Comments
vas pup • October 13, 2023 7:47 PM
What if one rogue nation dimmed the Sun?
“So if one rogue nation did decide to dim the Sun for real, what environmental and geopolitical consequences might unfurl? And is the safe deployment of such a technology even a conceivable goal?
This January, more than 440 scientists signed an open letter calling for a non-use agreement on solar geoengineering – including for small-scale outdoor
experiments, like the unauthorised test conducted by a San Francisco start-up in Mexico earlier this year. They argue that the side-effects are unpredictable, the current global governance system is “incapable” of guaranteeing fair and effective control, and that development might encourage “normalisation” of the technology as part of the world’s climate policy. Its cooling effect could create a “moral hazard”, numerous researchers and civil society organisations warn, by taking pressure off efforts to cut the
underlying CO2 emissions.
some researchers suggest there could be a case for emergency solar geo engineering as an accompaniment to decarbonisation. In the US, the National Academies of Sciences, Engineering and Medicine last year recommended a national research program on Solar Radiation Modification [SRM] – as the technology is also known. This year, the White House issued a report that examined what a federally-funded research program might entail. And in the
private sector, money from US tech giants and billionaires is flowing towards further investigation.
Alternative methods of solar geo engineering are all now competing for their moment in the spotlight, from marine cloud brightening (which would inject sea
salt aerosols into low-lying clouds to increase their reflectivity), to cirrus
cloud thinning (which would inject ice nuclei into high clouds, shortening their life-span and allowing more heat to escape into space). But stratospheric sulphate aerosol injection by aeroplane remains the best-studied proposal for global impact. The technology could potentially lower temperatures at speed, and with relatively low finance. One 2013 estimate equates start-up costs to “the price of a Hollywood blockbuster”. A more recent calculation of running costs comes in at around $18bn (?16bn) a year.
Alternative methods of solar geo engineering are all now competing for their moment in the spotlight, from marine cloud brightening (which would inject sea
salt aerosols into low-lying clouds to increase their reflectivity), to cirrus
cloud thinning (which would inject ice nuclei into high clouds, shortening
their life-span and allowing more heat to escape into space). But stratospheric
sulphate aerosol injection by aeroplane remains the best-studied proposal for
global impact. The technology could potentially lower temperatures at speed, and with relatively low finance. One 2013 estimate equates start-up costs to “the price of a Hollywood blockbuster”. A more recent calculation of running costs comes in at around $18bn (?16bn) a year.
!!!Among the most potentially on sequential effects is damage to the atmosphere’s protective ozone layer. A 2022 UNEP report into its depletion
noted “shortcomings” in the modeling on solar geoengineering’s impact. The
technology would also do nothing to stop rising CO2 concentrations from acidifying the oceans.
If one nation or more were to push ahead regardless of such tensions, however,
the worst-case scenarios are numerous. Countermeasures ranging from economic
sanctions, to UN intervention and potentially armed conflict could all be
deployed, says Biermann, with the ultimate result “difficult to predict”.
!!!There is also a possibility that an arms-race develops, with nations
developing the technology simply because rival superpowers are doing likewise.
!!!Deployment could also risk opening up a whole new arena of disinformation about why the weather was changing, he suggests, and “infect” the rest of climate politics. “The whole relationship between science and society is already strained after Covid,” says Corry. “So you would have an extraordinary potential for conspiracy theories and for misinformation, and an incredibly
difficult environment for science to do its job.”
bl5q sw5N • October 13, 2023 8:40 PM
@ vas pup
is the safe deployment of such a technology even a conceivable goal
Andrew Majda –
“The central difficulty in climate change science is that the dynamical equations for the actual climate are unknown. All that is available from the true climate in nature are some coarse-grained observations of functions such as mean or variance of temperature, tracer greenhouse gases such as carbon dioxide, or the large scale horizontal winds. Thus, climate change science must cope with predicting the coarse-grained dynamic changes of an extremely complex system only partially observed from a suite of imperfect models for the climate.”
ResearcherZero • October 14, 2023 12:43 AM
X must provide the relevant information on its “crisis response protocol” to the EC by Oct. 18, and then provide other related data by Oct. 31, the EC said.
‘https://www.cnbc.com/2023/10/12/europe-investigating-elon-musks-x-about-israel-hamas-misinformation.html
Categories for reporting in Australia offer no option to report electoral misinformation.
