In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."
At a glance, the way NEMESIS works is relatively simple. There's an "inference graph," which is a mathematical representation of trained images, classified as Nazi or white supremacist symbols. This inference graph trains the system with machine learning to identify the symbols in the wild, whether they are in pictures or videos. In a way, NEMESIS is dumb, according to Crose, because there are still humans involved, at least at the beginning. NEMESIS needs a human to curate the pictures of the symbols in the inference graph and make sure they are being used in a white supremacist context. For Crose, that's the key to the whole project -- she absolutely does not want NEMESIS to flag users who post Hindu swastikas, for example -- so NEMESIS needs to understand the context. "It takes thousands and thousands of images to get it to work just right," she said.
But this wouldn't be the first time a large state threw around its weight in ways that reverberate beyond its borders. The texbook industry, for instance, has long accommodated the standards of California and Texas. [...] The internet doesn't lend itself cleanly to state lines. It could be difficult for Comcast or Verizon to accept money from services seeking preferential treatment in one state, then make sure that its network didn't reflect those relationships in places where state lawmakers forbade them, said Geoffrey Manne, executive director of the International Center for Law & Economics, a research group.
What's more, regulators beholden to regional duopolies often take things one-step further -- by trying to manipulate data to suggest that broadband is faster, cheaper, and more evenly deployed than it actually is. We saw this under former FCC boss Michael Powell (now the top lobbyist for the cable industry), and more recently when the industry cried incessantly when the base definition of broadband was bumped to 25 Mbps downstream, 4 Mbps upstream. We're about to see this effort take shape once again as the FCC prepares to vote in February for a new proposal that would dramatically weaken the definition of broadband. How? Under this new proposal, any area able to obtain wireless speeds of at least 10 Mbps down, 1 Mbps would be deemed good enough for American consumers, pre-empting any need to prod industry to speed up or expand broadband coverage.
Macron, himself a target of election interference, also outlined some less extreme measures in his speech yesterday. He proposed more rigid requirements around transparency, specifically in relation to online ads during elections. According to the Guardian, Macron said the legislation would force platforms to publicly identify who their advertisers are, as well as limit how much they can spend on ads over the course of an election campaign.
Wolff reportedly gained access to the White House where he conducted numerous interviews with staffers on the inner-workings of the Trump campaign and West Wing operations. Sanders told reporters Wednesday that there were about "a dozen" interactions between Wolff and White House officials, which she said took place at Bannon's request. The White House swiftly slammed the book and those who cooperated with Wolff.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
While the Federal Communications Commission has voted to eliminate the nation's net neutrality rules, the municipal broadband network will be neutral and without data caps. "The network will deliver a 'net-neutral' competitive unfettered data offering that does not impose caps or usage limits on one use of data over another (i.e., does not limit streaming or charge rates based on type of use)," a new planning document says. "All application providers (data, voice, video, cloud services) are equally able to provide their services, and consumers' access to advanced data opens up the marketplace." The city will also be developing policies to protect consumers' privacy. The city intends to provide gigabit service for $70 a month or less and a cheaper Internet tier.
The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.
Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.
Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.
"Spotify brazenly disregards United States Copyright law and has committed willful, ongoing copyright infringement," the complaint reads. "Wixen notified Spotify that it had neither obtained a direct or compulsory mechanical license for the use of the Works. For these reasons and the foregoing, Wixen is entitled to the maximum statutory relief."
The first objective is to get rid of paperless electronic voting machines. Computer scientists have been warning for more than a decade that these machines are vulnerable to hacking and can't be meaningfully audited. States have begun moving away from paperless systems, but budget constraints have forced some to continue relying on insecure paperless equipment. The Secure Elections Act would give states grants specifically earmarked for replacing these systems with more secure systems that use voter-verified paper ballots. The legislation's second big idea is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only conduct recounts in the event of very close election outcomes. And these recounts involve counting a fixed percentage of ballots. That often leads to either counting way too many ballots (wasting taxpayer money) or too few (failing to fully verify the election outcome). The Lankford bill would encourage states to adopt more statistically sophisticated procedures to count as many ballots as needed to verify an election result was correct -- and no more.
