Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America's technology supply chain, according to extensive interviews with government and corporate sources. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
https://www.universalhub.com/2022/driver-says-gps-made-him-turn-train-tracks-everett
Davide Castelvecchi, *Nature*, 11 Jul 2022, via ACM TechNews; 13 Jul 2022 Computer scientists at the DeepMind artificial intelligence (AI) research laboratory trained a software model to learn simple physical rules about object behavior. The researchers trained the Physics Learning through Auto-encoding and Tracking Objects (PLATO) neural network model using animated videos and images of objects like cubes and balls, in order for it to generate an internal representation of the physical properties of each object. The model learned patterns such as continuity, solidity, and persistence of shape. DeepMind's Luis Piloto said the software makes predictions at every step in the video, and its accuracy increases as the video progresses. Piloto suggested PLATO could be a first step toward AI that can test theories about how human infants learn. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ee75x234badx070806& [Interesting metaphor. How long dies it take a baby to understand quantum theory and space physics? Through elementary and secondary schools, universities, and specialized grad schools? Would you want that baby to grow into building your airplanes without the benefits of a real in-person education, or even designing your space ship so that you might some day want to escape from this planet? PGN]
Matt O'Brien, Associated Press, 17 Jul 2022 via ACM TechNews; Monday, July 18, 2022 Scientists are worried about the use of large language models in chatbots and other technologies, not least because their creators conceal their inner workings and the flaws that can cause such systems to spread misinformation. Stanford University's Percy Liang said companies face competitive pressure not to expose large language models' underpinning technology, or to partner on community standards. A group of scientists worked with France's government to launch the BigScience Large Open-science Open-access Multilingual Language Mode (BLOOM) large language model, which was developed to counter closed models like Microsoft's GPT-3. BLOOM functions across 46 languages, while most systems concentrate on English or Chinese. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2eeb3x234c60x070732&
Zeljka Zorz, *Help Net Security*, 12 Jul 2022, via ACM TechNews; 13 Jul 2022 Researchers at Israel's Ben-Gurion University of the Negev (BGU) and Tel Aviv University found that facial recognition (FR) systems may be thwarted by fabric face masks boasting adversarial patterns. The researchers employed a gradient-based optimization process to generate a universal perturbation and mask to falsely classify each wearer as an unknown identity. BGU's Alon Zolfi said, "The perturbation depends on the FR model it was used to attack, which means different patterns will be crafted depending on the different victim models." Zolfi suggested FR models could see through masked face images by training them on images containing adversarial patterns, by teaching them to make predictions based only on the upper area of the face, or by training them to generate lower facial areas based on upper facial areas. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ee75x234bacx070806&
Critics dumbfounded by reality TV star Travis Taylor's position as "chief scientist" https://www.science.org/content/article/pentagon-ufo-study-led-researcher-who-believes-supernatural
Jule Pattison-Gordon, *Government Technology*, 12 Jul 2022, via ACM TechNews; 13 Jul 2022 Members of the American Civil Liberties Union, Carnegie Mellon University, the Idaho Justice Project, and the University of Pennsylvania developed a criminal justice algorithm to predict the probability of defendants receiving biased sentences in court. The algorithm factors in seemingly immaterial variables like the judge's and defendant's gender and race, along with case details like mandatory minimum sentencing requirements and the nature of the offense, to forecast how likely the judge is to issue an unusually long sentence (longer than those issued in 90% of the other cases with "identical legally relevant factors"). The team of developers suggest the algorithm could help potentially wronged defendants argue for reducing disproportionately harsh sentences. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ee75x234ba4x070806&
