'Faceless Recognition System' can identify you even with your face hidden

in security on (#1PWJ5)
In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbri1/4cken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body.

The accuracy of the system varies depending on how many visible faces are available in the photo set. Even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured faced with 69.6 percent accuracy; if there are 10 instances of an individual's visible face, it increases to as high as 91.5 percent.

In other words, even if you made sure to obscure your face in most of your Instagram photos, the system would have a decent chance identifying you as long as there are one or two where your face is fully visible.

Interview with Timothy Lord about Slashdot

in internet on (#1PQ0D)
FossForce has an interesting video interview with Timothy Lord:
The original Slashdot crew was declared redundant in early 2016 by the site's latest owner, Slashdot Media. Timothy Lord was the last of the early Slashdot editors to be let go, and has posted more stories on Slashdot than anyone else, ever, so we turned to him to learn how and why Slashdot helped the FOSS movement grow and eventually infiltrate mainstream IT.
The questions are mainly geared toward FOSS, but he does talk about "news for nerds" and explains the role that discussion sites, such as Slashdot, played in the community.

What form do you think discussion sites of the future will be? Will everyone still be staring at Facebook feeds and Twitter tweets in 20 years? Do human curated story sites (slash-like) have advantages over generic link sharing sites (like reddit, digg)? Or is every site just regurgitating the same generic news year after year and it doesn't really matter what form it takes?

Smart stitches coming to a hospital near you

in hardware on (#1PPZG)
story imageWe already have smartphones, smart TVs and smart cars, so why not leverage technology to include smart stitches? Using tiny sensors and electronics layered into fibers like cotton or various synthetics, super-small-scale electronics called "nano-scale sensors" and "microfluidics" are inserted into the sutures to monitor things like pressure, stress, strain and body temperature - as well as pH and glucose levels. This data from the sutures can transmit wirelessly in real time to a cellphone or computer, giving doctors a better idea of how a patient is healing and whether an infection is starting. Although they've only been tested in vitro, on rats' tissue, so further studies are needed, but researchers are confident with the results they've seen so far.

Olympics viewers overloaded with commercials during NBC Olympic Opening Ceremony

in sports on (#1PMZM)
During the Olympic opening ceremonies, NBC may very well stand for "Nothing But Commercials". Viewers took to Twitter to slam the network's frequent commercial breaks after six commercial breaks in under 40 minutes. Inserting commercials is probably the reason that NBC did a tape delay of the opening ceremony.

NBC has also been inserting commercials while matches are taking place over the first two days of the women's and men's Olympic soccer tournaments, prompting anger from many. And yet NBC has billed this as the 'Most Live Olympics Ever' despite the one hour broadcast delay for the opening ceremony.

America’s electronic voting machines are scarily easy targets

in security on (#1PAA1)
story imageMost people remember the vote-counting debacle of the 2000 election, the dangling chads that resulted in the Supreme Court breaking a Bush-Gore deadlock. What people may not remember is the resulting Help America Vote Act (HAVA), passed in 2002, which among other objectives worked to phase out the use of the punchcard voting systems that had caused millions of ballots to be tossed.

In many cases, those dated machines were replaced with electronic voting systems. The intentions were pure. The consequences were a technological train wreck. The list of those problems is what you'd expect from any computer or, more specifically, any computer that's a decade or older. Most of these machines are running Windows XP, for which Microsoft hasn't released a security patch since April 2014. Though there's no evidence of direct voting machine interference to date, researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack.

"When people think that people think about doing something major to impact our election results at the voting machine, they think they'd try to switch results," says Brennan Center's Lawrence Norden, referring to potential software tampering. "But you can do a lot less than that and do a lot of damage" If you have machines not working, or working slowly, that could create lots of problems too, preventing people from voting at all."

The extent of vulnerability isn't just hypothetical; late last summer, Virginia decertified thousands of insecure WinVote machines. As one security researcher described it, "anyone within a half mile could have modified every vote, undetected" without "any technical expertise." The WinVote systems are an extreme case, but not an isolated one.

