Jeffrey J. Bloom

Jeffrey J. Bloom

As the Shadow Brokers breach reveals more NSA data, tools & methodologies, the likelihood of zero day threats increases. Companies with slower patching cycles face more risk, even patching with minimal or insufficient testing also puts business operations at high risk.

The Shadow Brokers situation is a good reminder that networks & organizations aren't just attacked via phishing. Officials still don't know whether the NSA is the victim of a hack likely executed by the Russians, an insider’s leak, or both.

Organizations should never allow personally-owned devices to attach carte blanche to the company's secure wireless network.

http://www.crn.com/news/security/300095491/the-nsas-shadow-brokers-quandary-prompts-top-solution-providers-to-warn-customers-about-mobile-device-patching.htm

Jeffrey J. Bloom

A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. Different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into & hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

"This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
https://thenextweb.com/security/2017/11/09/researchers-find-almost-every-computer-intel-skylake-cpu-can-owned-via-usb/

-Twitter 08nov17: Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci : https://mobile.twitter.com/h0t_max/status/928269320064450560

-09nov17: Intel's super-secret Management Engine firmware now glimpsed, fingered via USB: https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/

-17jan17: Intel responds to report about hackers gaining access to a debugging interface: https://www.digitaltrends.com/computing/intel-kaby-lake-skylake-pcs-hackable-usb-jtag/

Jeffrey J. Bloom

The AI powered station will ease traffic bureaucracy which is why there have been simulated driving tests that have been related to the concept station. There's numerous other considerations not taken into account, as law enforcement is hard pressed keeping personnel objective & fully employing the capacity of situational awareness in some scenarios.

AI may not yet be up to the task. After all, not every case in the designated area will relate to car or driving related issues. AI has yet to be proven to have the capability of solving complex disputes. It may not be able to use all of the facts or comprehend the intricate dynamics of human relationships or the damage which can be caused to people, whether it is in the case of molestation or rape & hence, may not have the sensitivity to deal with such scenarios.
https://sanvada.com/2017/11/11/check-out-the-artificial-intelligence-powered-police-station-in-china/

Jeffrey J. Bloom

On Friday, IBM announced two new quantum computer systems, one using 50 qubits & another using 20 quibits. "It's a big frickin' deal," Dario Gil, director of quantum computing at IBM said. It's a massive leap from 18 months ago, when IBM unveiled a 5-qubit quantum computer. Their new quantum computer can hold a "quantum state" for 90 microseconds, which is a new record!

Jeffrey J. Bloom

"In the past couple of years we have demonstrated several RF spectral sensors that generally used off-the-shelf signal-processing approaches with our custom hardware & have demonstrated significant speed & energy benefits. It will be exciting to see how much more progress we can make using new algorithms built on the latest insights in signal processing."

Jeffrey J. Bloom

Is Palantir, one of the biggest threat intelligence firms, using cutting-edge tech to keep Americans safe, or laying the groundwork for a police state?

The firm's primary backer, Peter Thiel, hopes the technology will help protect civil liberties because, given the massive amounts of Americans' data the government takes in, "if we could help [agents] make sense of data, they could end indiscriminate surveillance." Some insiders credit Palantir for enabling the government to find Osama bin Laden's hideout in 2011.

Edward Hasbrouck of the Identity Project says this tech enables the government to violate civil liberties without necessary checks on its power.

Paul Scharre, a policy analyst who studies AI & defense at the Center for a New American Security, says the public shouldn't fear AI tools just because they're new & unfamiliar. "There's no technology that's just inherently good or inherently bad," says Scharre. "It's about how we're using it, & to what ends."

Article: http://reason.com/reasontv/2017/11/10/artificial-intelligence-and-the-surveill

Jeffrey J. Bloom

*HPE's neural network accelerator chip's mysterious "dot product engine" (DPE) architecture is geared toward carrying out matrix operations at speed, very useful for executing AI algorithms quickly. It also uses memristors, which drive HPE's now-defunct Machine computer architecture.

