Ray Kurzweil Wants to Upload Your Brain to the Cloud
Well, this can go one of two ways. Either this brain/cloud situation will be an
incredibly beneficial superpower, or it could be just another farming device for
data mining and ad sales. My take: If it’s a beneficial superpower then it won’t
be given to the general public. Superpower for the rich. Farming device for the
regular people. And thank you very much but I am farmed enough. My Hinge updates
don’t need to be sent to my cerebellum. I can’t talk about taking a trip to
Costa Rica without flights popping up on my phone. I’m grateful for the ways
technology has touched my life but let me remind people about the Flo app. This
is a period and fertility tracking app that settled with the FTC in May for
selling its users’ personal health data without their knowledge. While there are
definitely huge potential advances that could be made from brain/cloud merges, I
can only think of social media companies that are designed to addict us, with at
least one of these apps in the recent past tracking our eye movements to see
what we liked so we could be coaxed to spend more time using it. It’s not all
bad but I am not looking to plug in forever. And I don’t trust these companies
to do good.
NIST’s pleasant post-quantum surprise
To understand the risk, we need to distinguish between the three cryptographic
primitives that are used to protect your connection when browsing on the
Internet: Symmetric encryption - With a symmetric cipher there is one key to
encrypt and decrypt a message. They’re the workhorse of cryptography: they’re
fast, well understood and luckily, as far as known, secure against quantum
attacks. ... Symmetric encryption alone is not enough: which key do we use when
visiting a website for the first time? We can’t just pick a random key and send
it along in the clear, as then anyone surveilling that session would know that
key as well. You’d think it’s impossible to communicate securely without ever
having met, but there is some clever math to solve this. Key agreement -
also called a key exchange, allows two parties that never met to agree on a
shared key. Even if someone is snooping, they are not able to figure out the
agreed key. Examples include Diffie–Hellman over elliptic curves, such as
X25519. The key agreement prevents a passive observer from reading the contents
of a session, but it doesn’t help defend against an attacker who sits in the
middle and does two separate key agreements: one with you and one with the
website you want to visit.
Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover
The first bug involved the common feature found in mobile apps that allow users
to log in using an external service, like Apple ID, Google, Facebook, or
Twitter. In this case, the researchers examined the "log in with Google" option
— and found that the authentication token mechanism could be manipulated to
accept a rogue Google ID as being that of the legitimate user. The second bug
allowed researchers to get around two-factor authentication. A PIN-reset
mechanism was found to lack rate-limiting, allowing them to mount an automated
attack to uncover the code sent to a user's mobile number or email. "This
endpoint does not contain any sort of rate limiting, user blocking, or temporary
account disabling functionality. Basically, we can now run the entire 999,999
PIN options and get the correct PIN within less than 1 minute," according to the
researchers. Each security issue on its own provided limited abilities to the
attacker, according to the report. "However, an attacker could chain these
issues together to propagate a highly impactful attack, such as transferring the
entire account balance to his wallet or private bank account."
How To Become A Self-Taught Blockchain Developer
The Blockchain developer must provide original solutions to complex issues,
such as those involving high integrity and command and control. A complicated
analysis, design, development, test, and debugging of computer software are
also performed by the developer, particularly for particular product hardware
or for technical service lines of companies. Develops carry out computer
system selection, operating architecture integration, and program design.
Finally, they use their understanding of one or more platforms and programming
languages while operating on a variety of systems. There will undoubtedly be
challenges for the Blockchain developer. For instance, the developer must
fulfill the criteria of a Blockchain development project despite using old
technology and its restrictions. A Blockchain developer needs specialized
skills due to the difficulties in understanding the technological realities of
developing decentralized cryptosystems, processes that are beyond the normal
IT development skill-set.
Machine learning begins to understand human gut
While human gut microbiome research has a long way to go before it can offer
this kind of intervention, the approach developed by the team could help get
there faster. Machine learning algorithms often are produced with a two step
process: accumulate the training data, and then train the algorithm. But the
feedback step added by Hero and Venturelli's team provides a template for
rapidly improving future models. Hero's team initially trained the machine
learning algorithm on an existing data set from the Venturelli lab. The team
then used the algorithm to predict the evolution and metabolite profiles of
new communities that Venturelli's team constructed and tested in the lab.
While the model performed very well overall, some of the predictions
identified weaknesses in the model performance, which Venturelli's team shored
up with a second round of experiments, closing the feedback loop. "This new
modeling approach, coupled with the speed at which we could test new
communities in the Venturelli lab, could enable the design of useful microbial
communities," said Ryan Clark, co-first author of the study, who was a
postdoctoral researcher in Venturelli's lab when he ran the microbial
experiments.
