks, comfortably unaware of the encroaching dystopian biometric surveillance structure closing around travel.

Thanks to a partnership with Clear, a biometrics company offering a “frictionless travel experience,” privileged jet-setters can use their fingerprints to enter Delta Sky Clubs.

[…]

But, this veneer of comfort masks that biometrics are a form of surveillance hotly contested by privacy and civil liberties experts. For example, face recognition in airports is consistently less accurate on women and people of color, yet are asymmetrically applied against them as they travel. Clear uses finger and iris data, but Delta was the nation’s first to use face recognition to verify passports, again via autonomized self-service kiosks.

At a time when people should be more wary of biometrics, airports are carefully rebranding surveillance as a luxury item. But, as people become more comfortable with being poked, prodded, fingerprinted, and scanned as they travel, privacy is becoming a fast-evaporating luxury.

Source: Great, Now an Airline Is Normalizing Casual Fingerprinting

Please remember that you can’t change your biometrics (easily), so beware about leaving them in some database secured who knows how and shared with who knows who.

IOS QR ‘bug’ isn’t a bug: trend in pointing out things working as intended as a security advisory continues

So: Oddly enough, if you make a QR code that tells you to go somewhere, the camera will take you to where the QR code tells you to go, even if you tell someone that the QR code goes someplace else. This trend of ‘reporting’ security problems that are not security problems at all is getting stupid now.

A security researcher based in Germany has identified a flaw in the way Apple’s iOS 11 handles QR codes in its Camera app.

Last year, with the launch of iOS 11, Apple gave its Camera app the ability to automatically recognize QR codes.

Over the weekend, Roman Mueller found that this feature has a bug that can be used to direct people to unexpected websites.

The first step involves creating a QR code from a URL, such as this one:

https://xxx\@facebook.com:443@infosec.rm-it.de/

If you then open the Camera app under iOS 11.2.6 (the most recent release) and point the device’s camera at the QR code made from that URL, it will immediately recognize the presence of a QR code, parse the embedded URL, and ask whether you want to open “facebook.com” in Safari.

A QR code that confuses Apple iOS 11.2.6

The problem is that the the app will open a different website – “infosec.rm-it.de”

Source: How a QR code can fool iOS 11’s Camera app inteo opening evil.com rather than nice.co.uk • The Register

 

Here’s What Protects Shipwrecks From Looters and Hacks

On May 25, 1798, the HMS DeBraak was entering Delaware Bay when a squall struck without warning. The British ship that originally belonged to the Dutch capsized and sank, taking 34 sailors and a dozen Spanish prisoners down with it. Rumored to contain a hoard of gold and jewelry, the DeBraak became a popular target for treasure hunters in the years that followed. The wreck was finally discovered in 1986, lying under 80 feet of water at the mouth of the Delaware River. The team who found the ship attempted to raise it from its watery grave, resulting in one of the worst archaeological disasters in modern history. The event precipitated the passing of long-overdue laws designed to prevent something like this from ever happening again.

Source: Here’s What Protects Shipwrecks From Looters and Hacks

Facebook Acknowledges It Has Been Keeping Records of Android Users’ Calls, Texts

Last week, a user found that Facebook had a record of the date, time, duration, and recipient of calls he had made from the past few years. A couple days later, Ars Technica published an account of several others — all Android users — who found similar records. Now, Slate Magazine is reporting that Facebook has acknowledged that it was collecting and storing these logs, “attributing it to an opt-in feature for those using Messenger or Facebook Lite on an Android device.” The company did however deny that it was collecting call or text history without a user’s permission. From the report: “This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook,” the company said in a post Sunday. “People have to expressly agree to use this feature. We introduced this feature for Android users a couple of years ago. Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with.”

Ars Technica refuted their claim that everyone knowingly opted in. Instead, Ars Technica’s Sean Gallagher claimed, that opt-in was the default setting and users were not separately alerted to it. Nor did Facebook ever say publicly that it was collecting that information. “Facebook says that the company keeps the data secure and does not sell it to third parties,” Gallagher wrote. “But the post doesn’t address why it would be necessary to retain not just the numbers of contacts from phone calls and SMS messages, but the date, time, and length of those calls for years.”