“X (formerly Twitter) appears to have removed an option that allowed users in a handful of markets to directly report misleading information about politics.”
‘https://techcrunch.com/2023/09/27/x-limits-report-post-options/
“These findings suggest that the platforms’ content moderation systems were not significantly biased in terms of moderating Yes- or No-aligned content. Consistent with our earlier research, there remains a substantial, potentially systemic issue regarding under-moderation of misinformation.”
“Furthermore, this research suggests that the measures from the Australian Code of Practice on Disinformation and Misinformation might not be effectively preventing the under-moderation of content. It is also evident that the signatories’ transparency reports have not identified the issues highlighted by this research.”
‘https://au.reset.tech/uploads/Reset.Tech-Over-Under-Moderation-2.pdf
“At a time when foreign and domestic false information campaigns are more sophisticated than they ever have been, U.S. tech companies have responded by gutting their integrity teams and unleashing new AI tools with the potential to turbocharge the efforts of bad actors.”
https://accountabletech.org/media/leading-civil-society-groups-introduce-election-integrity-framework-for-online-platforms/
ResearcherZero • October 14, 2023 1:21 AM
Australians want the government to do more to protect the privacy of their data.
The current Privacy Act was written in 1988, well before sharing your personal information digitally was commonplace. A statutory privacy tort would be more accessible than existing causes of action such as breach of confidence or defamation.
Opting out and destroying data…
“At the core of the proposed changes the government has agreed to is an overhaul of how our data is collected, used and stored.”
‘https://www.abc.net.au/news/2023-09-28/government-agrees-to-sweeping-privacy-reforms/102912458
…tech companies have pushed back hard
‘https://au.reset.tech/news/briefing-targeted-advertising-and-profiling-in-the-privacy-act-review-are-we-going-far-enough/
“While the federal government will move to legislate a handful of recommendations from the two-year review in 2024, some of the most significant proposals from it – including the introduction of a direct right of action for privacy breaches and the removal of the small business exemption – will be consulted on further, with no timeline given for their implementation.”
As a result, any legislative changes could still be years away.
‘https://ia.acs.org.au/article/2023/govt-kicks-privacy-act-can-down-the-road.html
84% of Australians want more control and choice over the collection and use of their information.
‘https://www.oaic.gov.au/__data/assets/pdf_file/0025/74482/OAIC-Australian-Community-Attitudes-to-Privacy-Survey-2023.pdf
Need for adequate enforcement.
https://au.reset.tech/uploads/Reset.Tech-September-Roundtable.pdf
ResearcherZero • October 14, 2023 1:25 AM
Queensland will join NSW as “the only other state to introduce such a scheme”, it said.
‘https://www.itnews.com.au/news/qld-gov-introduces-data-breach-notification-legislation-601173
Clive Robinson • October 14, 2023 4:44 AM
Total Solar Eclipse
Folks for those of you living in the West and South of the USA today you have a total solar eclipse happening.
Starting at 16:30 GMT[1]
The eclipse will be visible from several states in the U.S. moving from the West to East and North to South visable in Oregon, Nevada, Utah, New Mexico, and Texas, before heading out into the gulf of Mexico.
Please take extra care today especially with a couple of warnings,
1, It can get dark quite rapidly so is at a minimum a driving hazard.
2, Looking up without approproate eye protection can give you permanently defective vision.
But if you can, get out there and see the “ring of fire” etc when the moon passes over twixt you and the sun I’d do so. Whilst not considered a “Once in a lifetime event” they can be quite infrequent in some places. Oh and take a coat, I’ve seen a couple of totals in my time, and it always gets noticeably a little chilly. And as it’s technically “Autumn” now…
The times are given on line including by NASA etc.
French eclipse enthusiast Xavier Jubier has created this interactive map,
http://xjubier.free.fr/en/site_pages/solar_eclipses/ASE_2023_GoogleMapFull.html
For those that get the full overhead effects in clear skys enjoy.
[1] OK due to multiple TZs things can get confusing, so,
Beginning at,
09:13 a.m. PDT
12:13 p.m. EDT
16:13 p.m. GMT
Ismar • October 14, 2023 5:10 AM
October is a Cyber Security Month
https://www.cyber.gov.au/learn-basics/view-resources/cyber-security-awareness-month
ResearcherZero • October 14, 2023 5:51 AM
black boxes, numbers and geometry
“For decades, physicists and mathematicians have used dualities to come up with new descriptions of how the forces of nature work. The first and most famous example comes from Maxwell’s equations, first written down in the late 19th century, which connect electric and magnetic fields.”