*Google released TensorFlow r1.4, making it easier to use low-level machine-learning framework through Keras, a high level user-friendly interface for programmers. Developers can reach, via Keras, TensorFlow's Estimator API to add common tools like linear classifiers or regressors, to neural networks.

*AutoML has been applied to ImageNet & CoCo, two large datasets containing millions of images, to create a novel architecture called NASNet, a small two-layered model designed purely by Google's code. Achieving a prediction accuracy of 82.7% on ImageNet--on par with SENet, the winning architecture for this year’s Large Scale Recognition Challenge.

*Nvidia has announced new courses, workshops & partnerships to teach more people about deep learning. "The world faces an acute shortage of data scientists & developers who are proficient in deep learning, & we’re focused on addressing that need. As part of the company’s effort to democratize AI, the Deep Learning Institute is enabling more developers, researchers & data scientists to apply this powerful technology to solve difficult problems." Said Greg Estes, VP of Nvidia's developer programs. They're working with Booz Allen Hamilton to train government employees & teaming up with deeplearning.ai, to create new content that will cover natural language processing, financial trading, & video analytics.

And much much more: https://www.theregister.co.uk/2017/11/11/ai_roundup/

Jeffrey J. Bloom

"We’ll have more to say on the hardware front soon, we’re just not ready to say anything now," Musk said. "But I feel very optimistic on that front... If it does turn out that a computer upgrade is necessary in order to meet the regulatory requirements in that area, we will replace the computer with something with greater power, which is sort of unplugging [one, & plugging] the other one in... But we feel confident of the competitiveness of our hardware strategy.”
https://www.marketwatch.com/story/elon-musk-hints-at-tesla-self-driving-hardware-change-nvidia-stock-drops-2017-11-01

Jeffrey J. Bloom

It's obvious, right? Defenders should do that which provides the most benefit. It's shocking how often that's ignored, favoring “Check-in-the-box” compliance instead, imposing high costs on defenders & only minor obstacles in the way of attackers. It's the opposite of leverage, or rather it's leveraged TO advantage attackers.

Defensible cyberspace through leverage is the subject of a report from a New York Cyber Task Force comprised of roughly thirty cybersecurity experts, including senior executives in finance, telecommunications, cybersecurity & other companies, along with senior researchers & academics.

Leverage is possible not by implementing new innovations but reducing existing headwinds. Harmonization of cybersecurity regulations could reduce costs & simplify defenses, like recent efforts to standardize the NIST cybersecurity framework.

Other ideas to gain leverage, however, create both winners & losers. Innovations such as liability for software makers, imposing security regulations on network service providers, or creating a new, more secure internet are all ideas worth considering. But they all have significant downsides on innovation, privacy, or costs..

"BUILDING A DEFENSIBLE CYBERSPACE," Report of the New York Cyber Task Force: September 28, 2017: https://sipa.columbia.edu/defensible-cyberspace

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure: https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal

Article: https://www.cfr.org/blog/building-defensible-cyberspace

Jeffrey J. Bloom

“The combination of big data, elastic cloud computing, AI & IoT is becoming the most significant development of the Information Age, & is driving the digital transformation of every industry – including aerospace, government services, & defense,” said Ed Abbo, C3 IoT president & CTO. “With DIUx, the DOD is demonstrating leadership in moving quickly to integrate these leading-edge technologies into the U.S. military for strategic national security.”

Jeffrey J. Bloom

As our understanding of the DOD's role in an ever evolving cyber landscape continues to change, 3 fundamental problems stand out: unclear demarcation of cyber responsibilities, ID of responsible cyber officials & a shortage of skilled cyber workforce competing with non-defense demands. To avoid playing a never-ending game of “catch-up,” here's 3 steps the SECDEF can take:

1. Work to establish DOD's cyber responsibilities smartly.
2. Empower a senior leader for cyber matters & hold them accountable.
3. Reduce the DOD's insatiable demand for cyber workforce talent.