Source: Facebook Acknowledges It Has Been Keeping Records of Android Users’ Calls, Texts – Slashdot

New Slack Tool Lets Your Boss Potentially Access Far More of Your Data Than Before, without notification

According to Slack’s new guidelines, however, Compliance Exports will be replaced by “a self-service export tool” on April 20th. Previously, an employer had to request a data dump of all communications to get access to private channels and direct messages. This new tool should streamline things so they can archive all your shit-talk and time-wasting with colleagues on a regular basis. The tool not only makes it easy for an admin to access everything with a few clicks, it also enables automatic exports to be scheduled on a daily, weekly, or monthly basis. An employer still has to go through a request process to get the tool, but Slack declined to elaborate on what’s involved in that process.

What’s particularly concerning is that Compliance Exports were designed so they notified users when they were enabled, and future exports only covered data that was generated after that notification. A spokesperson for Slack confirmed to Gizmodo that this won’t be the case going forward. The new tool will be able to export all of the data that your Slack settings previously retained. Whereas before, if you were up on Slack policy, you could feel pretty comfortable that your private conversations were private unless you got that Compliance Exports notification. After the notification, you’d want to make sure you didn’t discuss potentially sensitive topics in Slack. Now, anyone who was under the impression that they were relatively safe might have some cause to worry.

Source: New Slack Tool Lets Your Boss Potentially Access Far More of Your Data Than Before

2 + 2 = 4, er, 4.1, no, 4.3… Nvidia’s Titan V GPUs spit out ‘wrong answers’ in scientific simulations

Nvidia’s flagship Titan V graphics cards may have hardware gremlins causing them to spit out different answers to repeated complex calculations under certain conditions, according to computer scientists.

The Titan V is the Silicon Valley giant’s most powerful GPU board available to date, and is built on Nv’s Volta technology. Gamers and casual users will not notice any errors or issues, however folks running intensive scientific software may encounter occasional glitches.

One engineer told The Register that when he tried to run identical simulations of an interaction between a protein and enzyme on Nvidia’s Titan V cards, the results varied. After repeated tests on four of the top-of-the-line GPUs, he found two gave numerical errors about 10 per cent of the time. These tests should produce the same output values each time again and again. On previous generations of Nvidia hardware, that generally was the case. On the Titan V, not so, we’re told.

We have repeatedly asked Nvidia for an explanation, and spokespeople have declined to comment. With Nvidia kicking off its GPU Technology Conference in San Jose, California, next week, perhaps then we’ll get some answers.

All in all, it is bad news for boffins as reproducibility is essential to scientific research. When running a physics simulation, any changes from one run to another should be down to interactions within the virtual world, not rare glitches in the underlying hardware.

[…]

Unlike previous GeForce and Titan GPUs, the Titan V is geared not so much for gamers but for handling intensive parallel computing workloads for data science, modeling, and machine learning.

And at $2,999 (£2,200) a pop, it’s not cheap to waste resources and research time on faulty hardware. Engineers speaking to The Register on condition of anonymity to avoid repercussions from Nvidia said the best solution to these problems is to avoid using Titan V altogether until a software patch has been released to address the mathematical oddities.

Source: 2 + 2 = 4, er, 4.1, no, 4.3… Nvidia’s Titan V GPUs spit out ‘wrong answers’ in scientific simulations • The Register

This kind of reminds me of when Intel brought out the Pentium. They couldn’t count either.

Siri Can Expose Your Hidden Notifications Even When Your Phone Is Locked

With iOS 11, Apple added a new setting that lets you choose whether you want previews of your notifications to appear on your lock screen. By default, iOS shows a preview of your notifications only when your phone is unlocked, via some form of authentication like Face ID. But Siri will read your notifications from third-party apps aloud even if your phone is locked. This means anyone with physical access to your phone could hear messages meant just for you. MacMagazine first reported the issue after one of its readers noticed the peculiar behavior.