“By unifying disparate phenomena, the three mathematicians have brought some of the order that’s intrinsic to the relationship between electricity and magnetism to the relationship between periods and L-functions.”
‘https://www.quantamagazine.org/echoes-of-electromagnetism-found-in-number-theory-20231012/
Censored • October 14, 2023 7:38 AM
I wonder, should Bruce stay as a voice of reason, or no longer affiliate with Harvard for the sake of his good name? And I am not even referring to this week’s events.
https://www.thefire.org/news/harvard-gets-worst-score-ever-fires-college-free-speech-rankings
bl5q sw5N • October 14, 2023 8:45 AM
@ ResearcherZero
black boxes, numbers and geometry
This story illustrates a general theme in mathematics, stated by Michael Spivak in his wonderful book “Calculus on Manifolds” on the general Stokes’ Theorem:
[the general] Stokes’ theorem shares three important attributes with many fully evolved major theorems:
1. It is trivial.
2. It is trivial because the terms appearing in it have been properly defined.
3. It has significant consequences.
The proper definition means the right (the truly scientific) objects have been found.
Nonsense • October 14, 2023 9:18 AM
Is it possible to not receive the squid nonsense via RSS?
It’s already convoluted as it is, this is just unnecessary.
Steve • October 14, 2023 1:37 PM
@Clive Robinson: Just to be pedantic, it’s not a “total” eclipse, it’s an “annular” eclipse, since the moon is fairly close to its apogee and, thus, will not completely cover the sun.
https://www.timeanddate.com/astronomy/moon/lunar-perigee-apogee.html
The next total eclipse is next year, in April, I believe.
Clive Robinson • October 14, 2023 5:34 PM
@ Steve, JonKnowsNothing, SpaceLifeForm,
“Just to be pedantic…”
You post surprises me…
Because of the “a word” it’s been susspected in the past of being on the “naughty word list” thus trigger the auto-mod.
The problem with finding what is an is not on the “naughty word list” is it appears to change…
Thus if you hit the auto-mod the way to find what word is responsible is to use a binary chop process. Which is OK’sh down to the paragraph level.
But quickly becomes quite unreadable after thay. So, I tend to go for a sentance as minimum “granularity” and when I’ve found the likely culprit change several potentially sispect words or phrases, but try and keep the same meaning.
ResearcherZero • October 14, 2023 6:12 PM
‘https://www.unisa.edu.au/media-centre/Releases/2023/new-cyber-algorithm-shuts-down-malicious-robotic-attack/
Not applicable for humans.
ResearcherZero • October 14, 2023 6:33 PM
@Nonsense
Make and customize your own.
‘https://zapier.com/blog/make-your-own-rss-superfeed/
ResearcherZero • October 14, 2023 10:22 PM
SEO poisoning – ShellBot targeting SSH servers
“the malware entered the certificate information randomly, with the Subject Name and Issuer Name fields having unusually long strings”
‘https://asec.ahnlab.com/en/57553/
–
Wateringhole used to target EU military personnel and political leaders.
“The extracted photos were sourced by the malicious actor from individual posts on various social media platforms such as LinkedIn, X, and Instagram.”
‘https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
malicious OOXML, and embedded RTF document exploit (RCE)
‘https://www.trellix.com/en-us/about/newsroom/stories/research/breaking-down-cve-2023-36884-and-the-infection-chain.html
RomCom is being distributed using lure sites that often appear legitimate and are being utilized in narrow targeting. It appears that the actors are watching out for companies that become inactive, or in a similar status, then will appropriate these companies’ names.
“RomCom 3.0 binaries are protected with VMProtect. Some binaries are also signed with valid certificates. …On the surface, the companies that are signing these binaries look like legitimate companies that have undergone the process of becoming a signer of these certificates.”