Jorge Stolfi: ‘Technologically, bitcoin and blockchain technology is garbage’
It is the only thing that blockchain could contribute: the absence of a
central authority. But that only creates problems. Because to have a
decentralized database you have to pay a very high price. You must ensure that
all miners do “proof of work.” It takes longer, and it is not even secure
because in the past there have been occasions where they have had to rewind
several hours worth of blocks to remove a bad transaction, in 2010 and 2013.
The conditions that made that possible are still there and that’s why
blockchain technology is a fraud: it promises to do something that people
already know how to do. ... It is the only digital system that does not follow
customary money laundering laws. That’s why criminals use it. Once you have
paid a ransom, there is no way for the victim to cancel the payment and get
the money back, not even the government can do it easily. It is anonymous and
when a hacker encrypts your data, they do not have to enter your system
directly, where they would leave a trace. He has botnets, computers that he
has already hacked, so tracking him down is difficult.
How to Write Secure Source Code for Proprietary Software
Source code is at the mercy of developers and anyone else that has access to it.
That means limiting access to your source code and establishing security
guidelines for those with access is vital for increasing security. It's also
important to realize that insider threat actors aren't always malicious. Often,
insider threats come from mistakes or negligent actions taken by employees.
... Outside threats come from outside of your development team. They may
come from competitors that want to use the code to improve their own. Or, they
can come from hackers who will attempt to sell your source code or pick it apart
looking for vulnerabilities. The point is, whether a leak comes from inside or
outside threats, it can have terrible consequences. Source code leaks can lead
to additional attacks, exposing large amounts of sensitive data. Source code
leaks can also lead to financial losses by giving competitors an advantage. And
your customers will think twice before dealing with a developer that has exposed
valuable customer data in the past.
How IoT and digital twins could help CIOs meet ESG pledges
This inevitably leads to accusations of greenwashing, where marketing
departments hijack the ambitions of organisations before any serious, robust
plan is in place. For CIOs tasked with bringing down emissions and adhering to
targets, this can be a huge problem. A recent IBM CEO study finds that CEOs are
coming under increasing pressure from stakeholders to act on sustainability. It
cites “frustrations” with organisations’ “all talk and no action”. Culture is
seen as a significant issue in hampering any attempts to co-ordinate carbon
emission strategies. “If you want to avoid the trap of greenwashing, it needs to
start with the CEO,” says Alicia Asín, CEO of Libelium, an IoT business based in
Zaragoza, Spain. Asín, speaking on a panel at IoT World Congress, added that
this creates a culture where the whole organisation needs to look at the design
and sustainability credentials of every technology offering for every
sustainable project. She used an example of a farm customer that is using IoT to
reduce the amount of water in irrigation and to reduce the level of pesticides
being used on their crops.
GitHub Copilot is the first real product based on large language models
The success of GitHub Copilot and Codex underline one important fact. When it
comes to putting LLMs to real use, specialization beats generalization. When
Copilot was first introduced in 2021, CNBC reported: “…back when OpenAI was
first training [GPT-3], the start-up had no intention of teaching it how to help
code, [OpenAI CTO Greg] Brockman said. It was meant more as a general purpose
language model [emphasis mine] that could, for instance, generate articles, fix
incorrect grammar and translate from one language into another.” But while GPT-3
has found mild success in various applications, Copilot and Codex have proven to
be great hits in one specific area. Codex can’t write poetry or articles like
GPT-3, but it has proven to be very useful for developers of different levels of
expertise. Codex is also much smaller than GPT-3, which means it is more memory
and compute efficient. And given that it has been trained for a specific task as
opposed to the open-ended and ambiguous world of human language, it is less
prone to the pitfalls that models like GPT-3 often fall into.
LockBit explained: How it has become the most popular ransomware
After obtaining initial access to networks, LockBit affiliates deploy various
tools to expand their access to other systems. These tools involve credential
dumpers like Mimikatz; privilege escalation tools like ProxyShell, tools used to
disable security products and various processes such as GMER, PC Hunter and
Process Hacker; network and port scanners to identify active directory domain
controllers, remote execution tools like PsExec or Cobalt Strike for lateral
movement. The activity also involves the use of obfuscated PowerShell and batch
scripts and rogue scheduled tasks for persistence. Once deployed, the LockBit
ransomware can also spread to other systems via SMB connections using collected
credentials as well as by using Active Directory group policies. When executed,
the ransomware will disable Windows volume shadow copies and will delete various
system and security logs. The malware then collects system information such as
hostname, domain information, local drive configuration, remote shares and
mounted storage devices then will start encrypting all data on the local and
remote devices it can access.
Quote for the day:
"If you want people to to think, give
them intent, not instruction." -- David Marquet
No comments:
Post a Comment