We tested the issue with some texts and Facebook Messenger exchanges. When my partner pressed the iPhone’s side button and asked Siri to “read my notifications,” the snitch of a voice assistant read the contents of my Facebook Messenger notifications aloud.

However, notifications from Apple’s own Messages app remained properly hidden behind the locked screen, leaving my texts secure. If you ask Siri to read your messages from Apple’s app aloud, you’ll be greeted by Siri telling you to unlock your iPhone if you want those juicy deets.

We’ve reached out to Apple for comment.

Notification contents in iOS 11 are hidden on locked devices by default. With an iPhone X, that means you can look at your phone (or tap the fingerprint sensor on other iOS devices) and watch the contents of your notifications appear. You can edit the option by visiting Settings > Notifications and toggling between the “Always,” “Never,” and “When Unlocked” options, although changing the setting to “Never” does not appear to address the issue. For now, your best bet may simply be to only allow Siri to be activated when your phone is unlocked.

Source: Siri Can Expose Your Hidden Notifications Even When Your Phone Is Locked [Updated]

IBM claims its machine learning library is 46x faster than TensorFlow • The Register

Analysis IBM boasts that machine learning is not just quicker on its POWER servers than on TensorFlow in the Google Cloud, it’s 46 times quicker.

Back in February Google software engineer Andreas Sterbenz wrote about using Google Cloud Machine Learning and TensorFlow on click prediction for large-scale advertising and recommendation scenarios.

He trained a model to predict display ad clicks on Criteo Labs clicks logs, which are over 1TB in size and contain feature values and click feedback from millions of display ads.

Data pre-processing (60 minutes) was followed by the actual learning, using 60 worker machines and 29 parameter machines for training. The model took 70 minutes to train, with an evaluation loss of 0.1293. We understand this is a rough indicator of result accuracy.

Sterbenz then used different modelling techniques to get better results, reducing the evaluation loss, which all took longer, eventually using a deep neural network with three epochs (a measure of the number of times all of the training vectors are used once to update the weights), which took 78 hours.

[…]

Thomas Parnell and Celestine Dünner at IBM Research in Zurich used the same source data – Criteo Terabyte Click Logs, with 4.2 billion training examples and 1 million features – and the same ML model, logistic regression, but a different ML library. It’s called Snap Machine Learning.

They ran their session using Snap ML running on four Power System AC922 servers, meaning eight POWER9 CPUs and 16 Nvidia Tesla V100 GPUs. Instead of taking 70 minutes, it completed in 91.5 seconds, 46 times faster.

They prepared a chart showing their Snap ML, the Google TensorFlow and three other results:

A 46x speed improvement over TensorFlow is not to be sneezed at. What did they attribute it to?

They say Snap ML features several hierarchical levels of parallelism to partition the workload among different nodes in a cluster, takes advantage of accelerator units, and exploits multi-core parallelism on the individual compute units

  1. First, data is distributed across the individual worker nodes in the cluster
  2. On a node data is split between the host CPU and the accelerating GPUs with CPUs and GPUs operating in parallel
  3. Data is sent to the multiple cores in a GPU and the CPU workload is multi-threaded

Snap ML has nested hierarchical algorithmic features to take advantage of these three levels of parallelism.

Source: IBM claims its machine learning library is 46x faster than TensorFlow • The Register

22 Ambassadors Recommend the One Book to Read Before Visiting Their Country

Preparing for a visit to a foreign country can often be overwhelming, with no shortage of things to learn before you go. Where should you eat? Where should you stay? What do you tip? More so than this service information, though, is a sense of cultural understanding that’s hard to put your finger on. With this in mind, language learning app Babbel asked foreign ambassadors to the U.S. to pick the book they believe first-time visitors to their country should read before they arrive. Their answers may surprise you.

Source: 22 Ambassadors Recommend the One Book to Read Before Visiting Their Co – Condé Nast Traveler

The Hilarious (and Terrifying?) Ways Algorithms Have Outsmarted Their Creators

. As research into AI grows ever more ambitious and complex, these robot brains will challenge the fundamental assumptions of how we humans do things. And, as ever, the only true law of robotics is that computers will always do literally, exactly what you tell them to.