‘https://www.trendmicro.com/en_nl/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Erdem Memisyazici • October 14, 2023 10:23 PM
I wanted to underline how fascinating cephalopods are in just how different they are when compared to other species. Apparently we still don’t know why they edit their own RNA 10x more than mammals. Leading theories include it’s a fault correction mechanism that they are addicted to or that it improves their intelligence as less intelligent cephalopods also happen to do less RNA recoding. There are scientists working on this question right now apparently and that should be an interesting read.
bl5q sw5N • October 14, 2023 10:50 PM
@ Erdem Memisyazici
they edit their own RNA
Maybe self-modifying code is the way to go after all. But then what stays constant ?
ResearcherZero • October 15, 2023 1:00 AM
“Serhiy Semeniuk’s legal team manipulated the electronic selection system that determines which judge is assigned to the case.”
‘https://rsf.org/en/ukraine-rsf-condemns-attempted-slapp-proceedings-against-investigative-media-slidstvoinfo
Clive Robinson • October 15, 2023 7:08 PM
@ Bruce, ALL,
“ AI Watermarking, a disaster in the making?”
As most are aware there is a bit of a discussion about the visual output of certain LLM systems and the notion of fakes / faux images that they generate.
Well the old late 1990’s digital watermarking nonsense has surfaced again touted as a potential solution.
Though what has been proposed apears to have quite a few holes in it,
https://www.theregister.com/2023/10/15/microsoft_adobe_ai_watermark/
One thing that immediately pops up to my mind is just how easy it appears to be to strip the watermark out.
The proposed solution of look the image up in an online DB to get the watermark tag info back is actually not such a good idea. Because it alows for theft of rights etc.
Say two people take a picture of a famous tree between two hills when standing at the same path/gate they end up with two very similar images.
So similar that the image recognition systems that work with different file types will probably flag them as the same image, when they are in fact not.
As people are aware YouTube suffers from a lot of “fake take down” and similar that causes small content creators no end of troubles.
Without going into details it’s not that hard to see how such a watermark DB could be used for both fraud and harassment of small content creators, and even peoples holiday snaps.
Throw in discriminatory pricing against low volume users and we will be back to all the nonsense of a quater of a century ago, that caused Digital Watermarking to get shelved back then.
ResearcherZero • October 16, 2023 12:04 AM
“Polymathic AI can show us commonalities and connections between different fields that might have been missed.”
‘https://techxplore.com/news/2023-10-scientists-ai-scientific-discovery-tech.html
ResearcherZero • October 16, 2023 2:19 AM
Members of U.S. Congress Targeted
“The spies used the social network X to try to induce the politicians and others to visit websites designed to install a hacking software known as Predator.”
‘https://www.washingtonpost.com/technology/2023/10/09/vietnam-predator-hack-investigation/
“we assess with high confidence that REPLYSPY included Cytrox Predator infection links in replies to numerous U.S. and international officials and others.”
“We attribute the domain name southchinapost[.]net to Cytrox’s Predator spyware with high confidence.”
‘https://citizenlab.ca/2023/10/predator-spyware-targets-us-eu-lawmakers-journalists/
The Intellexa alliance, its subsidiaries and partnerships have evolved over time since its inception into a complex worldwide company structure.
Deanonymizing WhatsApp and Signal
In its targeted interception mode – which starts from a single target – JASMINE has claimed it is able to identify communicating parties in encrypted but peer-to-peer applications such as Skype, which create direct network connections between participants. Additionally the JASMINE documentation explicitly claims support for identifying the IP addresses of participants in encrypted apps such as WhatsApp and Signal during voice and video calls where peer-to-peer connections are also used for calling by default.
The JASMINE documentation also explains that by analysing encrypted traffic “events” for a whole country – in mass interception mode – JASMINE has the ability to correlate and identify the participants in encrypted group chats on messaging apps, with specific support analysing WhatsApp chat conversations.
“Such encrypted traffic analysis systems can also be used to identify anonymous users who upload content on social media in a country. …The upload will be encrypted with HTTPS, however, the file size of the uploaded video file and upload time is still visible to an observer recording network traffic metadata via surveillance systems deployed at their mobile operator.”
‘https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/
Chris Becke • October 16, 2023 7:33 AM
| Its cooling effect could create a “moral hazard”, numerous researchers and civil society organisations warn, by taking pressure off efforts to cut the underlying CO2 emissions.
If Brexit and Trump didn’t happen I might agree. but its clear that tying ones ongoing survival to a group of people who have a literal belief in being raptured off a planet amid biblical catastrophe is foolish.