While it may be tempting to draw a narrow set of responsibilities, any solution that limits the DOD & fails to empower them with a broader scope, is short-sighted & ultimately self-defeating.

https://warontherocks.com/2017/11/getting-cyber-right-for-the-department-of-defense/

Jeffrey J. Bloom

“This event provides unprecedented access to multiple Navy program managers who are flying in from Washington, D.C.,” said Dana Catron, program manager for NM FAST. “With the pre-release of DoD’s SBIR/STTR topics, which will occur two weeks prior to the Summit, small businesses will have the opportunity to learn the key factors necessary in creating a strong proposal package. Our goal is to provide small businesses with the tools & resources they need to submit winning proposals, ultimately driving innovation & growth in our state.”

The event will facilitate ground-floor access to Navy NAVSEA & NAVAIR program managers: https://navyinnovationsummit2017.eventbrite.com

Detailed information on panel topics: http://arrowheadcenter.nmsu.edu/innovationsummit/

Article: http://newscenter.nmsu.edu/Articles/view/12804/nmsu-based-nm-fast-city-of-albuquerque-to-host-inaugural-navy-innovation-summit

Jeffrey J. Bloom

RIP "Joe." Commuting to New York City until the early 1970s, he was in charge of construction, real estate & the in-house architect for AT&T. Directed to locate property in New Jersey for the new world headquarters of AT&T & headquarters of long lines, he helped develop the design concept of the long lines building in Bedminster New Jersey. Later after selecting the land for AT&T in New Jersey Joe, Olly & Jim moved to Warren, New Jersey.

Joe remained with “Ma Bell” until his retirement in 1989, when he joined his son Jim’s Architectural firm in New Jersey until his “second retirement” in 2010.
http://www.westportnow.com/index.php?/v3/obitjump/joseph_v._franco_94/

Jeffrey J. Bloom

It's not the size of the bug that counts, it's what you do with it.. Lovense's remote control vibrator app recorded a user's session without their knowledge. "An audio file lasting six minutes was stored in the app's local folder... The user says he or she gave the app access to the mic & camera but only to use with the in-app chat function & to send voice clips on command -- not constant recording when in use." App behavior appears widespread, confirmed by several other users. Lovense says it's only a "minor bug" affecting Android users, no information or data was sent to the company's servers, & the audio exists only temporarily. An update issued today should fix the bug. This isn't their first security flub, earlier this year Lovense's butt plug was found to be hackable via Bluetooth..

*Flashback* Security Researchers Hacked a Bluetooth-Enabled Butt Plug: https://motherboard.vice.com/en_us/article/ne788b/hackable-bluetooth-buttplug-hush-lovense

-SlashDot: Sex Toy Company Admits To Recording Users' Remote Sex Sessions, Calls It a 'Minor Bug':
https://yro.slashdot.org/story/17/11/10/2243240/sex-toy-company-admits-to-recording-users-remote-sex-sessions-calls-it-a-minor-bug

Jeffrey J. Bloom

Molecular & Cognitive Neuroscience (MCN) are interested in processes related to memory performance by investigating the molecular basis of memory. "There's no such thing as ‘the’ memory gene, but rather many variations in the genome that, combined with numerous other factors, form our memory,” says Milnik. Originally studying psychology & Medicine, she transitioned to statistical analysis. She's conducted & collectively amassed over one quadrillion statistical tests!

Analysing such a quantity of data would not be possible without a supercomputer like “Piz Daint”, she notes. Yet her results might significantly simplify future analysis of large datasets in the search for the “memory molecule”.
https://insidehpc.com/2017/10/supercomputing-human-brain-memory-molecules-piz-daint-supercomputer/

Another related article:
Brain "ripples" experience into memories when you sleep, study shows. “Identifying the specific neural patterns that go along with memory formation provides a way to better understand memory & potentially even address disorders of memory,” Dr. Gelinas concluded:
https://www.zmescience.com/science/brain-ripples-memory-sleep/

Jeffrey J. Bloom

We're in the midst of an amazing change. Cloud & mobile revolutions are already taking place, but more than that there is an intelligent edge & cloud ... Our mission is to empower every person & organisation on the planet to achieve more. Other's achievements on top of the technology we build are the true rewards for us,' he said.