A paper recently published to ArXiv highlights just a handful of incredible and slightly terrifying ways that algorithms think. These AI were designed to reflect evolution by simulating generations while other competing algorithms conquered problems posed by their human masters with strange, uncanny, and brilliant solutions.

The Surprising Creativity of Digital Evolution: A Collection of Anecdotes from the Evolutionary Computation and Artificial Life Research Communities covers some 27 anecdotes from various computer science projects and is worth a read on its own, but here are a few highlights:

  • A study designed to evolve moving creatures generated ‘hackers’ that would break their simulation by clipping into the ground and using the “free energy” of the simulation’s correction to speed towards their goal.
  • An AI project which pit programs against each other in games of five-in-a-row Tic-Tac-Toe on an infinitely expansive board surfaced the extremely successful method of requesting moves involving extremely long memory addresses which would crash the opponent’s computer and award a win by default.
  • A program designed to simulate efficient ways of braking an aircraft as it landed on an aircraft carrier learned that by maximizing the force on landing—the opposite of its actual goal—the variable holding that value would overflow and flip to zero, creating a practically catastrophic, but technically perfect solution.
  • A test that challenged a simulated robot to walk without allowing its feet to touch the ground saw the robot flip on its back and walk on its elbows (or knees?) as shown in the tweet above.
  • A study to evolve a simulated creature that could jump as high as possible yielded top-heavy creatures on tiny poles that would fall over and spin in mid-air for a technically high ‘jump.’

While the most amusing examples are clearly ones where algorithms abused bugs in their simulations (essentially glitches in the Matrix that gave them superpowers), the paper outlines some surprising solutions that could have practical benefits as well. One algorithm invented a spinning-type movement for robots which would minimize negative effect of inconsistent hardware between bots, for instance.

As the paper notes in its discussion—and you may already be thinking—these amusing stories also reflect the potential for evolutionary algorithms or neural networks to stumble upon solutions to problems that are outside-the-box in dangerous ways. They’re a funnier version of the classic AI nightmare where computers tasked with creating peace on Earth decide the most efficient solution is to exterminate the human race.

The solution, the paper suggests, is not fear but careful experimentation. As humans gain more experience in training these sorts of algorithms, and tweaking along the way, experts gain a better sense of intuition. Still, as these anecdotes prove, it’s basically impossible to avoid unexpected results. The key is to be prepared—and to not hand over the nuclear arsenal to a robot for its very first test.

Source: The Hilarious (and Terrifying?) Ways Algorithms Have Outsmarted Their Creators

AI software that can reproduce like a living thing? Yup, boffins have only gone and done it • The Register

A pair of computer scientists have created a neural network that can self-replicate.

“Self-replication is a key aspect of biological life that has been largely overlooked in Artificial Intelligence systems,” they argue in a paper popped onto arXiv this month.

It’s an important process in reproduction for living things, and is an important step for evolution through natural selection. Oscar Chang, first author of the paper and a PhD student at Columbia University, explained to The Register that the goal was to see if AI could be made to be continually self improving by mimicking the biological self-replication process.

“The primary motivation here is that AI agents are powered by deep learning, and a self-replication mechanism allows for Darwinian natural selection to occur, so a population of AI agents can improve themselves simply through natural selection – just like in nature – if there was a self-replication mechanism for neural networks.”

The researchers compare their work to quines, a type of computer program that learns to produces copies of its source code. In neural networks, however, instead of the source code it’s the weights – which determine the connections between the different neurons – that are being cloned.

The researchers set up a “vanilla quine” network, a feed-forward system that produces its own weights as outputs. The vanilla quine network can also be used to self-replicate its weights and solve a task. They decided to use it for image classification on the MNIST dataset, where computers have to identify the correct digit from a set of handwritten numbers from zero to nine.

