Amadeus invests in CrowdVision to help airports manage growing passenger volumes using AI camera tech

CrowdVision is an early stage company that uses computer vision software and artificial intelligence to help airports monitor the flow of passengers in real time to minimise queues and more efficiently manage resources. The software is designed to comply fully with data privacy and security legislation.

CrowdVision data improves plans and can help airports react decisively to keep travellers’ moving and make their experience more enjoyable. CrowdVision’s existing airport customers are benefiting from reduced queues and waiting times, leaving passengers to spend more time and more money in retail areas. Others have optimised allocation of staff, desks, e-gates and security lanes to make the most of their existing infrastructure and postpone major capital expenditure on expansions.

Source: Amadeus invests in CrowdVision to help airports manage growing passenger volumes

It Took Almost 10 Days to 3D-Print This Giant Millennium Falcon Model

Typically, when we see 3D-printed replicas as large as this 2.3-foot long Millennium Falcon, they’re assembled from hundreds of smaller 3D-printed parts. But YouTube’s stonefx83 didn’t want to go to all that trouble, so he simply scaled up Andrew Askedall’s 3D model of the Falcon, and then let his printer run for over nine days and 21 hours straight.

The machine consumed over six-and-a-half pounds of plastic filament in the process, and thankfully didn’t screw up once, which would have required the entire print to be restarted from scratch. Oh, that’s why no one 3D-prints giant models like this in one pass.

Source: It Took Almost 10 Days to 3D-Print This Giant Millennium Falcon Model

Stanford brainiacs say they can predict Reddit raids

A study [PDF] based on observations from 36,000 subreddit communities has found that online dust-ups can be predicted, and the people most likely to cause them can be identified.

“Our analysis revealed a number of important trends related to conflict on Reddit, with general implications for intercommunity conflict on the web.”

Among the takeaways were that a small group of bad actors are indeed stirring up most of the conflict; around 75 per cent of the raids were triggered by 1 per cent of users.

The study also noted that ignoring the trolls doesn’t always work – conflicts grow worse when users stay within ‘echo chambers’ on their own threads, and long-term traffic losses were lessened when the ‘defending’ users directly confronted the forum intruders rather than keep to themselves.

Perhaps the most important takeaway, however, was that forum conflicts could actually be predicted. The Stanford group say they developed an long short-term memory (LSTM) deep-learning formula that, when trained on the set of Reddit posts and user information gathered over the 40 month period, was able to reliably flag when a conflict or raid was likely to flare up on a subreddit.

Now, the Stanford group says it would like to extend the research to other platforms (such as Facebook and Twitter) and look at areas not addressed in the first report, including forums that restrict negative content.

Source: Stanford brainiacs say they can predict Reddit raids • The Register

Google opens Maps to bring the real world into games

Pokémon Go and other games that use real-world maps are all the rage, but there’s a catch: they typically depend on semi-closed map frameworks that weren’t intended for gaming, forcing developers to jump through hoops to use that mapping info. Google doesn’t want that to be an issue going forward. The search firm is both opening its Maps platform’s real-time data and offering new software toolkits that will help developers build games based on that data.

The software includes both a kit to translate map info to the Unity game engine as well as another to help make games using that location data. The combination turns buildings and other landmarks into customizable 3D objects, and lets you manipulate those objects to fit your game world. It can replace every real hotel into an adventurer’s inn, for instance, or add arbitrary points of interest for the sake of checkpoints.

Source: Google opens Maps to bring the real world into games

Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

Researchers from German security firm Kromtech Security allege that until recently, MBM Company was improperly handling customer details. On February 6, they identified an unsecured Amazon S3 storage bucket, containing a MSSQL database backup file.

According to Kromtech Security’s head of communications, Bob Diachenko, further analysis of the file revealed it held the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. He also claims the database contained plaintext passwords — which is a big security ‘no-no.’

In a press release, Diachenko said: “Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts.”

The backup file was named ‘MBMWEB_backup_2018_01_13_003008_2864410.bak,’ which suggests the file was created on January 13, 2018. It’s believed to contain current information about the company’s customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year.

Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company.