*It's impossible to tell the story of psychedelics without telepathy. How will these experiences fit into psychedelics' mainstream, medical future?* In February of 1971, approximately 2,000 attendees at six Grateful Dead concerts at the Capitol Theater in Port Chester, New York saw this message projected onto a large screen at 11:30 PM: “YOU ARE ABOUT TO PARTICIPATE IN AN ESP EXPERIMENT.'' It was a test to see if people could use extra-sensory perception, or ESP, to telepathically transmit randomly chosen images to two psychic-sensitive people, Malcolm Bessent and Felicia Parise, who were sleeping 45 miles away. Bessent was at the Maimonides Dream Laboratory in Brooklyn, while Parise slept in her apartment. Art prints, selected at random, were projected at the Dead show, like The Castle of the Pyrenees and Philosophy in the Boudoir by Ren=C3=A9 Magritte, or a visual representation of spinal chakras. Bessent and Parise described their dreams to two evaluators, an art therapy student and a divinity student, who then judged them based on their similarities to the images shown at the concert. The Grateful Dead were chosen because the members of the band agreed to facilitate such an experiment, but also because those who conducted the study had determined that the audience would be especially primed for telepathic abilities, in part because of the state of mind they assumed the audience would be in. [...] https://www.vice.com/en/article/z34xa5/the-long-strange-relationship-between-psychedelics-and-telepathy
https://techxplore.com/news/2022-07-brainwaves-criminal-trials.html "Law enforcement agencies worldwide struggle with the unreliability of eyewitness identification and scarcity of physical clues at crime scenes. There is a wealth of evidence showing that mistaken eyewitness identification is a contributing factor in wrongful convictions. Police only collect physical evidence in approximately 15% or less of crime scenes. This makes non-physical evidence like eyewitness testimony extremely important." Extrapolating criminal identification via eyewitness brainwave analysis shown either a perpetrator lineup or a mugshot equivalences the false negative/positive outcome determination of AI-trained image recognition. Reasonable doubt without batting an eyelash.
Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed <https://comsec.ethz.ch/research/microarch/retbleed/> by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue is tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing software mitigations as part of a coordinated disclosure process. <https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037> <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html> <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html> Retbleed is also the latest addition to a class of Spectre attacks <https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html> known as Spectre-BTI (CVE-2017-5715 or Spectre-V2), which exploit the side effects of an optimization technique called speculative execution <https://en.wikipedia.org/wiki/Speculative_execution> by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong. Attacks like Spectre take advantage of the fact that these erroneously executed instructions—a result of the misprediction—are bound to leave traces of the execution in the cache, resulting in a scenario where a rogue program can trick the processor into executing incorrect code paths and infer secret data pertaining to the victim. [...] https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html
Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. <https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html> "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity firm ESET said in a series of tweets. [...] https://twitter.com/ESETresearch/status/1547166334651334657 https://thehackernews.com/2022/07/new-uefi-firmware-vulnerabilities.html
https://www.theregister.com/2022/07/11/lenovo_secured_core/?td=rt-3a Lenovo's support documentation explains it thus: "Linux distributions use a Microsoft signed 'shim' executable that is then able to verify the subsequent boot stages that have been signed with the distribution key. The Microsoft signed shim is signed using the 'Microsoft 3rd Party UEFI Certificate', and this certificate is stored in the BIOS database." So far so good. However, for Secured Core PCs "it is a Microsoft requirement for the 3rd Party Certificate to be disabled by default," according to Lenovo. Therefore, if your PC ships with Windows pre-installed, there is an additional step to be taken to install Linux (or boot into something else) involving a jump into the BIOS setup to enable the Microsoft 3rd Party UEFI Certificate once again.
*We finally understand the code behind the Anom phones.* For years criminal organizations around the world were buying a special phone called Anom. The pitch was that it was completely anonymous and secure, a way for criminals to do business without authorities watching over their shoulder. It turned out that the whole thing was an elaborate honeypot and that the FBI and law enforcement agencies around the world were listening in. They'd help develop the phones themselves. The fallout from that revelation is ongoing and, here at Motherboard, we've just learned how the phones work. On this episode of Cyber, Motherboard Senior Staff Writer Joseph Cox comes on to discuss the code that powered the Anom phone. [...] https://www.vice.com/en/article/pkgbpn/how-the-fbi-wiretapped-the-world
Lies are free, accurate information is locked away. -L https://www.poynter.org/commentary/2022/all-news-election-articles-should-be-free/
It's not impossible that ultimately platforms will be required to moderate all UGC (User Generated Content) before it appears publicly. This would likely require a drastic cutback in UGC availability, with many ramifications. But the regulatory arrow is moving in this direction.