To put it in security terms that we understand, its like (if we) went back in time and campaigned against the development of SSL and HTTPs on the grounds that doing so would normalize packet inspection and act as impediment to developing a robust framework to capturing and prosecuting offenders who misused data stolen from cleartext streams. Imagine the world where people just knew it was wrong and didn’t spy on cleartext even.
The simple truth is, even if everyone is burning to death, green technologies are never going to take off for as long as they are more expesive than the alternative because no population is ever going to keep a government in power that inflicts, however well intentioned, short term pain on its population.
Clive Robinson • October 16, 2023 8:12 AM
@ Chris Becke,
“The simple truth is… …because no population is ever going to keep a government in power that inflicts, however well intentioned, short term pain on its population.”
Actually not true, the number of wars we keep fighting are just one of many things that testify to that.
The problem is that whilst “comfort and convenience” are in the modern world seen as “primary drivers” humand are very emotional in nature and few have the ability to assess risk in a sensible way.
Thus politicians and others can send the population “scurrying for the trees” with little difficulty.
Look at the UK and Brexit, anyone could sit down and read up on the relevent information and conclude that “being in the boat pi55ing out” was way better than being the target for two dozen or more others pi55ing out in retribution.
There were other solid economic indicators that it was a very very bad idea.
I could spend weeks listing them.
But the vote was based on lies and misinformation and illegal political funding that spread a mixture of scare stories and “it will be raining gold tommorow” nonsense. The result was enough despite considerable warning voted on the emotional clap-trap.
Now of course, that it is going ever steadily wrong, and those emotion votes are not getting what they dreamed of, guess what? They blaim those who warned them it was going to go badly for some how changing the future against their castle in the air dreams…
ResearcherZero • October 17, 2023 4:44 AM
@Chris Becke, @Clive Robinson
Emotional targeting in politically driven campaigns can be like Chum in the water. Some people display a strong emotional response. Although there is evidence to show that it is less effective at changing people’s opinions, it further reinforces already held views and instead increases ideological segregation. It also further drives contentious conversations. It’s really quite mad.
‘https://www.frontiersin.org/articles/10.3389/fpsyg.2021.781851/full
Similar to the “if it bleeds, it leads” effect that exists with news stories, social media also increases the effect.
“negativity embedded in online content explains the speed and virality of online diffusion dynamics”
‘https://www.nature.com/articles/s41562-023-01538-4
The framing also plays a big part… “Now watch this drive.” ⛳
‘https://www.youtube.com/watch?v=1HZ3Tjohwqo
“The implications of this trend are huge, as decreased confidence in the system decreases civic engagement.”
https://www.brookings.edu/articles/misinformation-is-eroding-the-publics-confidence-in-democracy/
–
booby-trapped PDF in a WinRAR archive
CVE-2023-38831 (spoof file extensions)
‘https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack
ResearcherZero • October 17, 2023 5:01 AM
@Chris Becke, @Clive Robinson
Churchillian Drift — “If but one person puts on the Internet that Churchill said something — well, then it gets repeated by about 200 other people.”
watch as I confirm your bias…
The Confirmation Process
…The influence of corporate America in the Supreme Court is borne out by the dominance of specialized “repeat players.”
Most interviewees believe that the value of SCOTUS nomination hearings has increasingly diminished over time. Common descriptions included “kabuki theater,” “farce,” “charade,” “circus,” “a model of escape and evasion” and “insufferable.” Anyone who has watched recent hearings would be hard pressed to disagree.
This imbalance in the small group of advocates who have the ear of the Court has serious consequences for the Court’s agenda and the public’s perception that the Court gives each party before it an equal hearing. In turn, the stakes for the country are high: not just the rights of workers, consumers, and other plaintiffs, but also the credibility and legitimacy of the Court in the eyes of a public that already believes their government is overly aligned with the interests of large corporations.
‘https://www.whitehouse.gov/wp-content/uploads/2021/12/SCOTUS-Report-Final.pdf
…then reinforce it.
‘https://cdn.media.ccc.de/contributors/anarchy23/h264-hd/anarchy23-1593599416-eng-How_the_system_protects_the_police_and_the_police_protects_the_state_french_example_hd.mp4
“Police are permitted to lie to suspects, including promises of leniency if the person confesses.”
