WikiLeaks’ New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago

Earlier this month, when WikiLeaks dumped a cache of hundreds of secret documents allegedly detailing the CIA’s hacking operations, Julian Assange promised that was just “less than 1%” of what the secret-spilling had in its hands. On Thursday, WikiLeaks released a new cache of twelve documents, mostly detailing how the CIA allegedly hacked Apple computers and cellphones around a decade ago.

“These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware,” WikiLeaks stated in a press release.

Source: WikiLeaks’ New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago

The reason I think that this is not getting much coverage is that by now, people just aren’t very surprised anymore…

The Senate Just Voted to Let Internet Providers Sell Your Web History

Today, the US Senate voted 50-48 to overturn broadband privacy rules that would have required internet service providers get consumer consent before selling their web browsing data to advertisers or other data companies.

The rules, which passed in October of last year, govern the collection and selling of private data by ISPs like Verizon, Comcast, or AT&T. Those rules would have required internet providers to ask for permission before selling data about your usage, like web browsing history and location, as well as data about finances, health, app usage, and more. The Senate just voted against it.

Essentially, your ISP would need your approval before they could tell advertisers what web sites you like, what apps you use, where you’re at, or any health and financial information it has on you. These protections weren’t in place yet; the privacy protection rules would go into effect as early as December 4, 2017.

Source: The Senate Just Voted to Let Internet Providers Sell Your Web History

Hardly surprising considering the 4th Reich has just been set up to allow the rape and pillage of the poor by the rich.

This AI stuff is all talk! Bots invent their own language to natter away behind humans’ backs

At first, the bot lingo was more like Morse code: an abstract symbol was agreed upon and then scattered among spaces to create meaning, the researchers explained in a blog post.

The team tweaked the experiment so that there was a slight penalty on every utterance for every bot, and they added an incentive to get the task done more quickly. The Morse code-like structure was no longer advantageous, and the agents were forced to use their “words” more concisely, leading to the development of a larger vocabulary.

The bots then sneakily tried to encode the meaning of entire sentences as a single word. For example, an instruction such as “red agent, go to blue landmark” was represented as one symbol.

Although this means the job is completed more quickly since agents spend less time nattering to one another, the vocabulary size would grow exponentially with the sentence length, making it difficult to understand what’s being said. So the researchers tried to coax the agents into reusing popular words. A reward was granted if they spoke a “particular word that is proportional to how frequently that word has been spoken previously.”

Since the AI babble is explicitly linked to its simple world, it’s no wonder that the language lacks the context and richness of human language.

Source: This AI stuff is all talk! Bots invent their own language to natter away behind humans’ backs

Metered Connections in Windows 10 Creators Update Will Not Block All Windows Update Downloads

It looks like designating a connection as metered in the Windows 10 Creators Update may not block all updates from being downloaded on your system
[…]
Setting a connection as metered in Windows 10 has been a widely used and shared method to control the automatic download and installation of Windows Updates which of course are mandatory on the Windows 10 Home SKU of the operating system so this will impact that work around. In addition, users who are on true metered connections might not be expecting these required updates to use up their bandwidth either after they get the Creators Update when it is released.

So when I saw this new description of how updates would be treated on a metered connection it got me wondering what exactly are those updates which are required to keep Windows running smoothly.

I have reached out to Microsoft to get some clarity on the types of updates that would fit into that category and once I hear back from them I will update this article.

—–

Update: I heard back from Microsoft and was provided this from a spokesperson:

“We don’t plan to send large updates over metered connections, but could use this for critical fixes if needed in the future.”

Not a lot of clarity about bandwidth that might get used so this is an area we will have to keep an eye on.

Source: Metered Connections in Windows 10 Creators Update Will Not Block All Windows Update Downloads (Updated)

Your brain doesn’t stop developing

The human brain reaches its adult volume by age 10, but the neurons that make it up continue to change for years after that. The connections between neighboring neurons get pruned back, as new links emerge between more widely separated areas of the brain.

Eventually this reshaping slows, a sign that the brain is maturing. But it happens at different rates in different parts of the brain.

The pruning in the occipital lobe, at the back of the brain, tapers off by age 20. In the frontal lobe, in the front of the brain, new links are still forming at age 30, if not beyond.

“It challenges the notion of what ‘done’ really means,” Dr. Somerville said.

Source: You’re an Adult. Your Brain, Not So Much.

W3C erects DRM as web standard

The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard.

Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams.

The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members.

That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium’s rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out.

Source: It’s happening! It’s happening! W3C erects DRM as web standard • The Register

Has no-one realised that DRM is a fundementally broken model?

End of fillings in sight as scientists find Alzheimer’s drug makes teeth grow back 

Fillings could be consigned to history after scientists discovered that a drug already trialled in Alzheimer’s patients can encourage tooth regrowth and repair cavities.

Researchers at King’s College London found that the drug Tideglusib stimulates the stem cells contained in the pulp of teeth so that they generate new dentine – the mineralised material under the enamel.
[…]
Scientists showed it is possible to soak a small biodegradable sponge with the drug and insert it into a cavity, where it triggers the growth of dentine and repairs the damage within six weeks.

The tiny sponges are made out of collagen so they melt away over time, leaving only the repaired tooth.

Source: End of fillings in sight as scientists find Alzheimer’s drug makes teeth grow back 

20,000 Worldclass University Lectures Made Illegal, So We Irrevocably Mirrored Them – LBRY

Today, the University of California at Berkeley has deleted 20,000 college lectures from its YouTube channel. Berkeley removed the videos because of a lawsuit brought by two students from another university under the Americans with Disabilities Act.

We copied all 20,000 and are making them permanently available for free via LBRY.

This makes the videos freely available and discoverable by all, without reliance on any one entity to provide them (even us!).

Source: 20,000 Worldclass University Lectures Made Illegal, So We Irrevocably Mirrored Them – LBRY

Web security products introduce man in the middle insecurities

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent US-CERT advisory have warned.

The issue comes with the use of HTTPS interception middleboxes and network monitoring products. They are extremely common and are used to check that nothing untoward is going on.

However, the very method by which these devices skirt the encryption on network traffic through protocols like SSL, and more recently TLS, is opening up the network to man-in-the-middle attacks.

In the paper [PDF], titled The Security Impact of HTTPS Interception, the researchers tested out a range of the most common TLS interception middleboxes and client-side interception software and found that the vast majority of them introduced security vulnerabilities.
[…]
the user can only be sure that their connection to the interception product is legit, but has no idea whether the rest of the communication – to the web server, over the internet – is secure or has been compromised.

And, it turns out, many of those middleboxes and interception software suites do a poor job of security themselves. Many do not properly verify the certificate chain of the server before re-encrypting and forwarding client data. Some do a poor job forwarding certificate-chain verification errors, keeping users in the dark over a possible attack.

In other words: the effort to check that a security system is working undermines the very security it is supposed to be checking.

Source: Are you undermining your web security by checking on it with the wrong tools? • The Register

Towards a lip-reading computer

The system, which has been trained on thousands of hours of BBC News programmes, has been developed in collaboration with Google’s DeepMind AI division.

“Watch, Attend and Spell”, as the system has been called, can now watch silent speech and get about 50% of the words correct. That may not sound too impressive – but when the researchers supplied the same clips to professional lip-readers, they got only 12% of words right.

Joon Son Chung, a doctoral student at Oxford University’s Department of Engineering, explained to me just how challenging a task this is. “Words like mat, bat and pat all have similar mouth shapes.” It’s context that helps his system – or indeed a professional lip reader – to understand what word is being spoken.

“What the system does,” explains Joon, “is to learn things that come together, in this case the mouth shapes and the characters and what the likely upcoming characters are.”

The BBC supplied the Oxford researchers with clips from Breakfast, Newsnight, Question Time and other BBC news programmes, with subtitles aligned with the lip movements of the speakers. Then a neural network combining state-of-the-art image and speech recognition set to work to learn how to lip-read.

After examining 118,000 sentences in the clips, the system now has 17,500 words stored in its vocabulary. Because it has been trained on the language of news, it is now quite good at understanding that “Prime” will often be followed by “Minister” and “European” by “Union”, but much less adept at recognising words not spoken by newsreaders.

Source: Towards a lip-reading computer – BBC News

WikiLeaks will disclose CIA vulns to companies that sign standard responsible disclosures – or maybe not so standard?

“WikiLeaks has made initial contact with us via secure@microsoft.com,” a Microsoft spokesperson told Motherboard — but then things apparently stalled. An anonymous reader quotes Fortune:
Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security “zero days” and other surveillance methods in the possession of the Central Intelligence Agency… Wikileaks’ demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard’s sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.