However, he allayed fears of humans losing out jobs to machines.

'Technology is a tool. We as a society, government or policymakers will have to make decisions about how we use technology. That is what is going to decide whether we can achieve equitable growth.

Article:
http://www.dailymail.co.uk/indiahome/indianews/article-5059719/Microsoft-CEO-Satya-Nadella-future-industry.html

Jeffrey J. Bloom

"The three technologies are Mixed Reality, AI & Quantum Computing. The man-machine interface – from graphics to touchscreen & now speech – has made technology more natural ' intuitive." Satya Nadella, CEO, Microsoft

Jeffrey J. Bloom

A new source of energy, from the fusion of subatomic particles known as quarks--typically produced by colliding atoms at high speeds within the Large Hadron Collider (LHC)--could produce roughly 8 times more net energy than hydrogen fusion releases.
These disassociated quarks also tend to collide with one another, fusing into particles called baryons, producing energy even greater than what's produced in hydrogen fusion. Fused quarks configure into what's called a doubly-charmed baryon require 130 MeV to become doubly-charmed baryons, which, in turn, releases energy that's 12 MeV more energy. Turning their calculations to heavier bottom quarks, needing 230 MeV to fuse, they found resulting baryon fusions produce roughly 8 times more energy than hydrogen fusion releases!
https://futurism.com/quark-fusion-produces-eight-times-energy-nuclear-fusion/

Jeffrey J. Bloom

At the airport, travelers check in at a face ID kiosk that captures their biometric information & matches that data with their passport details. The system creates an electronic token used at subsequent clearance stages, where facial recognition is employed to verify identity against the token.
The system easily integrates with existing airport infrastructure, like self-check-in kiosks, baggage drop points & boarding gates.
A recent survey revealed 29% of airports & 25% of airlines plan to implement such systems by 2020.

Jeffrey J. Bloom

To detect credential stuffing on a large scale across billions of transactions, we built an AI that can autonomously identify attacks, says Shuman Ghosemajumder, CTO at Shape Security, "What BlackFish does, is take our visibility into the critical login flows of major corporations to automatically detect credential stuffing attacks... Using a bloom filter, the data itself is rendered as a probabilistic model vs. a hashed version of literal passwords & usernames.."

Jeffrey J. Bloom

A crippling flaw, possibly affecting hundreds of millions of encryption keys used in highest-stake security settings, is considerably easy to exploit. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public key, which can be used to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software & bypass protections preventing access or tampering with stolen PCs.

Using commercial cloud services, researchers estimate it would cost about $38 & 25 minutes to break a vulnerable 1024-bit key & $20k & 9 days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA (Return of the Coppersmith Attack), using factorization method, have largely downplayed the severity of the weakness. 

On Sunday, researchers reported developing an attack 25% more efficient than the ROCA researchers, by using Bernstein & Lange factorization in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers.

Unfortunately, the release of the original code may help improve attacks further, but also encourage additional improvements from other researchers.

References:
*Digital ID cards now only work with new certificates: https://medium.com/e-residency-blog/digital-id-cards-will-only-work-with-new-certificates-from-midnight-tonight-6e4db59658b8

*‎Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw: https://it.slashdot.org/story/17/10/16/1736252/millions-of-high-security-crypto-keys-crippled-by-newly-discovered-flaw

*‎Coppersmith's attack - a class of cryptographic attacks on the public-key cryptosystem RSA based on the Coppersmith method: https://en.wikipedia.org/wiki/Coppersmith's_attack

*‎2017.11.05: Reconstructing ROCA - case study of how quickly an attack can be developed from a limited disclosure: https://blog.cr.yp.to/20171105-infineon.html

Jeffrey J. Bloom

Elon Musk Can't Change The Laws of The Universe.. He just works within them.. very, very, very well! ;)

Creating & innovating is VERY challenging. Fortunately, the systematic Tesla--like the bumble bee--is effectively accomplishing the impossible, rather well, considering.

