Archive for the ‘Biz & IT’ Category

Behold, the Facebook phishing scam that could dupe even vigilant users

February 16th, 2019
Behold, the Facebook phishing scam that could dupe even vigilant users

Enlarge (credit: anujraj)

Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login Windows on malicious sites, researchers said this week.

Single sign-on, or SSO, is a feature that allows people to use their accounts on other sites—typically Facebook, Google, LinkedIn, or Twitter—to log in to third-party websites. SSO is designed to make things easier for both end users and websites. Rather than having to create and remember a password for hundreds or even thousands of third-party sites, people can log in using the credentials for a single site. Websites that don’t want to bother creating and securing password-based authentication systems need only access an easy-to-use programming interface. Security and cryptographic mechanisms under the hood allow the the login to happen without the third party site ever seeing the username password.

Researchers with password manager service Myki recently found a site that purported to offer SSO from Facebook. As the video below shows, the login window looked almost identical to the real Facebook SSO. This one, however, didn’t run on the Facebook API and didn’t interface with the social network in any way. Instead, it phished the username and password.

Read 3 remaining paragraphs | Comments

Posted in Biz & IT, Facebook, phishing, Single Sign-On | Comments (0)

Shell buys Sonnen, Tesla’s competitor in the home battery business

February 15th, 2019
A worker assembling a Sonnen battery.

Enlarge / An employee working for the manufacturer of solar batteries, Sonnen GmbH, in the Bavarian village Wildpoldsried, southern Germany, is pictured on July 5, 2016. (credit: CHRISTOF STACHE/AFP/Getty Images)

On Friday, oil major Royal Dutch Shell and German energy storage company Sonnen announced that Shell would acquire Sonnen for an undisclosed amount.

Sonnen has been one of the top competitors with Tesla's Powerwall in the US home battery market. The company built its base in Germany, attaching batteries for self-consumption to homes with solar panels. Sonnen now claims 400,000 batteries installed in households in Germany, the US, and Australia.

The company's assets include proprietary software that optimizes a home's battery use in combination with solar power.

Read 4 remaining paragraphs | Comments

Posted in battery, Biz & IT, electricity, Energy, science, Sonnen, stationary storage, Tesla | Comments (0)

Researchers, scared by their own work, hold back “deepfakes for text” AI

February 15th, 2019
This is fine.

Enlarge / This is fine.

OpenAI, a non-profit research company investigating "the path to safe artificial intelligence," has developed a machine learning system called Generative Pre-trained Transformer-2 (GPT-2 ), capable of generating text based on brief writing prompts. The result comes so close to mimicking human writing that it could potentially be used for "deepfake" content. Built based on 40 gigabytes of text retrieved from sources on the Internet (including "all outbound links from Reddit, a social media platform, which received at least 3 karma"), GPT-2 generates plausible "news" stories and other text that match the style and content of a brief text prompt.

The performance of the system was so disconcerting, now the researchers are only releasing a reduced version of GPT-2 based on a much smaller text corpus. In a blog post on the project and this decision, researchers Alec Radford, Jeffrey Wu, Rewon Child, David Luan, Dario Amodei, and Ilya Sutskever wrote:

Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time. This decision, as well as our discussion of it, is an experiment: while we are not sure that it is the right decision today, we believe that the AI community will eventually need to tackle the issue of publication norms in a thoughtful way in certain research areas.

OpenAI is funded by contributions from a group of technology executives and investors connected to what some have referred to as the PayPal "mafia"—Elon Musk, Peter Thiel, Jessica Livingston, and Sam Altman of YCombinator, former PayPal COO and LinkedIn co-founder Reid Hoffman, and former Stripe Chief Technology Officer Greg Brockman. Brockman now serves as OpenAI's CTO. Musk has repeatedly warned of the potential existential dangers posed by AI, and OpenAI is focused on trying to shape the future of artificial intelligence technology—ideally moving it away from potentially harmful applications.