Last week, the Beijing bureau of China's top internet regulator accused Toutiao of "spreading pornographic and vulgar information" and "causing a negative impact on public opinion online," and ordered that updates to several popular sections of the app be halted for 24 hours. In response, the app's parent company, Beijing Bytedance Technology, took down or temporarily suspended the accounts of more than 1,100 bloggers that it said had been publishing "low-quality content" on the app. It also replaced Toutiao's "Society" section with a new section called "New Era," which is heavy on state media coverage of government decisions.
And today in the wake of deadly protests, Congo announced that the internet shutdown will continue "indefinitely." The New York Times reports: At least eight people were killed and a dozen altar boys arrested in the Democratic Republic of Congo on Sunday after security forces cracked down on planned church protests against President Joseph Kabila's refusal to leave office before coming elections... Congolese security forces set up checkpoints across Kinshasa, and the government issued an order to shut down text messaging and internet services indefinitely across the country for what it called "reasons of state security."
Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...
The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.
After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."
Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."
But he also argues that filing a false police report should be reclassified as a felony in all states.
"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."
Now, as mass protests in Iran go into their third day there are reports that internet access is being cut in cities with protests occurring. Social media has been a tool for documenting the protests and brutal crackdowns against them. Iran previously cut off internet access during the Green Movement protests following the 2009 elections. At the same time the Iranian government is cutting internet access they have called on Telegram, reportedly used by more than 40 million Iranians, to close the channels used by protesters. Telegram is now closing channels used by the protesters while Telegram itself may be shut down in Iran.
This may come as a shocker, but Neu is not a prince, nor is he Nigerian. He is a 67-year-old male possibly of German descent (based on his last name) who is facing 269 counts of wire fraud and money laundering for his alleged role as a middle man in the scheme. According to Slidell police, some of the money obtained by Neu was wired to co-conspirators who do actually live in Nigera.
UPDATE: The New York Daily News reports police in Los Angeles have now arrested 25-year-old gamer Tyler Barriss, who the paper describes as "an alleged serial 'prankster'..."
"Barriss gave cops Finch's address, mistakenly believing it belonged to a person he had feuded with over a $1 or $2 Call of Duty wager."
"We're sorry for the mistakes we have made -- they do not reflect the community we want to help build," Facebook Vice President Justin Osofsky said in a statement. "We must do better." He said Facebook will double the size of its safety and security team, which includes content reviewers and other employees, to 20,000 people in 2018, in an effort to enforce its rules better. He added that Facebook deletes about 66,000 posts reported as hate speech each week, but that not everything offensive qualifies as hate speech. "Our policies allow content that may be controversial and at times even distasteful, but it does not cross the line into hate speech," he said. "This may include criticism of public figures, religions, professions, and political ideologies."
One advertising executive summarizes thusly: "It's not what's legal. It is what's not creepy."
[...] "Despite popular conceptions," the authors point out, "[conspiratorial thinking] is not the sole province of the proverbial nut-job." When mixed in with the sort of motivated reasoning that ideology can, well, motivate, crazed ideas can become relatively mainstream. Witness the number of polls that indicated the majority of Republicans thought Obama wasn't born in the U.S., even after he shared his birth certificate. While something that induces a healthy skepticism of information sources might be expected to help with this, it's certainly not guaranteed, as motivated reasoning has been shown to be capable of overriding education and knowledge on relevant topics.
[...] As a whole, the expected connection held up: "for both conservatives and liberals, more knowledge of the news media system related to decreased endorsement of liberal conspiracies." And, conversely, the people who did agree with conspiracy theories tended to know very little about how the news media operated.
The trick is an old one, known for more than a decade but until now it's only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The two services are Adthink (audienceinsights.net) and OnAudience (behavioralengine.com), and Princeton researchers said they identified scripts from these two that collected login info on 1,110 sites found on the Alexa Top 1 Million sites list. A demo page has been created to show how the tracking works.
Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.
-The United States Patent and Trademark Office (USPTO) is funded by fees -- and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.
None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.
"Pointing out that the Kremlin is interfering in its own election is not interference," adds schwit1.