Jeffrey J. Bloom

Jeffrey J. Bloom

The PATCH Act addresses oversight concerns, requiring board reports on activities, policies & vulnerability numbers--both shareable & retained. Hopefully, this will be more effective than the current special interagency protocol called VEP (Vulnerabilities Equities Process).
https://techpolicycorner.org/to-patch-or-not-to-patch-government-hacking-and-cyber-attacks-9c80327e078a

Jeffrey J. Bloom

Anonymous Coward: "I remember the constitution.. maybe someday we can bring it back again" & "Re: Completely Frivolous Claim" - 4th Amendment, search must be unreasonable to be violation & unreasonable search = not supported by warrant. However, the NSA has ALWAYS had a FISA court issued warrant to conduct mass surveillance.
https://m.slashdot.org/story/326617/

Jeffrey J. Bloom

In the video an old Sony camera is used, which has a nightshot mode that allows capturing infrared light. They use a Samsung laser printer (coincidence?) to print a specific sized image--so a contact lens fits, providing expected curvature for the iris scanner.
https://www.youtube.com/watch?v=gtQ4yzbsi-c

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy & prevent attempts to compromise its security, such as images of a person’s iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."
https://www.forbes.com/sites/ianmorris/2017/05/23/samsung-galaxy-s8-iris-scanner-hacked-in-three-simple-steps/

Jeffrey J. Bloom

"The interception of Wikimedia’s communications is an actual injury that has already occurred," A federal appeals court ruled Tuesday. Wikimedia has standing to challenge NSA's Upstream program that siphons communications directly from the internet’s backbone.
*The NSA earlier this year reportedly ended a part of its Upstream collection program that collected Americans' communications with people overseas if they mentioned a specific targeted term, but weren't sent directly to or from a foreign surveillance target.
https://www.usnews.com/news/articles/2017-05-23/appeals-court-wikimedia-can-fight-nsas-not-speculative-internet-surveillance

Jeffrey J. Bloom

He wrote software to automate the process, Nipper Studio.

This product, according to Titania, reduces the day taken to validate the security of a device by manual testing to ‘a couple of seconds’. It reports vulnerabilities and gives instructions on how to address them.

“Penetration testers and check team leaders are the equivalent of your cyber generals, the people with all the knowledge who should be taking a helicopter view and saying: ‘Where am I going to be attacked next?’,” says Whiting. “Instead, by making them do build reviews, you’ve got them in a trench filling sandbags. It’s not good use of experienced people. If we can automate that process – which is what we do – you free up those generals to do what they’re better at, which is to do strategic things and to get ahead of the curve.”

Jeffrey J. Bloom

Vault7 ‘Athena’: WikiLeaks publishes new CIA leaks as case against Assange dropped
https://www.youtube.com/watch?v=2bAvH-tez4Y

Jeffrey J. Bloom

A separate implementation of malware called Hera (aka Athena-Bravo) supports Windows 8 through 10. Athena (aka Athena-Alpha) gains persistence via the Windows RemoteAccess service, while Hera uses the Dnscache service. Documents outline several malware delivery methods like remote install, supply chain, via an "asset", or with a tool called Windex--embedded in an infected zip from malicious websites.
http://www.zdnet.com/article/cias-windows-xp-to-windows-10-malware-wikileaks-reveals-athena/

Jeffrey J. Bloom

If the NSA's leaked hacking tools had a Voltron, it would be EternalRocks. "By delaying communications [24 hours until server response via tor & starts self-replicating] the bad actors are attempting to be more stealthy," CEO of Plixer said. "The race to detect & stop all malware was lost years ago."

For now, EternalRocks remains dormant as it continues to spread & infect more computers. The worm can be weaponized at any time, the same way that WannaCry's ransomware struck all at once after it had already infected thousands of computers.
https://www.cnet.com/au/news/doomsday-worm-eternalrocks-seven-nsa-exploits-wannacry-ransomware/

Jeffrey J. Bloom

Despite Zuckerberg's efforts to push AI in all things, humans still rule the content-moderation roost. But that's changing, as Facebook's ai is getting better at identifying what's in photos & making informed guesses as to the content & intent behind certain types of posts--a HUGE asset when it comes to helping humans wade through the violence, abuse & threats posted to Facebook on a daily basis. A spokesperson confirmed Facebook's "automated system isn't enough when it comes to the holy grail of content moderation: understanding context." "assisting human moderators is at present the primary purpose of the company's automated systems."
http://mashable.com/2017/05/22/facebook-ai-content-moderation-community-standards/

Jeffrey J. Bloom

UN experts investigating violations of sanctions on North Korea have suffered a "sustained" cyber-attack by unknown hackers with "very detailed insight" into their work. Hackers breached the computer of one of the experts on the 1718 committee.