Source: Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

Who still stores user credentials in plain text?!

Illusory movement perception improves motor control for prosthetic hands

The ability to sense the spatial position and movements of one’s own body (kinesthetic sense) is critical for limb use. Because prostheses do not provide physical feedback during movement, amputees may not feel that they are in control of their bodily movements (sense of agency) when manipulating a prosthesis. Marasco et al. developed an automated neural-machine interface that vibrates the muscles used for control of prosthetic hands. This system instilled kinesthetic sense in amputees, allowing them to control prosthetic hand movements in the absence of visual feedback and increasing their sense of agency. This approach might be an effective strategy for improving motor performance and quality of life in amputees.

To effortlessly complete an intentional movement, the brain needs feedback from the body regarding the movement’s progress. This largely nonconscious kinesthetic sense helps the brain to learn relationships between motor commands and outcomes to correct movement errors. Prosthetic systems for restoring function have predominantly focused on controlling motorized joint movement. Without the kinesthetic sense, however, these devices do not become intuitively controllable. We report a method for endowing human amputees with a kinesthetic perception of dexterous robotic hands. Vibrating the muscles used for prosthetic control via a neural-machine interface produced the illusory perception of complex grip movements. Within minutes, three amputees integrated this kinesthetic feedback and improved movement control. Combining intent, kinesthesia, and vision instilled participants with a sense of agency over the robotic movements. This feedback approach for closed-loop control opens a pathway to seamless integration of minds and machines.

Source: Illusory movement perception improves motor control for prosthetic hands | Science Translational Medicine

Can AMD Vulnerabilities Be Used to Game the Stock Market?

On Tuesday, a little known security company claimed to have found vulnerabilities and backdoors in some AMD processors. Within some parts of the security community, the story behind the researchers’ discovery quickly became more interesting than the discovery itself.

The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an “obituary” for AMD.

“We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries,” Viceroy wrote in its report.

CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock.

“We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports,” CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD’s share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock?

Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook’s chief security officer Alex Stamos warned against a future where security research is driven by short selling.

Yaron Luk, co-founder of CTS Labs, told Motherboard that “Viceroy is not a client of CTS, and CTS did not send its research to Viceroy.” When asked about the company’s financial motivations, Luk said that “we are a for-profit company that gets paid for its research by a variety of research clients.”

“We do not discuss our research clients,” he wrote in an email sent after publication of this article. “In addition, we are driven by the desire to make products more secure, and to protect users, as we hold companies responsible for their security practices.”

Viceroy’s founder, Fraser Perring, was adamant about its company’s intentions.

“We haven’t hidden the fact that we short the stock,” Perring said in a phone call with Motherboard. “Where does a company with these serious issues go? For us you can’t invest in it.”

Source: Can AMD Vulnerabilities Be Used to Game the Stock Market? – Motherboard

The 600+ Companies PayPal Shares Your Data With – Schneier on Security

One of the effects of GDPR — the new EU General Data Protection Regulation — is that we’re all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here’s a good visualization of that data.

Is 600 companies unusual? Is it more than average? Less? We’ll soon know.

Source: The 600+ Companies PayPal Shares Your Data With – Schneier on Security

Google: 60.3% of potentially harmful Android apps in 2017 were detected via machine learning

When Google shared earlier this year that more than 700,000 apps were removed from Google Play in 2017 for violating the app store’s policies (a 70 percent year-over-year increase), the company credited its implementation of machine learning models and techniques to detect abusive app content and behaviors such as impersonation, inappropriate content, or malware.

But the company did not share any details. Now we’re learning that 6 out of every 10 detections were thanks to machine learning. Oh, and the team says “we expect this to increase in the future.”

Every day, Play Protect automatically reviews more than 50 billion apps — these automatic reviews led to the removal of nearly 39 million PHAs last year, Google shared.

Source: Google: 60.3% of potentially harmful Android apps in 2017 were detected via machine learning | VentureBeat

Major Survey of IT Pros Reveals Why Everything Gets Hacked All the Damn Time, paying for ransomware is like flipping a coin

More than 1,000 security employees in as many as 17 countries participated in the survey. Most said the biggest hurdle to mounting an adequate defense against cyber threats today is the lack of skilled personnel. (Poor security awareness and an inability to sift through enormous piles of data tied for second place.)