The reality of achieving the impossible--and getting it done right--takes a bit longer, even for Musk.
https://forums.tesla.com/forum/forums/elon-musk-cant-change-laws-universe

Jeffrey J. Bloom

Unfortunately, cyber incidents haven't resulted in necessary disruptive changes--to segmented authorities, processes & cultures--needed to achieve & sustain superior cyberspace dominance.

A stable & vibrant workforce MUST be empowered to operate across the ENTIRE cyberspace domain, currently divided across many departments & agencies.

Decisive application of force MUST be improved! By leveraging the Cyber Cold War for experimentation, with new technologies & processes, top-down management MUST prioritize activities enabling their organic & timely adoption.
https://thebulletin.org/amid-cyber-cold-war-cyber-mission-force-prepared11233

Jeffrey J. Bloom

Researchers at University of Pittsburgh & Carnegie Mellon trained an AI to notice the pattern differences in a person’s brain when they’re talking about certain subjects. A depressed person’s brain may show a different light pattern during talks about death than someone who isn’t depressed. While a person can lie, their brain scan can’t.

The AI was able to achieve over 90% accuracy, though more testing is required to demonstrate effectiveness across larger groups. For this tech to go mainstream, there are still hurdles to overcome, like the high cost of brain scans & a patient's willingness to undergo them.

https://www.slashgear.com/this-ai-uses-brain-scans-to-figure-out-if-someone-is-depressed-30506077/

Jeffrey J. Bloom

Imagine having a Knight Rider-styled car automagically taking you where you want to go without uttering a word:
https://twitter.com/elonmusk/status/921575999384326145

All you "David Hasselhoffs" out there, it's time to rejoice! This futuristic AI tech will soon be a reality (Sorry KITT, but Tesla even looks better!). When asked how the car will predict destinations, Musk tweeted "Yeah, don't exactly need to be Sherlock Holmes:"
https://twitter.com/elonmusk/status/921587018412339200

Musk confirmed updated autopilot hardware & software (titled HW 2.5) is expected to hit markets soon, equipping Tesla with upgrades to attain Level 5 autonomy!

https://www.inc.com/ari-zoldan/tesla-cars-will-soon-be-able-to-predict-your-destination-says-elon-musk.html

Jeffrey J. Bloom

Establishing the P-DCO (Proactive-Defensive Cyberspace Operations) Board & launching Operation Gladiator Hunter, aligns & synchronizes efforts of multiple organizational resources to create focused & prioritized CPT (Cyber Protection Team) ops to protect the DoDIN.
http://www.executivegov.com/2017/10/cybercom-establishes-strategic-concepts-to-mitigate-cyber-threats-to-natl-security/

References:
*Cyber Moonshot: Taking a proactive approach to cybersecurity: https://www.fifthdomain.com/opinion/2017/10/27/cyber-moonshot-taking-a-proactive-approach-to-cybersecurity-commentary/

*Shifting from reactive to proactive Insider threat defense: http://www.nextgov.com/technology-news/tech-insider/2017/10/how-agencies-can-shift-reactive-proactive-insider-threat-defense/142104/

*Navy Cybersecurity: Anatomy of a Cyber Intrusion: http://www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=9621

Jeffrey J. Bloom

Musk seems confident his tunnel networks have potential & could significantly cut travel times, though he has warned that getting the necessary regulatory approval could be tricky. Another test site was recently given the go-ahead in Maryland.

If his grand Boaring vision becomes a reality, you'll be able to have your vehicle lowered into the underground network & propelled down a series of tracks to beat even the worst traffic.