Hiroko Tabuchi, *The New York Times*, 17 Jul 2022 via ACM TechNews; Monday, July 18, 2022 A Congressional probe found seven of the largest U.S. bitcoin mining companies could cumulatively use as much electricity as all the homes in Houston. The findings indicated the firms could tap up to 1,045 megawatts of power, and the companies said they intend to dramatically expand their capacity. Cryptomining enterprise Marathon Digital Holdings told the investigating committee it ran nearly 33,000 "mining rigs" as of February, up from slightly over 2,000 at the start of last year; the company plans to grow that number to 199,000 rigs by early 2023. The seven biggest cryptominers expected to boost their mining capacity by at least 2,399 megawatts in the years ahead, a nearly 230% gain from current levels. https://www.nytimes.com/2022/07/15/climate/cryptocurrency-bitcoin-mining-electricity.html
... From $25 billion to $167 million: How a major crypto lender collapsed and dragged many investors down with it https://www.cnbc.com/2022/07/17/how-the-fall-of-celsius-dragged-down-crypto-investors.html
https://twitter.com/smdiehl/status/1531920884444848129
https://www.usatoday.com/story/money/cars/2022/07/16/gm-offers-rebate-cadillac-lyriq-drivers-tracking/10076785002/
In push for global expansion, company officials saw clashes with taxi cab workers as a way to win public sympathy, a trove of new documents shows https://www.washingtonpost.com/business/2022/07/10/uber-taxi-driver-violence/
About the Uber Files investigation https://www.washingtonpost.com/business/2022/uber-files-investigation/ https://www.washingtonpost.com/business/2022/07/10/uber-files-explained/
Regulators entered Uber's offices only to see computers go dark before their eyes as the company used covert tech to thwart government raids. https://www.washingtonpost.com/technology/2022/07/10/uber-europe-raids-kill-switch/
https://techcrunch.com/2022/06/01/2328459/
Heads-up: At least some areas of Google Voice appear to be DOWN, with calls to Google Voice numbers not going through properly.
Though there's now a lot of publicity concerning Google's proposal for some political email to bypass Gmail spam filters by default, you likely haven't seen the full proposal. It's 15 pages, it's quite comprehensive, and it's here: https://www.fec.gov/files/legal/aos/2022-14/202214R_1.pdf A couple of aspects I'll point out. First, the *reason* Google is asking for FEC approval on this proposal is apparently due to concerns that letting some entities' email bypass spam filters might be construed as being an "in-kind contribution" to those entities. Google is seeking an FEC ruling that the proposal would not fall into the in-kind contribution category. Secondly, there's a very interesting sentence down deep in there that is worth pondering: Google is proposing to start this pilot with Eligible Participants rather than other industries due to: (1) the ability to verify these FEC-registered entities; (2) the upcoming period of expected increased and sustained engagement by this set of bulk senders; (3) this group of bulk senders' strong incentives to keep users engaged for a sustained period; and (4) the ease of participant feedback for this group of senders due to the concentrated group of email vendors. My reading of this suggests that Google is at least considering the expansion of the spam filter bypass model to "other industries"—that is, to entities other than the political ones that are the focus of the current proposal. Anyway, the document is very interesting reading. My original blog post on this issue is here: https://lauren.vortex.com/2022/07/13/googles-horrible-plan-to-flood-your-gmail-with-political-garbage
Space bubbles https://bgr.com/science/mit-scientists-think-theyve-discovered-how-to-fully-reverse-climate-change/
What do a Real Housewife, an Olympic athlete, and a doula have in common? They're all being paid by an ad-tech startup as influencers—peddling not products, but ideologies. https://www.wired.com/story/meet-the-lobbyist-next-door So why buy either one?