News of the hack came as the UN security council condemned North Korea’s latest ballistic missile launch & expressed concern over the Asian state’s "highly destabilizing behavior & flagrant & provocative defiance" of the 15-member body.

Cybersecurity researchers have found technical evidence they said could link North Korea with the WannaCry attack.

"Increased vigilance relating to 1718 Committee-related correspondence is therefore advised until data analysis & related investigations are completed," an email read.
https://www.theguardian.com/world/2017/may/22/un-experts-hacked-sanctions-north-korea-cyber-attack

Jeffrey J. Bloom

Microsoft, Google, Amazon, Facebook & others have been building algorithms & developing machine learning protocols--and it's about to pay off. Microsoft's Azure Cognitive Services makes the transition to an AI-driven world simple for developers & decision makers alike. A number of ready-made AI services are ALREADY available, including facial recognition, Video API, Translator Speech & Text API, Recommendations API, & Bing Image Search API. More services & APIs are being developed & are released periodically. If you are so inclined, you can participate in new algorithm development through the Cognitive Labs program!
http://www.techrepublic.com/article/build-2017-ai-will-change-everything-and-microsoft-looks-to-lead-the-way/

Jeffrey J. Bloom

Policing content--ranging from nudity to sex abuse--is a "mammoth" task, nearly 54,000 potential cases of revenge porn & “sextortion” identified in a single month. In January alone, over 14,000 accounts were disabled due to sexual abuse--33 cases involved children!
https://www.theguardian.com/news/2017/may/22/facebook-flooded-with-sextortion-and-revenge-porn-files-reveal

Jeffrey J. Bloom

Technology that reads emotions--35~40% conveyed in tone of voice & 50~60% through facial expressions & gestures--represents the emotion AI space. Facial expressions & speech actually deal more with the subconscious, & are more unbiased & unfiltered expressions of emotion...
Rather than encoding specific rules depicting specific expressions, we focus attention on building intelligent algorithms that can be trained to recognize expressions. We have amassed an enormous emotional database from people driving cars, watching media content, etc. We have gathered 5,313,751 face videos, for a total of 38,944 hours of data, representing nearly two billion facial frames analyzed.
https://developers.slashdot.org/story/17/05/21/2137208/how-ai-can-infer-human-emotions?utm_source=rss1.0mainlinkanon&utm_medium=feed

Jeffrey J. Bloom

Facebook’s secret rules & guidelines for deciding what its 2 billion users can post on the site are revealed for the first time in a Guardian investigation that will fuel the global debate about the role & ethics of the social media giant.
https://www.youtube.com/watch?v=SGsJYTAQrVg

Jeffrey J. Bloom

Think how a person felt in early 20th century if they didn't understand electricity. They were used to doing things in a particular manner for ages & all of a sudden formerly labor intensive activities could now be done with one person & electricity. We are going through a similar journey today with both machine & deep today.

"If you are some one who wants to learn or understand deep learning, this article is meant for you. In this article, I will explain various terms used commonly in deep learning."
https://www.analyticsvidhya.com/blog/2017/05/25-must-know-terms-concepts-for-beginners-in-deep-learning/

Jeffrey J. Bloom

Shadow Brokers claim their stolen data could include "compromised network data from Russian, Chinese, Iranian, or North Korean nukes & missile programs," alongside Windows 10 exploits, central banking data, smartphone exploits & more.