The survey, which included 1,200 respondents working in 19 industries, was compiled by CyberEdge Group, a research and marketing firm serving high-tech vendors and service providers.

More interesting is the feedback collected from respondents who said their organizations were infected with ransomware in the last year. (Ransomware tied with phishing attacks for the second most crucial security concern; the first, as per usual, is malware.)

Slightly more than half of the respondents’ organizations that actually paid a ransom to recover stolen or encrypted data—either in Bitcoin or some other anonymous currency—were unable to recover their data. In total, the report says, a little under 39 percent of the organizations resolved to pay.

“Flip a coin once to determine whether your organization will be affected by ransomware,” CyberEdge suggests. “If it will be, flip it again to determine whether paying the ransom will actually get your data back.”

Source: Major Survey of IT Pros Reveals Why Everything Gets Hacked All the Damn Time

Samba allows anyone to change everyone’s password

On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

The LDAP server incorrectly validates certain LDAP password
modifications against the "Change Password" privilege, but then
performs a password reset operation.

Source: Samba – Security Announcement Archive

Madison Square Garden Has Used Face-Scanning Technology on Customers

Madison Square Garden has quietly used facial-recognition technology to bolster security and identify those entering the building, according to multiple people familiar with the arena’s security procedures.

The technology uses cameras to capture images of people, and then an algorithm compares the images to a database of photographs to help identify the person and, when used for security purposes, to determine if the person is considered a problem. The technology, which is sometimes used for marketing and promotions, has raised concerns over personal privacy and the security of any data that is stored by the system.

Source: Madison Square Garden Has Used Face-Scanning Technology on Customers

What is your personal info worth to criminals? There’s a dark web market price index for that

Your entire online identity could be worth little more than £800, according to brand new research into the illicit sale of stolen personal info on the dark web (or just $1,200 if you are in the United States, according to the US edition of the index). While it may be no surprise to learn that credit card details are the most traded, did you know that fraudsters are hacking Uber, Airbnb, Spotify and Netflix accounts and selling them for little more than £5 each?

Everything has a price on the dark web it seems. Paypal accounts with a healthy balance attract the highest prices (£280 on average). At the other end of the scale though, hacked Deliveroo or Tesco accounts sell for less than £5. Cybercriminals can easily spend more on their lunchtime sandwich than buying up stolen credentials for online shopping accounts like Argos (£3) and ASOS (£1.50).

The average person has dozens of accounts that form their online identity, all of which can be hacked and sold. Our team of security experts reviewed tens of thousands of listings on three of the most popular dark web markets, Dream, Point and Wall Street Market. These encrypted websites, which can only be reached using the Tor browser, allow criminals to anonymously sell stolen personal info, along with all sorts of other contraband, such as illicit drugs and weapons.

We focused on listings featuring stolen ID, hacked accounts and personal info relevant to the UK to create the Dark Web Market Price Index. We calculated average sale prices for each items and were shocked to see that £820 is all it would cost to buy up someone’s entire identity if they were to have all the listed items

Source: Dark Web Market Price Index (Feb 2018 – UK Edition) | Top10VPN.com

Hardcoded Password Found in Cisco Software

The hardcoded password issue affects Cisco’s Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers.

Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.
Flaw considered critical despite “local” attack vector

The flaw can be exploited only by local attackers, and it also grants access to a low-privileged user account. In spite of this, Cisco has classified the issue as “critical.”
Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.

The reasons are that an attacker can infect another device on the same network and use it as a proxy for his SSH connection to the vulnerable Cisco PCP instance, allowing for remote, over-the-Internet exploitation.

Source: Hardcoded Password Found in Cisco Software

Highly painful

Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads when trying to download popular software

This report describes our investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.
Key Findings

Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom’s network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.