Stupid question: when I click on a 'link', why can't the browser itself create the link, rather than allowing Facebook to create & encrypt the link? Also, this 'dark pattern' from Facebook enables hackers to mask truly dangerous links that can lead to a complete compromise of the user's computer. Or worse: child pornography pix that put you in jail. https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/ Facebook has started to encrypt links to counter privacy-improving URL = Stripping Martin Brinkmann Jul 17, 2022 Facebook has started to use a different URL scheme for site links to combat URL stripping technologies that browsers such as Firefox or Brave use to improve privacy and prevent user tracking. Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser's Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well. Both web browsers use lists of known tracking parameters for the functionality. The lists need to be updated whenever sites change tracking parameters. Facebook could have changed the scheme that it is using, but this would have given Facebook only temporary recourse. It appears that Facebook is using encryption now to track users. Previously, Facebook used the parameter fbclid for tracking purposes. Now, it uses URLs such as https://www.facebook.com/ghacksnet/posts/pfbid0RjTS7KpBAGt9FHp5vCNmRJsnmBudyqRsPC7ovp8sh2EWFxve1Mk2HaGTKoRSuVKpl?__cft__[0]=AZXT7WeYMEs7icO80N5ynjE2WpFuQK61pIv4kMN-dnAz27-UrYqrkv52_hQlS_TuPd8dGUNLawATILFs55sMUJvH7SFRqb_WcD6CCOX_zYdsebOW0TWyJ9gT2vxBJPZiAaEaac_zQBShE-UEJfatT-JMQT5-bvmrLz7NlgwSeL6fGKH9oY9uepTio0BHyCmoY1A&__tn__=%2CO%2CP-R instead. The main issue here is that there it is no longer possible to remove the tracking part of the URL, as Facebook merged it with part of the required web address. Removing the entire construct after the ? would open the main Facebook page of Ghacks Technology News, but it won't open the linked post. Since it is no longer possible to identify the tracking part of the web address, it is no longer possible to remove it from the address automatically. In other words: Facebook has the upper hand in regards to URL-based tracking at the time, and there is little that can be done about it short of finding a way to decrypt the information. There is no option currently to prevent Facebook's tracking of users via links. Users could avoid Facebook, but that may not be possible all the time. URL tracking does not help much if other tracking means, e.g., through cookies or site data, are not available. While Facebook gets some information from URL-based tracking, it can't link it if no persistent data is available. Users who don't sign into Facebook and clear cookies and site data regularly, may avoid most of the company's tracking.
“There's nothing to stop police from using Facebook ad-targeting data the same way they've been using Google's data, as a mass digital dragnet. Our investigation found that Facebook has continued to ingest data from webpages with obvious sexual health information—including ones with URLs that include phrases such as post-abortion, i-think-im-pregnant, abortion-pill.'' https://revealnews.org/article/facebook-data-abortion-crisis-pregnancy-center/
*"Unexpected item in the bagging area."* *"Please place item in the bag."* *"Please wait for assistance."* If you've encountered these irritating alerts at the self-checkout machine, you're not alone. According to a survey <https://www.raydiant.com/blog/state-of-self-service-checkouts/> last year of 1,000 shoppers, 67% said they'd experienced a failure at the self-checkout lane. Errors at the kiosks are so common that they have even spawned dozens of memes <https://memebase.cheezburger.com/tag/self-checkout> and TikTok videos <https://www.tiktok.com/tag/selfcheckout?lang=en>. "We're in 2022. One would expect the self-checkout experience to be flawless. We're not there at all," said Sylvain Charlebois, director <https://www.dal.ca/faculty/management/school-of-public-administration/faculty-staff/our-faculty/sylvain-charlebois.html> of the Agri-Food Analytics Lab at Dalhousie University in Nova Scotia who has researched self-checkout. Customers aren't the only ones frustrated with the self-checkout experience. Stores have challenges with it, too. The machines are expensive to install, often break down and can lead to customers purchasing fewer items. Stores also incur higher losses and more shoplifting <https://www.theatlantic.com/magazine/archive/2018/03/stealing-from-self-checkout/550940/> at self-checkouts than at traditional checkout lanes with human cashiers. Despite the headaches, self-checkout is growing. In 2020, 29% of transactions at food retailers were processed through self-checkout, up from 23% the year prior, according to the latest data from food industry association FMI. This raises the question: why is this often problematic, unloved technology taking over retail? [...] https://www.cnn.com/2022/07/09/business/self-checkout-retail/index.html