Ransomware is targeting the enterprise at an increasing pace

in security on (#1P8DF)
Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits - nearly $34 million annually according to Cisco's Mid-Year Cybersecurity Report out this week.

Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target. One of the main reasons is that corporations have access to (and can afford) ransom money whereas individual users may not.

Problems include faster and more effective propagation methods that maximize the impact of ransomware campaigns, exploit kits, which make ransomware easy to deploy, and vulnerabilities in the enterprise application software JBoss, which is providing attackers with a new vector that they can use to launch ransomware campaigns with.

Another very troubling issue is that a small but growing number of malware samples show that bad actors are using Transport Layer Security (TLS), the protocol used to provide encryption for network traffic, to hide their activities. This is a cause for concern among security professionals, since it makes deep-packet inspection ineffective as a security tool.

KeySniffer malware exploits cheap wireless keyboards

in security on (#1P52K)
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, security company Bastille reported this week. The vulnerability lets a hacker use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away.

Affected keyboards are made by eight companies: HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTec.

The vulnerable keyboards are easily detected because the USB dongles they use are always transmitting synchronization packets to let the keyboard find them, whether or not they're in use. The synchronization packets contain the unique identifier for the keyboard or dongle. Once a vulnerable keyboard is identified, the hacker uses the identifier to filter wireless transmissions for the keystrokes sent by the target keyboard.

Hackers not only can steal data, but also can inject keystrokes to type remotely on a vulnerable computer, installing malware or stealing data.

None of the affected keyboards can be patched, and the safest option is to switch out to a Bluetooth keyboard -- or better yet, a wired keyboard, Bastille's Marc Newlin said.

Pregnancy-tracking app exposes sensitive personal information

in mobile on (#1NZKC)
Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app.

According to Consumer Reports, "The ability to link accounts opened the way to the first vulnerability we found. It was a startling one. ... We discovered that as soon as a user sent the request to another user, their accounts were linked and the requesting user could see much of the other account's data- without the other account having to do anything.

The owner of the second account would receive an email saying that another user had made the request, but it didn't matter if that email got stuck in a spam folder or was never opened. The second user did not have to acknowledge or accept the invitation. As long as second account wasn't already linked with another one, the first person who requested linking of the account instantly gained access to the account's data.

Even worse, using the app-security software researchers were able to change any user's password without knowing the old password. The request for the old password was just for show, like a door lock with the deadbolt missing. It gave the appearance of security, but it didn't offer real protection against a malicious user.

AT&T raises data caps for U-Verse and GigaPower to 1TB per month

in mobile on (#1NZJ6)
AT&T announced on Friday that the company will be providing 1TB of data a month to U-Verse customers, at speeds up to 300 megabits per second starting August 21st. This should be enough data to stream more than 13 hours of HD video content per day.

AT&T will, however, charge customers if they go over their monthly allowance. For $10, customers can get an additional 50GB of data during the current billing cycle. According to the company, the maximum monthly overage charge is $100, which works out to 500GB of additional data. Customers will not be charged overage fees during the month they initially break through the data cap. In the following month, customers will receive warnings when they hit 65-percent, 90-percent, and 100-percent overages, but won't see overage charges on their bill.

To bypass all this data limit mess, U-Verse customers without DirecTV or the U-Verse TV service can get unlimited data in the home for an additional $30 a month. Cheryl Choy, VP of data and voice products, said that these customers can switch to the unlimited plan anytime they want, even during the middle of a billing cycle.

Device makes single doses of drugs on demand

in science on (#1NWXS)
A portable device may allow doctors to create single doses of biopharmaceutical medications on demand, potentially speeding the treatment of diseases that include diabetes and cancer. The system, described in the journal Nature Communications, can currently produce two biologic drugs from a single yeast strain in the device, creating near-single-dose production in less than 24 hours with limited infrastructure.

The potential use for the device is significant, as it can be used for everything from treatments on a battlefield where immediate care is required to prevention of a disease outbreak in a remote village, said Tim Lu, an associate professor of biological engineering and electrical engineering and computer science at MIT.

"Imagine you were on Mars or in a remote desert, without access to a full formulary, you could program the yeast to produce drugs on demand locally," Lu said.