1. Summary

This report describes how we used Internet scanning to uncover the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices (i.e. middleboxes) for malicious or dubious ends, likely by nation-states or ISPs in two countries.
1.1. Turkey

We found that a series of middleboxes on Türk Telekom’s network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware. The spyware we found bundled by operators was similar to that used in the StrongPity APT attacks. Before switching to the StrongPity spyware, the operators of the Turkey injection used the FinFisher “lawful intercept” spyware, which FinFisher asserts is sold only to government entities.

Targeted users in Turkey and Syria who downloaded Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive’s Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer “secure download” links.1

Source: BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?

Artificial intelligence: Commission kicks off work on marrying cutting-edge technology and ethical standards

The Commission is setting up a group on artificial intelligence to gather expert input and rally a broad alliance of diverse stakeholders.

The expert group will also draw up a proposal for guidelines on AI ethics, building on today’s statement by the European Group on Ethics in Science and New Technologies.

From better healthcare to safer transport and more sustainable farming, artificial intelligence (AI) can bring major benefits to our society and economy. And yet, questions related to the impact of AI on the future of work and existing legislation are raised. This calls for a wide, open and inclusive discussion on how to use and develop artificial intelligence both successfully and ethically sound.
[…]
Today the Commission has opened applications to join an expert group in artificial intelligence which will be tasked to:

advise the Commission on how to build a broad and diverse community of stakeholders in a “European AI Alliance”;
support the implementation of the upcoming European initiative on artificial intelligence (April 2018);
come forward by the end of the year with draft guidelines for the ethical development and use of artificial intelligence based on the EU’s fundamental rights. In doing so, it will consider issues such as fairness, safety, transparency, the future of work, democracy and more broadly the impact on the application of the Charter of Fundamental Rights. The guidelines will be drafted following a wide consultation and building on today’s statement by the European Group on Ethics in Science and New Technologies (EGE), an independent advisory body to the European Commission.

Source: European Commission – PRESS RELEASES – Press release – Artificial intelligence: Commission kicks off work on marrying cutting-edge technology and ethical standards

Phishing and Attempted Stealing Incident on Binance VIA / BTC coins not only stopped, but costs hackers money

On Mar 7, UTC 14:58-14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.

This was part of a large scale phishing and stealing attempt.

So far: All funds are safe and no funds have been stolen.

The hackers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the hacker then simply created a trading API key for each account but took no further actions, until yesterday.

Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.

However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.

Source: Summary of the Phishing and Attempted Stealing Incident on Binance – Binance

MoviePass Is Tracking Your Location

According to Media Play News, MoviePass CEO Mitch Lowe had some interesting things to say during his Hollywood presentation that took place late last week, entitled “New Oil: How Will MoviePass Monetize It?” Most notably, he openly admitted that his app tracks people’s location, even when they’re not actively using the app:

“We get an enormous amount of information… We know all about. We watch how you drive from home to the movies. We watch where you go afterwards.”

Lowe also commented on how they knew subscribers’ addresses, their demographics, and how they can track subs via the app and the phone’s GPS. This drew nervous laughter from the crowd—many of whom were MoviePass subscribers themselves—but Lowe assured them that this collecting of tracking data fits into their long-term revenue plan. He explained that their vision is to “build a night at the movies,” with MoviePass eventually directing subscribers to places to eat before movies, and places to grab drinks afterward (all for a cut from the vendors).

We knew MoviePass was collecting data on us from the start—that’s how they plan to make their money—so how is this any different? Well, subscribers are claiming they didn’t clearly disclose such persistent location tracking in their privacy policy. In regard to location tracking, the privacy policy mentions a “single request” in a section titled “Check ins” that’s used when you’re selecting a theater and movie to watch. However, the section also mentions real-time location data “as a means to develop, improve and personalize the service.” It’s a vague statement that could mean just about anything, but it’s understandable if users didn’t assume it meant watching them wherever they went, even when they’re not using the app.

Source: MoviePass Is Tracking Your Location

Retina X ‘Stalkerware’ Shuts Down Apps ‘Indefinitely’ After Getting Hacked Again

A company that sells spyware to regular consumers is “immediately and indefinitely halting” all of its services, just a couple of weeks after a new damaging hack.