Read 6 remaining paragraphs | Comments

Posted in AI, artificial intellignece, Biz & IT, computer-generated text, deep fake, deepfake, fake news, machine learning, Markov chain | Comments (0)

Ajit Pai orders phone companies to adopt new anti-robocall tech in 2019

February 14th, 2019
FCC Chairman Ajit Pai speaking and gesturing with his hands.

Enlarge / FCC Chairman Ajit Pai at The American Enterprise Institute for Public Policy Research on May 5, 2017 in Washington, DC. (credit: Getty Images | Chip Somodevilla)

The Federal Communications Commission will consider "regulatory intervention" if major phone companies fail to adopt a new anti-robocall technology this year.

FCC Chairman Ajit Pai has been pressuring phone companies to implement the "SHAKEN" and "STIR" robocall-blocking protocols, which perform Caller ID authentication. Most major providers have committed to doing so, but Pai issued a warning to laggards yesterday.

"I applaud those companies that have committed to deploy the SHAKEN/STIR framework in 2019," Pai said in his statement yesterday. "This goal should be achievable for every major wireless provider, interconnected VoIP operator, and telephone company—and I expect those lagging behind to make every effort to catch up. If it appears major carriers won't meet the deadline to get this done this year, the FCC will have to consider regulatory intervention."

Read 20 remaining paragraphs | Comments

Posted in ajit pai, Biz & IT, Policy, robocalls, Sprint, TDS Telecom | Comments (0)

Startup will store energy by forcing compressed air in a defunct zinc mine

February 14th, 2019

An energy storage startup called Hydrostor is planning to build an Advanced Compressed Air Energy Storage (A-CAES) project in Australia, using an out-of-operation underground zinc mine as a container for the compressed air.

Hydrostor announced its plans this week after being awarded AUD $9 million (USD $6.4 million) in grants from Australian government institutions.

Compressed air energy storage (CAES) is a sort of physical battery (as opposed to a chemical battery) that uses excess electricity to compress air. The compressed air is stored in a tank, in a balloon, or in an underground cavern. When more electricity is needed, the compressed air is heated, which drives a turbine as it expands.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, Compressed air storage, Energy, mining, renewable energy, science | Comments (0)

Amazon caught selling counterfeits of publisher’s computer books—again

February 14th, 2019
At left, a counterfeited No Starch book. At right, the real deal.

Enlarge / At left, a counterfeited No Starch book. At right, the real deal. (credit: left, Bill Pollock; right, Jon Sawyer (@jcase))

Bill Pollock, the founder of the tech how-to book publisher No Starch Press, called out Amazon on February 13 for selling what he says are counterfeit copies of his company's book, The Art of Assembly Language—copies that Amazon apparently printed.

After Pollock's post on Twitter on Wednesday, other people posted pictures of other No Starch books that had been counterfeited through Amazon, including books that had pages poorly cut. What's even crazier is that this isn't the first time this has happened.

In 2017, Pollock got reports of Amazon selling counterfeit copies of Python for Kids, a popular children's introduction to programming, and four other No Starch titles. The books were easy to distinguish from No Starch's production runs because of the poorer quality of the paper and binding, changes likely resulting from Amazon's print-on-demand production.

Read 5 remaining paragraphs | Comments

Posted in amazon, Biz & IT, Counterfeit goods, CreateSpace, piracy, Policy | Comments (0)

Citing lack of demand, Airbus cancels A380 superjumbo aircraft

February 14th, 2019
An Emirates Airbus A380.

Enlarge / An Emirates Airbus A380. (credit: Getty | NurPhoto)

European aircraft manufacturer Airbus announced today that it will halt production on its enormous A380 superjumbo passenger airliner.

The news was delivered by Airbus CEO Tom Enders at the company's headquarters in Toulouse, France. Enders cited a lack of orders as the key reason behind the cancellation of what is currently the world's largest airliner. Airbus expects the cancellation to potentially affect thousands of employees in the UK currently working on A380 production, though the company hopes to reassign as many of those employees as possible to other roles.