‘https://www.nbclosangeles.com/news/local/wrongfully-convicted-la-county-prison-exoneration-gerardo-cabanillas/3232044/
ResearcherZero • October 17, 2023 5:41 AM
“We haven’t yet seen a cataclysmic moment in this rejection of the courts. But we are starting to see the steps toward it”
‘https://bdnews24.com/world/americas/h5msrql9io
“There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions.”
‘https://news.yahoo.com/russian-hackers-attack-computer-systems-213325175.html
https://www.theregister.com/2023/10/16/kansas_courts_security_incident/
https://www.scmagazine.com/brief/florida-circuit-court-compromised-by-alphv-blackcat-ransomware
“Our adversaries are watching what we do and … quite frankly, they like it,” said Republican House Foreign Affairs Committee Chairman Michael McCaul.
‘https://www.newsweek.com/republican-warn-party-biggest-threat-1834340
Clive Robinson • October 18, 2023 6:44 AM
@ Bruce and the usual suspects,
US Court appeal over use of AI by lawyer
This is actually funny even though it is quite serious,
https://www.theregister.com/2023/10/17/fugees_ai_trial/
Get past the opening paragraphs and you will find your eyebrows raising at the apparant stupidity of the lawyer.
If the judge will grant an appeal or not, is an open question currently but if the allegations of the lawyers behaviours are true, then the lid realy has poped of a very large can of worms. Especially as it appears the AI in question was “hallucinating” as some chose to call it.
Clive Robinson • October 18, 2023 7:05 AM
@ ALL,
As this is the “Squid Page” and this security story is about “Squid”…
https://www.theregister.com/2023/10/13/squid_proxy_bugs_remain_unfixed/
Apparently well over two years ago 55 bugs in the Squid Proxie Projects C++ code were found and reported by a security researcher.
Since then the majority have not been addressed in any meaningful way or at all.
The security researcher has thus decided that the project has had more than sufficient time, thus is now going to publically disclose the vulnerabilities…
Apparently the projects developers who have been contacted have “no comment” to make currently.
For those that do not know many ISPs and other upstream organisations use the Squid Proxie as a way to manage costs and resources. Thus the number of people who could be effected is realy quite significant.
ResearcherZero • October 19, 2023 3:59 AM
“Say, for example, you needed to monitor the status of a thousand-mile-long oil pipeline. How do you monitor the portion that cuts through the middle of nowhere? One solution is to use an industrial cellular router.”
‘https://vulncheck.com/blog/real-world-cve-2023-43261
“What’s the big deal with login.js, you ask? Well, this JavaScript file revealed that the application was encrypting passwords client-side using the CryptoJS library and then sending them to the server. …With the help of the same credentials, I managed to log in to the router console using SSH.”
‘https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
CallbackHell and BYOD
‘https://securelist.com/updated-mata-attacks-industrial-companies-in-eastern-europe/110829/
“TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.”
‘https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
A so-called “zip slip” is a common class of vulnerability.
Titan MFT and Titan SFTP have a feature where .zip files can be automatically extracted when they are uploaded over any supported protocol. If a command doesn’t properly sanitize path traversal characters, an attacker can write a file to anywhere on a Linux file system, they can leverage that to gain remote access to the target host.
‘https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
A large list of recent industrial intrusions…
“APTs are known for their sophisticated and targeted attacks, and by infiltrating widely used communication platforms like Discord, they can efficiently establish long-term footholds within networks, putting critical infrastructure and sensitive data at risk.”
‘https://www.trellix.com/en-us/about/newsroom/stories/research/discord-i-want-to-play-a-game.html
Clive Robinson • October 19, 2023 5:56 AM
@ Bruce, SpaceLifeForm, ALL,
“CIA security cut short by twit X’d bug”
It appears Hell on Rusk has caused a security issue for the CIA by cutting short a URL,
https://www.theregister.com/2023/10/18/cia_x_url_bug/
Though I’m realy not sure why the CIA would want to use Telegram, it certainly would not be my choice as it does not even make good camouflage to hide behind…
Clive Robinson • October 19, 2023 1:56 PM
@ Bruce, and those in the US,
The FCC are putting the Internet back under Title II regulation.
Which not only brings back “Net Neutrality” it also alows for an increase in security,
For those wondering about the increase in security Title II gives the FCC standards and similar minimum operability powers over the communications network.