Retina-X Studios, which sells several products marketed to parents and employers to keep tabs on their children and employees—but also used by jealous partners to spy on their significant others—announced that its shutting down all its spyware apps on Tuesday with a message at the top of its website.

“Regrettably Retina-X Studios, which offers cutting edge technology that helps parents and employers gather important information on devices they own, has been the victim of sophisticated and repeated illegal hackings,” read the message, which was titled “important note” in all caps.

Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal on +1 917 257 1382 and Joseph Cox on Signal on +44 20 8133 5190. Details on our SecureDrop, a system to anonymously submit documents or information, can be found here.

The company sells subscriptions to apps that allow the operator to access practically anything on a target’s phone or computer, such as text messages, emails, photos , and location information. Retina-X is just one of a slew of companies that sell such services, marketing them to everyday users—as opposed to law enforcement or intelligence agencies. Some critics call these apps “Stalkerware.”

Source: ‘Stalkerware’ Seller Shuts Down Apps ‘Indefinitely’ After Getting Hacked Again – Motherboard

ESA builds air-breathing engine that works in space

The European Space Agency has hailed the successful test of an air-breathing engine that works in space.

The engines don’t need the oxygen found in air to burn. Instead, as the ESA has explained here, the idea is to collect air, compress it, give it a charge and then squirt it out to provide thrust.

The engine has no moving parts and all that’s needed to power the engine is electricity. Spacecraft can generally harvest that from the Sun.

The concept’s been used before by the ESA’s GOCE gravity-mapping mission, but it carried 40kg of Xenon gas to provide it with thrust so it could change altitude when its orbit became low. And once it ran out of propellant … you can guess the rest.

Hence the interest in an engine that can harvest air to keep a satellite aloft and in very low orbits. Anything in such an orbit that wants to stay there will need a periodic boost, as the drag caused by the outer reaches of the atmosphere slow spacecraft and degrade their orbits.

Source: ESA builds air-breathing engine that works in space • The Register

Researchers Bypassed Windows Password Locks With Cortana Voice Commands

Tal Be’ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer’s browser and go to a web address that does not use https—that is, a web address that does not encrypt traffic between a user’s machine and the website. The attacker’s malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

Source: Researchers Bypassed Windows Password Locks With Cortana Voice Commands – Motherboard

Leaked Files Show How the NSA Tracks Other Countries’ Hackers

When the mysterious entity known as the “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material homed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools that the National Security Agency uses to detect other nation-state hackers on the machines it infects.

It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 — the year the NSA tools were believed to have been stolen by the Shadow Brokers — the agency was tracking at least 45 different nation-state operations, known in the security community as advanced persistent threats, or APTs. Some of these appear to be operations known by the broader security community — but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept that the NSA established the team after hackers, believed to be from China, stole designs for the military’s Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online.

“As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time,” one intelligence source told The Intercept.

But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines that they’re trying to hack.

Source: Leaked Files Show How the NSA Tracks Other Countries’ Hackers

If you’re so smart, why aren’t you rich? Turns out it’s just chance.

The most successful people are not the most talented, just the luckiest, a new computer model of wealth creation confirms. Taking that into account can maximize return on many kinds of investment.
[…]
The distribution of wealth follows a well-known pattern sometimes called an 80:20 rule: 80 percent of the wealth is owned by 20 percent of the people. Indeed, a report last year concluded that just eight men had a total wealth equivalent to that of the world’s poorest 3.8 billion people.
[…]
while wealth distribution follows a power law, the distribution of human skills generally follows a normal distribution that is symmetric about an average value. For example, intelligence, as measured by IQ tests, follows this pattern. Average IQ is 100, but nobody has an IQ of 1,000 or 10,000.

The same is true of effort, as measured by hours worked. Some people work more hours than average and some work less, but nobody works a billion times more hours than anybody else.

And yet when it comes to the rewards for this work, some people do have billions of times more wealth than other people. What’s more, numerous studies have shown that the wealthiest people are generally not the most talented by other measures.
[…]
Alessandro Pluchino at the University of Catania in Italy and a couple of colleagues. These guys have created a computer model of human talent and the way people use it to exploit opportunities in life. The model allows the team to study the role of chance in this process.