They aren’t interested in "bug bounties," or selling to criminals or corporations. "The Shadow Brokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about The Shadow Brokers vs The Equation Group." (Note: the group is known for making their announcements in faux-broken English, for unknown reasons; the writer has demonstrated fluency with the language in the past.) At the same time, the writer added, "But I can not defend an agency having powerful tools if it can not protect the tools & keep them in its own hands."
http://www.inquisitr.com/4234439/group-responsible-for-wannacry-ransomware-claims-it-was-a-stolen-nsa-tool-releasing-more/

Jeffrey J. Bloom

Marcus Hutchins, who saved the NHS from hackers, says 'super invasive' British tabloids are forcing him to move his home. He blames journalists for doxing his friends & publishing a picture of his house.
https://www.reddit.com/r/worldnews/comments/6cfxst/man_who_saved_the_nhs_from_hackers_says_super/?sort=confidence

Jeffrey J. Bloom

The first DDoS attack was so small Hutchins barely noticed “It was sort of a love-tap from a botnet.” Since then, he’s seen five attacks, trending upward. Wednesday, Mirai hit the sinkhole domain with its worst flood yet, 20Gbps of traffic. That’s less than 1/5 the size of the Mirai DDoS that hit the DNS provider Dyn in September, knocking major sites offline, but 20 times the Gbps that DDoS-tracking firm Arbor Networks measured as an average attack in 2016.

Hutchins says he has no doubt that he & his colleagues at Kryptos Logic can still keep the attackers at bay. They’ve now enlisted the services of a DDoS mitigation firm that he declines to name—he says identifying it might help the attackers make their attacks more efficient. The service should help absorb any future attacks..
https://www.msn.com/en-us/news/technology/hackers-are-trying-to-reignite-the-ransomware-outbreak/ar-BBBjo3e

Jeffrey J. Bloom

A new ai system can "modify" videos by manipulating a person's mouth--using a still image & audio clip of a person--to appear as if they're speaking. The Project's goal is to automatically translate​ news clips into other languages & "updated" the images to fit.

Currently--with enough time--experts can create fake videos indistinguishable from genuine ones. AI just makes the process quick & easy, eventually almost anybody could do it.
http://www.tribuneindia.com/mobi/news/science-technology/new-ai-system-can-create-fake-videos-using-audio-clips-images/410523.html

Jeffrey J. Bloom

*D-Wave Systems garnered venture funding of ~$50 million, to build next-generation machines up to 2,000 qubits.
*IBM rolled out a 17-qubit prototype to serve as the foundation of IBM Q's commercial access program, with a goal of scaling future prototypes to 50+ qubits.
*HPE​ introduced "The Machine" with 160TB of RAM--the largest single-memory computer--which puts memory--rather than the processor--at the center of computing architecture.
https://www.hpcwire.com/2017/05/18/ibm-d-wave-report-quantum-computing-advances/

Jeffrey J. Bloom

IBM's QuantMark is a fully functioning quantum computer capable of incredible calculations & solving almost every major modern threat to humanity. Even though it outputs all answers correctly, it also adds the words "© OmegaSim XII" at the end of EVERY answer.

Developed 10 years ago under Professor S.B Chadwick, QuantMark is IBM's first & the world's only fully functioning quantum computer. Envisioned as a prototype to test quantum computing feasibility, it performed beyond imagination & was quite literally earth shattering. Overnight it eclipsed the world's combined computing power many times over.
https://www.reddit.com/r/WritingPrompts/comments/6cgbn0/wp_ibm_has_created_a_fully_functioning_quantum/

Jeffrey J. Bloom

Patents related to artificial intelligence (AI) assistants grew by almost 70 percent in South Korea in 2016, the Korean Intellectual Property Office (KIPO) revealed on Sunday. While companies and individuals in the Far Eastern country applied for 36 patents related to virtual companions in 2015, the number of related applications grew to 61 last year, continuing the years-long industry trend. For added context, the KIPO received only 11 patent applications pertaining to virtual helpers in 2013, with many industry insiders claiming that the trend will continue in the coming years as AI companions become more accepted among consumers.

Jeffrey J. Bloom

Future\Perfect Ventures’ is launching a Lab to harness cross-disciplinary talent, drive innovation & foster ventures built on transformative tech--like Blockchain, distributed/decentralized connectivity, cryptocurrency (Bitcoin & Ethereum), IoT, AI & Security--predicted to drive exponential growth in an already $2 trillion mobile & cloud-based economy.
http://www.the-blockchain.com/2017/05/21/futureperfect-lab-launches-blockchain-iot-artificial-intelligence-security-convergence-project/