Articles:
http://technologynews.site/2017/10/29/elon-musk-showed-a-picture-of-the-interior-of-his-tunnel-under-los-angeles/

http://www.techradar.com/news/this-our-first-look-at-one-of-elon-musks-boring-tunnels

*‎Elon Musk says he has verbal approval for an underground NYC-to-DC hyperloop (July 20, 2017) :
http://www.techradar.com/news/elon-musk-says-he-has-verbal-approval-for-an-ny-to-dc-hyperloop-tunnel

Elon Musk says LA is open to his Boring idea: underground traffic tunnels (June 19, 2017):
http://www.techradar.com/news/elon-musk-says-la-is-open-to-his-boring-idea-underground-traffic-tunnels

*Here's how Elon Musk's tunnels will put an end to traffic jams (April 29, 2017):
http://www.techradar.com/news/heres-how-elon-musks-tunnels-will-put-an-end-to-traffic-jams

Jeffrey J. Bloom

CAPTCHAs are now defeatable by a powerful new type of AI neural network that closely approximates human perception.

A computer model called Recursive Cortical Network (RCN), is able to efficiently deduce the grainy symbols depicted in CAPTCHA tests (aka Completely Automated Public Turing test to tell Computers & Humans Apart).

"Biology has put a scaffolding in our brain that is suitable for working with this world," Said Dileep George, co-founder of AI startup Vicarious, "It makes the brain learn quickly. So we copy those insights from nature & put it in our model."

http://www.sciencealert.com/new-ai-breach-anti-bot-security-thinking-like-human-captcha-vicarious

Jeffrey J. Bloom

This Windows NTLM attack was exposed by Juan Diego, a Columbia-based security researcher. Reported to Microsoft in April, it was patched 148 days ago in the form of security advisory ADV170014.

To patch this flaw, Microsoft has changed two registry keys to disable NTLM on the system. However, as these keys are available only on Windows 10 & Windows Server 2016, these are the only versions that are being patched.

Jeffrey J. Bloom

The government has a problem with hackers—but not the kind you think. It's Uncle Sam’s reputation of hostility towards hackers that makes it difficult to hire the sort of people the country needs to tighten up its sprawling computer networks.

While polling hackers & security experts in San Francisco this week, I asked who would ever consider working for the government, fewer than ten hands went up, in a room of hundreds of people.

Unfortunately the crowd attending HackerOne's bug bounty event, are exactly the people needed: Smart & creative techies well versed in hacker culture & capable of protecting the U.S. from cyber attacks.

Reluctance to join the government is two-fold. First there's a long-running mistrust over the government’s persecution of hackers like Aaron Swartz, a young genius who uploaded academic journals from MIT, & Samy Kamkar, who faced a lengthy criminal ordeal over a caper involving the social network MySpace (which he related in humorous detail to the HackerOne crowd).

Second, talented hackers don’t want to trade in plush positions & big bucks at cool tech companies to work for an average salary in the unglamorous world of the civil service.

Fortunately, not everyone feels this way. Like Mike Chung, a former manager at Apple who left to help lead the Digital Defense Service & run programs like “Hack the Pentagon” & “Hack the Airforce,” which offer cash prizes to hackers who find vulnerabilities in military software. Another is Jacob Kaplan-Moss, former director of security at Heroku, but now works for 18F, a government agency that’s helping the likes of the IRS harden its computer defenses.

Both men said their work comes with a sense of mission missing from many corporate jobs & describs the sweeping impact hackers make inside the government. They also made the case that Uncle Sam is overcoming its aversion to hackers & recognizing it needs to accommodate their culture.

Their pitch was persuasive & led some young hackers to ask how to get involved with the government. While many in the room remained skeptical, the good news is that the government appears to recognize they need a few good hackers—& might even do what it takes to get them.

http://greatresponder.com/2017/10/28/uncle-sam-tries-to-hire-hackers/

Read more:
*Groundbreaking keynotes, presentations & networking with peers & industry leaders paving the way to a safer internet:
https://securityatsf.splashthat.com/

*‎This $40 Million Investment Shows How 'Bug Bounties' Are Becoming Mainstream:
http://fortune.com/2017/02/08/bug-bounty-hackerone/

*The Air Force's New Mission: Pay Friendly Hackers:
*‎http://fortune.com/2017/04/26/hack-the-air-force/