Alyson Klein, *Education Week*, 12 Jul 2022, via ACM TechNews; 13 Jul 2022 A July 12 letter to governors and top education officials in all 50 states, signed by over 500 businesses, nonprofits, and education organizations, calls for every K-12 student to be given access to computer science education. Amazon, Microsoft, and Alphabet were among the signatories, along with companies like American Express, Nike, Starbucks, UPS, and Walgreens. Code.org reports that only about a dozen of the 27 states with policies granting access to high school students aim to give all K-12 students access. Code.org's Hadi Partovi said it is important that big companies not thought of as tech companies support the effort. Said Partovi, "It helps people realize that this is about every industry, that every company is becoming a technology company and every company is suffering with the lack of preparation that our schools are giving to our students." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ee75x234ba3x070806& [The U.S. has been dumbing down lower and higher education for decades, except for the "elite" schools—competing with blather from those people who do not trust science. PGN]
“I am very sorry for the pending delivery," FedEx Help, the company's customer service account, replied about how Jeffrey Merriweather's remains have been missing since they were shipped via FedEx in 2019. https://www.washingtonpost.com/business/2022/07/15/fedex-twitter-bot-missing-remains-georgia/
Interac was down only for merchants and ATMs that are connected via Rogers. Those with Bell or Telus were not affected. A local drive through banking machine operated by TD Canada Trust continued working while a local variety store had credit card or cash only, and it's no name ATM was down. My Internet was down for 28 hours, came back for an hour, down again, then back again after another hour. Hopefully that's the end of the current problems in my area, and a proper explanation/fix will be coming.
60th Course of the International School on Disarmament and Research on Conflicts (ISODARCO): Advancing Technology, Nuclear Weapons Security and International Stability Andalo (Trento, Italy), 8-15 January 2023 Directors of the Course: Deborah Louis (ISODARCO, Boston, USA), Francesca Giovannini (Managing the Atom, Harvard University, USA), and Steven Miller (Belfer Center, Harvard University, USA) Principal Lecturers: Mansoor Ahmed, Center for International Strategic Studies, Islamabad; Alexey Arbatov, IMEMO, Moscow; Nadia Arbatova, IMEMO, Moscow; Malfrid Braut-Hegghammer, Oslo University; Paolo Cotta Ramusino, Secretary-General, Pugwash Conferences on Science and World Affairs; Sergio Duarte, President of Pugwash; Mark Fitzpatrick, International Institute for Strategic Studies, London; Joan Johnson-Freese, Naval War College, Newport; Alexander Kmentt, King's College, London; Ankit Panda, Nuclear Policy Program, Washington; Alessandro Pascolini, Padua University; Tariq Rauf, Former Head of Verification & Security Policy, IAEA, Vienna; Laura Rockwood, Open Nuclear Network, Vienna; Carlo Trezza, Istituto Affari Internazionali, Roma; Heather Williams, King's College, London; Benjamin Zala, Australian National University, Canberra. Information on the school and application forms: www.isodarco.it [1]. Dott. Diego Latella - Senior Researcher CNR/ISTI, Via Moruzzi 1, 56124 Pisa, Italy (http:www.isti.cnr.it [2]) FM&&T Lab. (http://fmt.isti.cnr.it) CNR/GI-STS (http://gists.pi.cnr.it) https://www.isti.cnr.it/People/D.Latella - ph: +390506212982, fax: +390506212040 [1] http://www.isodarco.it [2] http://www.isti.cnr.it
Please report problems with the web pages to the maintainer