Julian Assange announced Friday that Mozilla had already received information after agreeing to their “industry standard responsible disclosure plan,” then added that “most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies… such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA.” Assange suggested users “may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves.”

Source: WikiLeaks Won’t Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met – Slashdot

Seeing as we don’t know what the documents are that wikileaks is asking the affected companies to sign, I have no idea whether this is a good or bad thing tbh.

Guacamole – Logmein alternative

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.We call it clientless because no plugins or client software are required.Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Source: Apache Guacamole (incubating)

You set up your own server, then deploy clients on your desktops. Don’t know how well it streams video though…

Boaty McBoatface to go on its first Antarctic mission

A small yellow robot submarine, called Boaty McBoatface after a competition to name a new polar research ship backfired, is being sent on its first Antarctic mission.

Boaty, which has arguably one of the most famous names in recent maritime history, is a new type of autonomous underwater vehicle (AUV), which will be able to travel under ice, reach depths of 6,000 metres, and transmit the data it collects to researchers via a radio link.

Its mission will be to investigate water flow and turbulence in the dark depths of the Orkney Passage, a 3.5km deep region of the Southern Ocean. The data it collects will help scientists understand how the ocean is responding to global warming.

Source: Boaty McBoatface to go on its first Antarctic mission | World news | The Guardian

The real miracle is that the dour bastards at the Natural Environment Research Council (NERC) who opened a competition to name their new ship and then blasted the resultant name, have decided to use the chosen name for something at all, even if it is a sad little submarine.

MXNet – Amazon machine learning Open sourced

MXNet stands for mix and maximize. The idea is to combine the power of declartive programming together with imperative programming. In its core, a dynamic dependency scheduler that automatically parallelizes both symbolic and imperative operations on the fly. A graph optimization layer on top of that makes symbolic execution fast and memory efficient. The library is portable and lightweight, and it scales to multiple GPUs and multiple machines.

Source: MXNet

Cloudbleed: How to deal with it

The duration (2016–09–22 to 2017–02–20) and potential breadth of information exposed is huge — Cloudflare has over 2 million websites on its network, and data from any of these is potentially exposed. Cloudflare has said the actual impact is relatively minor, so I believe only limited amounts of information were actually disseminated. Essentially, broad range of data was potentially at risk, but the risk to any individual piece of data was very low. Regardless, unless it can be shown conclusively that your data was NOT compromised, it would be prudent to consider the possibility it has been compromised.
[…]
From an individual perspective, this is straightforward —the most effective mitigation is to change your passwords. While this is on all probability not necessary (it is unlikely your passwords were exposed in this incident), it will absolutely improve your security from both this potential compromise and many other, far more likely security issues. Cloudflare is behind many of the largest consumer web services (Uber, Fitbit, OKCupid, …), so rather than trying to identify which services are on Cloudflare, the most cautious is use this as an opportunity to rotate ALL passwords on all of your sites. This will improve your security, although the primary benefit is from threats unrelated to this incident.

Source: Cloudbleed: How to deal with it – octal – Medium

Kerala saves Rs 300 crore ($45m) as schools switch to open software

The Kerala government has made a saving of Rs 300 crore through introduction and adoption of Free & Open Source Software (FOSS) in the school education sector, said a state government official on Sunday.

IT became a compulsory subject in Kerala schools from 2003, but it was in 2005 only that FOSS was introduced in a phased manner and started to replace proprietary software. The decision made by the curriculum committee to implement it in the higher secondary sector has also been completed now.

K. Anwar Sadath, executive director IT@School, said they have been entrusted the job for easy classroom transaction of chapters including customisation of applications, teachers’ training, and video tutorials.

“The proprietary version of this software would have incurred a minimum cost of Rs 150,000 per machine in terms of licence fee. Hence, the minimum savings in a year (considering 20,000 machines) is Rs 300 crore. It’s not the cost saving that matters more, but the fact that the Free Software licence enables not only teachers and students but also the general public an opportunity to copy, distribute and share the contents and use it as they wish,” he said.

Source: Kerala saves Rs 300 crore as schools switch to open software

Preinstalled Malware Targeting Mobile Users

The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.

According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.