[…]

The test network required 60,000 MNIST images for training, another 10,000 for testing. And after 30 runs, the quine network had an accuracy rate of 90.41 per cent. It’s not a bad start, but its performance doesn’t really compare to larger, more sophisticated image recognition models out there.

The paper states that the “self-replication occupies a significant portion of the neural network’s capacity.” In other words, the neural network cannot focus on the image recognition task if it also has to self-replicate.

“This is an interesting finding: it is more difficult for a network that has increased its specialization at a particular task to self-replicate. This suggests that the two objectives are at odds with each other,” the paper said.

Chang explained he wasn’t sure why this happened, but it’s what happens in nature too.

Source: AI software that can reproduce like a living thing? Yup, boffins have only gone and done it • The Register

SpaceX blasted massive plasma hole in Earth’s ionosphere

A SpaceX rocket ripped a humongous hole in Earth’s ionosphere during a launch in California last year and may have impaired GPS satellites.

The Falcon 9 rocket was blasted from Vandenberg Air Force Base on 24 August last year. It was carrying the Formosat-5, an Earth observation satellite, built by the Taiwan’s National Space Organization.

As the rocket reached supersonic speeds minutes after liftoff, it sent gigantic circular shock acoustic waves (SAWs) rippling through the atmosphere. These SAWs continued to extend outwards for about 20 minutes at a whopping speed of about 629 to 726 meters per second – equivalent between 0.021 and 0.0242 per cent of the maximum velocity of a sheep in a vacuum in Reg units.

It’s the largest rocket-induced SAW on record, according to a paper published in the Advancing Earth and Space Science journal. The plume tore a gigantic hole, approximately 900 kilometers (559 miles) in diameter stretching to 1,770,000 square kilometers (1,099,827 square miles), more than four times the total area of California.

The ionosphere is a region of the Earth’s upper atmosphere that contains a soup of particles that have been ionized from the Sun’s rays. The researchers estimate that the SAW blasted electrons away, causing the total electron content – the concentration of electrons along a one-meter squared region – to deplete by as much as 70 per cent.

The researchers reckon the fluctuations were probably pretty small and could have led to a range of errors in GPS navigation of up to a meter – not significant enough to cause major problems until the SAW dissipated.

The particularly large circular size of the shock wave was down to the way the Falcon 9 rocket flew. It had a nearly vertical trajectory, compared to most satellite launches that fly over a horizontal trajectory before the satellites are booted into orbit.

Disruptions in the ionosphere are to be expected for every rocket launch and are also detected during volcano blasts and solar flares.

“Understanding how the rocket launches affect our upper atmosphere and space environment is important as these anthropogenic space weather events are expected to increase at an enormous rate in the near future,” the paper concluded.

Source: SpaceX blasted massive plasma hole in Earth’s ionosphere • The Register

‘R2D2’ stops disk-wipe malware before it executes evil commands

Purdue University researchers reckon they’ve cracked how to protect data against “disk-wipe” malware.

Led by Christopher Gutierrez, the team has created a shim of software that analyses write buffers before they reach storage, and if the write is destructive, it steps in to preserve the data targeted for destruction.

Dubbed R2D2 – “Reactive Redundancy for Data Destruction Protection” – their work will be published in the May issue of the journal Computers & Security.

In this [PDF] pre-press version of the paper, the researchers explained their technique. The inspection is implemented in the virtual machine monitor (VMM) using virtual machine introspection (VMI).

“This has the benefit that it does not rely on the entire OS as a root of trust”, they wrote, and they claimed a latency penalty of between 1 and 4 per cent for batch tasks, and 9 to 20 per cent for interactive tasks.

'R2D2' architecture

Click to enlarge

The system has been tested against various secure delete tools and malware like Shamoon and Stonedrill, and they claim complete success against “all the wiper malware samples in the wild that we experimented with”.

R2D2 intercepts the open file and write file system calls on a guest VM. When it detects an open file request, it checks “all open system calls” to see if the file is already open for writing.

“If the system call requests a write permission, a policy determines if the file should be protected based on a blacklist or whitelist,” they wrote.