Whilst you will here the tired old “It will stop inovation” nonsense from the likes of the cable and old style phone companies, the reality was it was the companies not inovating to maintain profit by preventing competition.
There are several stages in the process the first of interest is the “Public Comments” where you can write in your opinion, and I would suggest people do.
Clive Robinson • October 19, 2023 2:31 PM
@ Bruce, SpaceLifeForm, ALL,
“From Hammer to Press DRAM bit fliping”
Time to start the stop watch on this vulnerability becoming a fully fledged attack.
Back when RowHammer first poped up I observed that it was not an unknown problem and DRAM with it’s CAS and RAS timing cycles required to do “refresh” to maintain the cap charge state was vulnerable in more than one way, and mentioned that ionising radiation had long been known to be an issue.
Well researchers at ETH Zurich –again ;-)– under Prof Onur Mutlu have discovered a new timing vulnerability and published a paper,
https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf
Whilst there is not yet a viable attack known publically, I suspect it will not be long, as the bragging rights alone will bumb a C.V. up a long way.
So yet another hardware “Gift that keeps giving” but it could be in time for “Thanks giving” this year not “Xmas”.
Which is likely to be bad news for Microsoft… Win 11 is very slow out of the starting gate and makes a snail on Mogadon look speedy…
The reason is Win 11 needs the latest generation hardware, so is not a simple software upgrade as some MS OS’s have been in the past.
This RowPress vulnerability in reality means that the current “latest hardware” is not a wise buy as the second an attack appears new DRAM designs that are less vulnerable will be brought out, which in turn is likely to effect other parts of the hardware. So if you are a business looking at upgrading all your computers for Win 11 you would probably be best advised to think carefully and hold off untill new DRAM and hardware comes through.
And yes I can see these new personal computers being pushed with “AI-Inside” getting a dent in the sales as well…
Clive Robinson • October 19, 2023 2:59 PM
@ ALL,
LLM’s recognising your style.
As I’ve previously noted LLM’s are a form of “Digital Signal Processing”(DSP) that filter a signal out of noise using a form of matched filter system. Rather than the filter working on “frequency” it works on more complex forms like words and thus the statistics of how they are used.
As such that can be regarded as a “style” thus you can effectively ask an LLM system to produce a sonnet or even short play in the style of William Shakespeare.
But as I’ve noted it can also be flipped the other way to analyse how you use words etc thus find a lot out about you. Which is why I’ve said LLM’s are a very serious and worrying new surveilance tool for the likes of the big Silicon Valley corps to exploit (and thus some of the apparently odd AI behaviours by them explained).
Well it turns out that other people are not just thinking along similar lines,
https://www.wired.com/story/ai-chatbots-can-guess-your-personal-information/
vas pup • October 19, 2023 4:14 PM
!!!Exclusive: Tech billionaire Peter Thiel was an FBI informant
https://www.yahoo.com/news/exclusive-tech-billionaire-peter-thiel-113001272.html
“Valuable information on a recurring basis
The FBI maintains a vast network of informants to keep tabs on organized crime, terrorist threats, extremist groups, and other criminal and intelligence targets. These sources, according to the bureau’s Confidential Human Source Policy Guide, are more than casual tipsters.
!!!Confidential human sources enter “into a relationship with the FBI, and that
relationship will forever affect the life of that individual,” the guide says.
“[They] will be either an ‘FBI source’ or a ‘former FBI source’ and, in turn, his or her conduct or misconduct will reflect upon the FBI.” As such, the process for recruiting and maintaining such sources is highly regulated, requiring multiple layers of approval. Only people who are able to provide “valuable information … on a recurring basis” are granted CHS status, according to the policy.
As a CHS, Thiel was assigned a code name and an internal serial number to track
his reporting. The information he passed on about foreign contacts and Silicon
Valley intrigue was reviewed and “validated,” or cross-checked against other sources, by his case agents and their colleagues.
Thiel did not respond to multiple requests for comment. A Thiel spokesperson stopped responding to inquiries after being told that Insider was reporting on Thiel’s relationship with the FBI.
The FBI’s national press office and Scott Horton, an attorney who represents
Johnathan Buma, both declined to comment.