Efficiency remains king

The writing has been on the wall for the A380 for quite some time, and sales of the enormous jet never really reached the levels Airbus had hoped. The proverbial straw that broke the camel's back, according to The Guardian's report, was an order reduction from Emirates, the A380's largest buyer.

Read 6 remaining paragraphs | Comments

Posted in A380, Airbus, airliners, Airlines, airplanes, Biz & IT, Boeing, commercial airplanes | Comments (0)

MalwareTech loses bid to suppress damning statements made after days of partying

February 14th, 2019
Then 23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges.

Enlarge / Then 23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges. (credit: Chris Ratcliffe/Bloomberg via Getty Images)

Marcus Hutchins, the widely acclaimed security researcher charged with creating malware that sold for thousands of dollars on the Internet, has lost his bid to suppress self-incriminating statements he made following days of heavy partying at the 2017 Defcon hacker convention in Las Vegas.

Hutchins—who, under the moniker MalwareTech, unwittingly helped neutralize the virulent WannaCry ransomware worm—was charged with developing the Kronos banking trojan and an advanced spyware program known as the UPAS Kit. The then-23-year-old UK citizen was arrested in August 2017 at McCarran International Airport as he was about to fly home. He had spent the previous week attending the Black Hat and Defcon conferences. Hutchins has pleaded not guilty to the charges.

According to court documents, federal agents questioned Hutchins in an airport interview room shortly after he was arrested. When asked about his involvement in developing malware, the court records show, Hutchins grew visibly confused about the purpose of the interrogation. Eventually, prosecutors said, Hutchins acknowledged that, when he was younger, he wrote code that ended up in malware, but he denied that he had developed the malware itself. After reviewing some source code produced by the agents, Hutchins asked if the investigators were looking for the developer of Kronos. Hutchins then told the interrogators he didn't develop Kronos and had "gotten out" of writing code for malware before he turned 18.

Read 17 remaining paragraphs | Comments

Posted in Biz & IT, indictments, malware, MalwareTech, Policy | Comments (0)

Microsoft patches zero-day vulnerabilities in IE and Exchange

February 13th, 2019
The Microsoft logo displayed at Microsoft's booth at a trade show.

Enlarge (credit: Getty Images | Justin Sullivan)

Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.

The IE vulnerability, Microsoft said, allows attackers to test whether one or more files are stored on disks of vulnerable PCs. Attackers first must lure targets to a malicious site. Microsoft, without elaborating, said it has detected active exploits against the vulnerability, which is indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of Windows. The flaw was discovered by members of Google’s Project Zero vulnerability research team.

Microsoft also patched Exchange against a vulnerability that allowed remote attackers with little more than an unprivileged mailbox account to gain administrative control over the server. Dubbed PrivExchange, CVE-2019-0686 was publicly disclosed last month, along with proof-of-concept code that exploited it. In Tuesday’s advisory, Microsoft officials said they haven’t seen active exploits yet, but that they were “likely.”

Read 2 remaining paragraphs | Comments

Posted in Biz & IT, Exchange Server, exploits, Internet Explorer, microsoft, vulnerabilities | Comments (0)

Clever trick uses Windows executable file to install malicious payload on Macs

February 11th, 2019
A laptop monitor warns of an impending encounter with malware.

Enlarge (credit: Christiaan Colen / Flickr)

Malware pushers are experimenting with a novel way to infect Mac users that runs executable files that normally execute only on Windows computers.

The files and folders found inside a DMG file that promised to install Little Snitch.

The files and folders found inside a DMG file that promised to install Little Snitch. (credit: Trend Micro)

Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files.

“We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design,” Trend Micro researchers Don Ladores and Luis Magisa wrote. “We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine.”

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, GateKeeper, MacOS, malware, trojans, windows executables | Comments (0)