Whitelisted files are those not protected; if a blacklisted file is requested, “If the file is on the blacklist, we take a snapshot of the file system because the file is considered critical to system stability.”

If the attacker tries to open a file on neither list, “R2D2 takes a temporary checkpoint of the file system, and subsequent write system calls are analysed, according to analysis policy, to determine if the write is suspect”.

Source: ‘R2D2’ stops disk-wipe malware before it executes evil commands • The Register

How to Find Out Everything Facebook Knows About You

If you can’t bring yourself to delete your Facebook account entirely, you’re probably thinking about sharing a lot less private information on the site. The company actually makes it pretty easy to find out how much data it’s collected from you, but the results might be a little scary.

When software developer Dylan McKay went and downloaded all of his data from Facebook, he was shocked to find that the social network had timestamps on every phone call and SMS message he made in the past few years, even though he says doesn’t use the app for calls or texts. It even created a log of every call between McKay and his partner’s mom.

To get your own data dump, head to your Facebook Settings and click on “Download a copy of your data” at the bottom of the page. Facebook needs a little time to compile all that information, but it should be ready in about 10 minutes based on my own experience. You’ll receive a notification sending you to a page where you can download the data—after re-entering your account password, of course.

The (likely huge) file downloads onto your computer as a ZIP. Once you extract it, open the new folder and click on the “index.html” to view the data in your browser.

Be sure to check out the Contact Info tab for a list of everyone you’ve ever known and their phone number (creepy, Facebook). You can also scroll down to the bottom of the Friends tab so see what phase of your life Facebook thinks you’re in —I got “Starting Adult Life.”

Source: How to Find Out Everything Facebook Knows About You

IBM unveils ‘world’s smallest computer’ with blockchain at Think 2018

March 19 is the first day of IBM Think 2018, the company’s flagship conference, where the company will unveil what it claims is the world’s smallest computer. They’re not kidding: It’s literally smaller than a grain of salt.

But don’t let the size fool you: This sucker has the computing power of the x86 chip from 1990. Okay, so that’s not great compared to what we have today, but cut it some slack — you need a microscope to see it.

The computer will cost less than ten cents to manufacture, and will also pack “several hundred thousand transistors,” according to the company. These will allow it to “monitor, analyze, communicate, and even act on data.”

[…]

According to IBM, this is only the beginning. “Within the next five years, cryptographic anchors — such as ink dots or tiny computers smaller than a grain of salt — will be embedded in everyday objects and devices,” says IBM head of research Arvind Krishna. If he’s correct, we’ll see way more of these tiny systems in objects and devices in the years to come.

Source: IBM unveils ‘world’s smallest computer’ with blockchain at Think 2018

A diagram from IBM of the world's smallest computer.

US cops go all Minority Report: Google told to cough up info on anyone near a crime scene

Efforts to track down criminals in the US state of North Carolina have laid bare a dangerous gap in the law over the use of location data.

Raleigh police went to court at least three times last year and got a warrant requiring Google to share the details of any users that were close to crime scenes during specific times and dates.

The first crime was the murder of a cab driver in November 2016, the second an arson attack in March 2017 and the third, sexual battery, in August 2017 – suggesting that the police force is using the approach to discover potentially incriminating evidence for increasingly less serious crimes.

In each case, the cops used GPS coordinates to draw a rough rectangle around the areas of interest – covering nearly 20 acres in the murder case – and asked for the details of any users that entered those areas in time periods of between 60 to 90 minutes e.g. between 1800 and 1930.

The warrants were granted by a judge complete with an order to prevent disclosure so Google was legally prevented from informing impacted users that their details had been shared with law enforcement. Google complied with the warrants.

It is worth noting that the data haul is not limited to users of Google hardware i.e. phones running Android but also any phone that ran Google apps – which encompasses everything from its driving app service to its calendar, browser, predictive keyboard and so on.

Source: US cops go all Minority Report: Google told to cough up info on anyone near a crime scene • The Register

Over investigation seems like a real breach of privacy to me. That Google collects this information in a fashion that it can be easily supplied is a real shocker.

 
Skip to toolbar