The results are something of an eye-opener. Their simulations accurately reproduce the wealth distribution in the real world. But the wealthiest individuals are not the most talented (although they must have a certain level of talent). They are the luckiest.
[…]
Pluchino and co’s model is straightforward. It consists of N people, each with a certain level of talent (skill, intelligence, ability, and so on). This talent is distributed normally around some average level, with some standard deviation. So some people are more talented than average and some are less so, but nobody is orders of magnitude more talented than anybody else.
[…]
The computer model charts each individual through a working life of 40 years. During this time, the individuals experience lucky events that they can exploit to increase their wealth if they are talented enough.

However, they also experience unlucky events that reduce their wealth. These events occur at random.

At the end of the 40 years, Pluchino and co rank the individuals by wealth and study the characteristics of the most successful. They also calculate the wealth distribution. They then repeat the simulation many times to check the robustness of the outcome.

When the team rank individuals by wealth, the distribution is exactly like that seen in real-world societies. “The ‘80-20’ rule is respected, since 80 percent of the population owns only 20 percent of the total capital, while the remaining 20 percent owns 80 percent of the same capital,” report Pluchino and co.

That may not be surprising or unfair if the wealthiest 20 percent turn out to be the most talented. But that isn’t what happens. The wealthiest individuals are typically not the most talented or anywhere near it. “The maximum success never coincides with the maximum talent, and vice-versa,” say the researchers.

So if not talent, what other factor causes this skewed wealth distribution? “Our simulation clearly shows that such a factor is just pure luck,” say Pluchino and co.

The team shows this by ranking individuals according to the number of lucky and unlucky events they experience throughout their 40-year careers. “It is evident that the most successful individuals are also the luckiest ones,” they say. “And the less successful individuals are also the unluckiest ones.”
[…]
They use their model to explore different kinds of funding models to see which produce the best returns when luck is taken into account.

The team studied three models, in which research funding is distributed equally to all scientists; distributed randomly to a subset of scientists; or given preferentially to those who have been most successful in the past. Which of these is the best strategy?

The strategy that delivers the best returns, it turns out, is to divide the funding equally among all researchers. And the second- and third-best strategies involve distributing it at random to 10 or 20 percent of scientists.

In these cases, the researchers are best able to take advantage of the serendipitous discoveries they make from time to time. In hindsight, it is obvious that the fact a scientist has made an important chance discovery in the past does not mean he or she is more likely to make one in the future.

A similar approach could also be applied to investment in other kinds of enterprises, such as small or large businesses, tech startups, education that increases talent, or even the creation of random lucky events.

Source: If you’re so smart, why aren’t you rich? Turns out it’s just chance.

ByFlow sells 3D Food Printers in NL

Focus 3D Food Printer

10x Voedsel veilige en hervulbare cartridges.

4 nozzles in 2 verschillende grootte.

5 voorbereide designs om meteen te kunnen beginnen met printen.

Toegang to meerdere recepten en designs voor 3D Food Printing

Source: Bestel uw 3D voedsel Printer |byFlow

EUR3300,-

Internet of Babies – 52000 baby monitors open for public viewing

Earlier this month, we published our first article of our Internet of Things series, “IoD – Internet of Dildos“. As promised, we expanded our research and would like to present you with the first results of our “IoB – Internet of Babies” research.

Baby monitors serve an important purpose in securing and monitoring our loved ones. Unfortunately, the investigated device “Mi-Cam” from miSafes (and potentially further devices) is affected by a number of critical security vulnerabilities which raise serious security and privacy concerns. An attacker is able to access and interact with arbitrary video baby monitors and hijack other user accounts. Based on observed user identifier values extracted from the cloud API and Google Play store data, an estimated total number over 52000 user accounts and video baby monitors are affected (implying a 1:1 distribution of user accounts to video baby monitors). Even worse, neither the vendor nor the CNCERT/CC could be reached for the coordination for our responsible disclosure process. Hence the issues are (up until the publication of this article) not patched and our recommendation is to keep the video baby monitors offline until further notice.

Source: Internet of Babies – When baby monitors fail to be smart | SEC Consult

 
Skip to toolbar