Source: Preinstalled Malware Targeting Mobile Users | Check Point Blog

Paleobiology Navigator allows you to see where all fossils ever found have come from on a map

Source: PBDB Navigator

Researchers create new form of matter—supersolid is crystalline and superfluid at the same time

By using lasers to manipulate a superfluid gas known as a Bose-Einstein condensate, the team was able to coax the condensate into a quantum phase of matter that has a rigid structure—like a solid—and can flow without viscosity—a key characteristic of a superfluid. Studies into this apparently contradictory phase of matter could yield deeper insights into superfluids and superconductors, which are important for improvements in technologies such as superconducting magnets and sensors, as well as efficient energy transport. The researchers report their results this week in the journal Nature.

“It is counterintuitive to have a material which combines superfluidity and solidity,” says team leader Wolfgang Ketterle, the John D. MacArthur Professor of Physics at MIT. “If your coffee was superfluid and you stirred it, it would continue to spin around forever.”

Physicists had predicted the possibility of supersolids but had not observed them in the lab. They theorized that solid helium could become superfluid if helium atoms could move around in a solid crystal of helium, effectively becoming a supersolid. However, the experimental proof remained elusive.

Source: Researchers create new form of matter—supersolid is crystalline and superfluid at the same time

Apis Cor. 3D building printer

Apis Cor are the first company to develop a mobile construction 3D printer which is capable of printing whole buildings completely on site.Also we are people. Engineers, managers, builders and inventors sharing one common idea – to change the construction industry so that millions of people will have an opportunity to improve their living conditions.On the six continents of Earth there are families which cannot afford to buy or build a house. A good accommodation is costly. And waiting for it to get construction takes more than a single month.So it used to be. Today – it’s different.Today we have a 3D printing technology, new building materials and a mobile 3D printer to build affordable, eco-friendly houses within a single day, capable of lasting up to 175 years

Source: Who we are | Apis Cor. We print buildings

IBM Q opens up usage of their quantum computer

IBM Q is an industry-first initiative to build commercially available universal quantum computers for business and science. While technologies like AI can find patterns buried in vast amounts of existing data, quantum computers will deliver solutions to important problems where patterns cannot be seen and the number of possibilities that you need to explore to get to the answer are too enormous ever to be processed by classical computers.

Source: IBM Q – US

Sponge can soak up and release spilled oil hundreds of times

A new material can absorb up to 90 times its own weight in spilled oil and then be squeezed out like a sponge and reused, raising hopes for easier clean-up of oil spill sites.

But to determine whether this material could help sort out a big spill in marine waters, they needed to perform a special large-scale test.
Recreating a spill

To do this, the team made an array of square pads of the sponge material measuring around 6 square metres. “We made a lot of the foam, and then these pieces of foam were placed inside mesh bags – basically laundry bags, with sewn channels to house the foam,” Darling says.

The researchers suspended their sponge-filled bags from a bridge over a large pool specially designed for practising emergency responses to oil spills.

They then dragged the sponges behind a pipe spewing crude oil to test the material’s capability to remove oil from the water. They next sent the sponges through a wringer to remove the oil and then repeated the process, carrying out many tests over multiple days.

Source: Sponge can soak up and release spilled oil hundreds of times | New Scientist

Google Cloud can now recognise items in videos

Cloud Video Intelligence API (now in Private Beta) uses powerful deep-learning models, built using frameworks like TensorFlow and applied on large-scale media platforms like YouTube. The API is the first of its kind, enabling developers to easily search and discover video content by providing information about entities (nouns such as “dog,” “flower” or “human” or verbs such as “run,” “swim” or “fly”) inside video content. It can even provide contextual understanding of when those entities appear; for example, searching for “Tiger” would find all precise shots containing tigers across a video collection in Google Cloud Storage.

Announcing Google Cloud Video Intelligence API, and more Cloud Machine Learning updates

Did they just copy the Github project Miles Deep – AI Porn Video Editor which can recognise and classify sexual acts in porn videos and make it more socially acceptable?

Quantum computer learns to ‘see’ trees

Scientists have trained a quantum computer to recognize trees. That may not seem like a big deal, but the result means that researchers are a step closer to using such computers for complicated machine learning problems like pattern recognition and computer vision.

The team used a D-Wave 2X computer, an advanced model from the Burnaby, Canada–based company that created the world’s first quantum computer in 2007

Sciencemag.org

Dutch package deliverers start to take back old electronics

In a pilot starting in the north of the Netherlands, Weee Nederland is asking packet couriers to accept old electronics after delivering packages. Hopefully for recycling. If so, this sounds really good.

Pakketbezorger neemt oude apparaten mee

 
Skip to toolbar