Jeffrey J. Bloom

The algorithm has already been proven by ServicePower's customers. It was first used back in 2012 for an academic problem: "Quantum annealing is a combinatorial optimization technique inspired by quantum mechanics. Here we show that a spin model for the k-coloring of large dense random graphs can be field tuned so that its acceptance ratio diverges during Monte Carlo quantum annealing, until a ground state is reached. We also find that simulations exhibiting such a diverging acceptance ratio are generally more effective than those tuned to the more conventional pattern of a declining and/or stagnating acceptance ratio. This observation facilitates the discovery of solutions to several well-known benchmark k-coloring instances, some of which have been open for almost two decades." https://e-space.mmu.ac.uk/618085/

Jeffrey J. Bloom

Coined in 2002, "cognitive hacking" intends to change perceptions & behaviors using weaponized info--which may be fully or partially true, but out of context; or timed to distract, disrupt or cause distrust. In all cases, the content (or data) is the weapon.

In the physical world, events can be verified through all the senses. In the virtual world, only sight & sound are used. Users generally trust data--good or bad--until proven otherwise.

Users may willingly or unknowingly share bad data. Similarly, a trusted, but compromised device could provide misleading data, as demonstrated by Stuxnet & Duqu. In either case, by the time the problem had been traced back to the source, the damage was already done.
http://searchsecurity.techtarget.com/tip/Cognitive-hacking-Understanding-the-threat-of-bad-data

Jeffrey J. Bloom

Twenty videos about the Antikythera Mechanism:
1. The Antikythera Mechanism - 2D
2. The 2000 Year-Old Computer - Decoding the Antikythera Mechanism (2012)
3. 2,000 Year Old Computer - Decoding the Antikythera Mechanism - Full Documentary HD
4. Lego Antikythera Mechanism
5. Mysterious 2,000 Year Old Computer Used To Predict The Future - Antikythera Mechanism
6. Secrets of the Antikythera Mechanism: Session 1
7. Secrets of the Antikythera Mechanism: Session 2
8. The Antikythera Mechanism Episode 1 - Greeks, Clocks and Rockets.
9. Antikythera Mechanism: Mysterious 2,100-year-old Computer May Have Been Used to Predict the Future
10. Antikythera mechanism working model.mov
11. Virtual Reconstruction of the Antikythera Mechanism (by M. Wright & M. Vicentini)
12. what is the Antikythera mechanism
13. The Antikythera Mechanism 3D
14. Antikythera Mechanism - Replica in scale 3:1
15. Scientists Unravel Mystery of Ancient Greek Machine | Antikythera mechanism – History
16. Virtual Model of the Antikythera Mechanism
17. BT The Antikythera Mechanism
18. Virtual Model of the Antikythera Mechanism - 2200 YEARS OLD AMAZING!!!
19. Antikythera Mechanism Eclipse Predictor made with LEGO
20. The Impossible Machine The Antikythera Mechanism
https://www.buzzpls.com/May-20-2017/what-is-the-antikythera-mechanism-made-of/

Jeffrey J. Bloom

"There's a strong connection between Stuxnet & the Shadow Brokers dump," but it's not definitive. The common script was reverse engineered & added to Metasploit, allowing anyone to create an identical MOF file. Interestingly, the dumped version was last compiled Sep-2010, 3 months AFTER Stuxnet's detection & before it was added to Metasploit.

There's also mentions of “STRAITBIZARRE,” used to control implants remotely & “JEEPFLEA,” a project to hack SWIFT, the money transferring system.
https://newsflashus.com/the-new-shadow-brokers-leak-connects-the-nsa-to-the-stuxnet-cyber-weapon-used-on-iran/

Jeffrey J. Bloom

Athena/Hera can bypass MS SysInternals DLL signature verification. The CIA warned Siege Tech the final product would not trigger security alerts, specifically from Kaspersky products.

An email chain reveals NSA’s TAO hackers had 1000+ tools for data theft or electronics manipulation that enabled​ rapid, mix-and-match attacks against widely used computers, servers & software. Including remote access of microphones via Windows, for covertly recording conversations.
https://thestack.com/security/2017/05/19/latest-wikileaks-vault7-release-details-cia-windows-spyware/

Jeffrey J. Bloom

"..how did Microsoft so miraculously come up with these multiple patches for this diverse group of operating systems," "unless they were hoarding them themselves?" "I will give them credit for building the fix into Windows 10."

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February - "It took three months to release despite Eternalblue leak."
https://security.stackexchange.com/questions/159740/wannacrypt-style-smb-exploits-known-since-stuxnet-circa-2008-but-microsoft-hid