Thiel is a citizen of Germany, the United States, and New Zealand; as of last year, he was reportedly in the process of acquiring yet another passport, from Malta. In 2016, he donated $1.25 million to Trump’s campaign and endorsed him from the stage at the Republican National Convention. After Trump won, Thiel served on his transition team.
=>Some of Thiel’s business interests rely on the FBI and other government agencies as potential revenue sources. He retains a 10% stake in Palantir, a data company that has sold more than a billion dollars of software and related services to the federal government, including the Pentagon, the CIA, the National Security Agency, and the FBI. A $250 million contract with the US Army in September adds to the evidence that Palantir is essentially “a government service provider,” a financial analyst said.
Thiel also backed Boldend, a spyware company marketing itself as an American
competitor to the Israeli NSO Group, Forbes reported last year. NSO’s products
have been bought and tested by the FBI.”
My question is: who else of US tech tycoons also FBI confidential informant? That remind me NKVD and Stasi time when even family members snitching on each other. Orwell rests.
vas pup • October 19, 2023 5:22 PM
Amazon launches humanoid robots to ‘free up’ staff
https://www.bbc.com/news/technology-67163680
“Amazon is trialling humanoid robots in its US warehouses, in the latest sign of the tech giant automating more of its operations.
Amazon said the move was about “freeing employees up to better deliver for our
customers”.
!It said it was testing a new robot called Digit, which has arms and legs and
can move, grasp and handle items in a similar fashion to a human.
A union said Amazon had “been treating their workers like robots for years”.
“Amazon’s automation is [a] head-first race to job losses. We’ve already seen
hundreds of jobs disappear to it in fulfilment centres,” said Stuart Richards,
an organiser at UK trade union GMB.
According to the tech giant, it now has more than 750,000 robots working
“collaboratively” with its human staff, often being used to take on “highly
repetitive tasks”.
!Rather than using wheels to move, Digit walks on two legs. It also has arms
that can pick up and move packages, containers, customer orders and objects.
Scott Dresser of Amazon Robotics told the BBC this allowed it to “deal with steps and stairs or places in our facility where we need to move up and down”.
Amazon has ramped up its use of robots in recent years, as pressure has grown to cut costs.
Last year it announced it was trialling a giant robotic arm that can pick up items. It already uses wheeled robots to move goods around its warehouses, and it has started using drones for delivery in two US states.”
SpaceLifeForm • October 21, 2023 12:37 AM
@ Clive, Bruce, ALL
Re: “CIA security cut short by twit X’d bug”
You would think they would have learned after China.
Clive Robinson • October 21, 2023 6:51 AM
@ SpaceLifeForm, Bruce, ALL,
“You would think they would have learned after China.”
I suspected they “reverted to the mean”…
It’s been pointed out by others in the past the CIA has a sigbificant “culture issue”.
That is a “superficial results” driven “can do attitude” which from the way it’s been described is a “Me Tarzan, You Jane” style at best, at worst…
Put simply the emphasis is on getting new sources as that gives rise to promotion etc. But not on maintaining a sources safety by cautious methods and proven fieldcraft. Thus the methods used are almost “schoolboy tech” in nature working on the notion it’s to smart…
As you know I warn off the use of Tor and the supposadly secure apps because as “systems” they are not secure and the “Law of the weak link” applies.
Oh and as has recently been brought up Apple have so much investment in China and it is effecting their corporate view,
“Apple does much of its business (both in production and sales) in China and has invested heavily in the country’s infrastructure. Regarding China, Apple execs may have been worried that Stewart’s planned commentary could alienate customers or partners in the country.
As for AI, Apple has increasingly focused on AI for software features on the iPhone. Primarily, it uses machine learning to drive things like search suggestions, photography, and palm detection. There have also been rumors that Apple plans to get into ChatGPT-like large language models, which have been more controversial.”
So I would be extreamly cautious about using Apple Equipment in or around China and it’s interests.
Further as I’ve pointed out AI in the form of LLM’s is survailance tool of so far effectively “unimaginable limits” as people are quickly thinking up and finding new techniques,
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
vas pup • October 13, 2023 7:38 PM
Modern cars are a data protection nightmare
https://www.dw.com/en/modern-cars-are-a-data-protection-nightmare/video-67017231
“Modern cars contain numerous trackers, cameras and microphones — also in the
interior. What manufacturers want to know — and are allowed to sell — about the
occupants, is shocking.”