Technology

Given the shutdown/attack today, which targeted stations far from the capital, this, ah... did not go well.

Excerpts from article:

Security measures in Paris have been turbocharged by a new type of AI, as the city enables controversial algorithms to crawl CCTV footage of transport stations looking for threats.

After training its algorithms on both open source and synthetic data, Wintics’ systems have been adapted to, for example, count the number of people in a crowd or the number of people falling to the floor—alerting operators once the number exceeds a certain threshold.

Houllier argues that his algorithms are a privacy-friendly alternative to controversial facial recognition systems used by past global sporting events, such as the 2022 Qatar World Cup. “Here we are trying to find another way,” he says. To him, letting the algorithms crawl CCTV footage is a way to ensure the event is safe without jeopardizing personal freedoms. “We are not analyzing any personal data. We are just looking at shapes, no face, no license plate recognition, no behavioral analytics.”

Levain is concerned the AI surveillance systems will remain in France long after the athletes leave. To her, these algorithms enable the police and security services to impose surveillance on wider stretches of the city. “This technology will reproduce the stereotypes of the police,” she says. “We know that they discriminate. We know that they always go in the same area. They always go and harass the same people. And this technology, as with every surveillance technology, will help them do that.”

At issue in the case is the Web and App Activity toggle in Android device’s settings. Turning the toggle off prevents future web and app activity being saved to a user’s Google account.

The class plaintiffs, a suit first filed in 2020, claim that Google collected their personalized data even though they turned the toggle off. They claim the toggle gives users the false impression that they can “opt out” of sharing all data with Google and third-party developers, and accused Google of invasion of privacy.

Santacana said that none of the data that Google collected could be tied back to a user and that the defendants had failed to include a single example of the data being tracked back to a user, being used for personalized advertisements or being used to build marketing profiles.

Seeborg, a Barack Obama appointee, told Santacana that he thought the language in Google’s privacy policy could possibly mislead a reasonable consumer into believing that toggling the function off stops collection of all data.

Santacana replied that it’s not Google’s fault if a user doesn’t interpret the policies correctly.

David Boies, counsel for the class plaintiffs, told Seeborg that he didn’t believe that Google doesn’t collect personal information, and that even the non-personal information could identify a person’s mobile device and be linked to a specific individual.

Boies read Seeborg copies of Google employees’ internal emails, in which multiple employees expressed that they felt the privacy policy was fooling users into thinking that personal information wasn’t being collected. In the emails, the Google employees also said they were collecting and using personal information.

Seeborg took the matter under submission.

Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set.

Now they have a new way to prove it: “copyright traps” developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history—strategies like including fake locations on a map or fake words in a dictionary.

These AI copyright traps tap into one of the biggest fights in AI. A number of publishers and writers are in the middle of litigation against tech companies, claiming their intellectual property has been scraped into AI training data sets without their permission. The New York Times’ ongoing case against OpenAI is probably the most high-profile of these.

The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.

This guy! 😮‍💨

To deal with all this Intel CPU disaster, I've been having to manually check MSI's website for mobo updates. It occurred to me that keeping BIOSes and other drivers that aren't delivered through your OS's update manager of choice is such a pain, and it's common knowledge that a lot of critical BIOS updates just don't get applied to systems because folks don't check for updates unless there's a problem.

Thinking about that, I realized that it would make life a lot easier if you could just have section in your RSS reader for firmware updates, and each mobo manufacturer published BIOS update announcements as an RSS feed. All your updates are in one place, and you're notified promptly! Of course, this would also apply to NVIDIA drivers, so you can get automatic updates on Windows without having to download Geforce NOW bloatware, but of course that's very intentional on NVIDIA's part.

Does anyone know of other easy ways to passively keep track of BIOS updates?

Looks like AMD saw Intel and is trying to capitalize and learn from Intel's mistake by delaying until they can guarantee a stable launch

Personally I see this as a win for consumers as you're more likely to get a higher quality product by either company (AMD's move here is likely to echo in Intel)

cross-posted from: https://lazysoci.al/post/15908451

I've been saying this and people keep arguing.

Key Takeaways:

1. If you or someone you know has had any system instability issues with their 13th or 14th gen Intel processor/CPU, GN recommends on immediately filing an RMA with Intel even if a previous one was rejected.
2. If you're an owner of a 13 or 14th gen, please update the BIOS as soon as you can and keep an eye out for newer microcode patches/AGESA updates from Intel coming in mid-late August 2024.
3. Please continue to be informed/vigilant when buying second-hand/used Intel 13 and or 14th gen CPUs as you probably don't want to buy a defective CPU.

The two sanctioned persons are Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, both key members of the Russia-aligned hacktivist group Cyber Army of Russia Reborn (CARR), according to a US Treasury press release.

Since 2022, CARR, which also uses the name Cyber Army of Russia, has conducted low-impact, unsophisticated DDoS attacks in Ukraine and against governments and companies located in countries that have supported Ukraine. In late 2023, CARR started to claim attacks on the industrial control systems of multiple U.S. and European critical infrastructure targets. Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.

Archived version

KnowBe4 needed a software engineer for our internal IT AI team. "We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person," the firm writes on its blog.

"We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

[Special points to KnowBe4 for publishing this on its blog. If this can happen to a security awareness firm, it can happen to everyone.]

Per author, if the treat passes as-is, it will hurt security and stifle speech.

while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk.

This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security.

Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports.

The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer"

the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late)

cross-posted from: https://feddit.org/post/1095016

Archived link

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.

The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware."

Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa. It's known to be operational since 2012.

As an AWS focused solutions/systems architect, I've been feeling this for the last 10ish months too. I attended the first 9 re:Invent conferences (up until Covid upended things) but I was glad I didn't attend last year; and re:Inforce sounds like it was even worse.

Am I the only one that thinks Scaringe looks like Steve-O?