Tech Today w/ Ken May

Archive for September 20th, 2017

AI Just Made Guessing Your Password a Whole Lot Easier

Posted by kenmay on September - 20 - 2017

sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you’re probably toast in less than an hour. Now, there’s more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A “generator” attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a “discriminator” tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they’d be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18. Read more of this story at Slashdot.

Categories: reader

15 neat hidden features in iOS 11

Posted by kenmay on September - 20 - 2017

 After months and months of beta, iOS 11 is finally here — and it’s a huge update. In particular, Apple has tucked away many little features that you won’t see right away. If you want to impress all your friends with your mad iOS skills, here is a list of some of these features. I also wrote a short and sweet review of iOS 10 if you want to learn more about all the changes… Read More

Categories: reader

A dead body sat in a pickup truck for eight months in a parking lot at the Kansas City International Airport before someone discovered it. 53-year-old Randy Potter disappeared January 17, and had parked at the airport that same day. When his family contacted the airport police to report their missing relative and to see if his truck was still in the parking lot, the police said if it was, they would find it. Astonishingly, they somehow missed it. It wasn’t until someone reported a bad odor that the body was spotted inside the truck. Apparently, according to police, Potter had committed suicide, but no other details were released. According to Time : The truck’s windows are tinted, but are light enough to allow anyone to see inside. When an airport police officer found the body, it was covered up by a blanket, according to a police report. “No one should go through what we went through,” said Potter’s wife, Carolina. “We should not have gone through eight months agonizing, speculating.” Potter’s truck had been listed in the missing person flyers circulated by Lenexa police. The family had visited the airport early on. Kansas City spokesman Chris Hernandez said city officials were gathering facts to determine how Potter’s body remained in the lot as long as it did. The economy lot where Potter’s body was found is one of three lots situated about 2 ½ miles (4 kilometers) north of the airport terminals. Shuttles carry travelers from the lot to the terminals. The airport has over 25,000 parking spaces, and clearly needs a better way of managing them. Image: Dean Hochman

Categories: reader

iOS 11 Released

Posted by kenmay on September - 20 - 2017

Today, Apple released the final version of iOS 11, its latest mobile operating system. If you have an iPhone or iPad that was released within the last few years, you should be able to download the new update if you navigate to the Settings panel and check for a software update under the General tab. The Verge reports: OS 11, first unveiled in detail back at Apple’s WWDC in June, is the same incremental annual refresh we’ve come to expect from the company, but it hides some impressive complexity under the surface. Not only does it add some neat features to iOS for the first time, like ARKit capabilities for augmented reality and a new Files app, but it also comes with much-needed improvements to Siri; screenshot capture and editing; and the Control Center, which is now more fully featured and customizable. For iPads, iOS 11 is more of an overhaul. The software now better supports multitasking so you can more easily bring two apps into split-screen mode, or even add a third now. The new drag-and-drop features are also much more powerful on iPad, letting you manage stuff in the Files app more intuitively and even letting you drag and drop photos and text from one app to another. Read more of this story at Slashdot.

Categories: reader

(credit: Hanno Böck ) There’s a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed . The vulnerability can be triggered by querying a server with what’s known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here . The best-known vulnerability to leak potentially serious server memory was the Heartbleed bug located in the widely used OpenSSL cryptography library . Within hours of Heartbleed’s disclosure in April 2014, attackers were exploiting it to obtain passwords belonging to users of Yahoo, Ars , and other sites. Heartbleed could also be exploited to bleed websites’ private encryption keys and to hack networks with multifactor authentication . Read 3 remaining paragraphs | Comments

Categories: reader

Here’s how to eat slimy woodworms from the Philippines

Posted by kenmay on September - 20 - 2017

Tamilok is a kind of worm that eats dead mangrove tree wood. It is considered a delicacy that tastes like slightly sweet oysters.

Categories: reader

Ransomware Hack Targeting 2 Million an Hour

Posted by kenmay on September - 20 - 2017

New submitter Zorro writes: A ransomware attack sweeping the globe right now is launching about 8, 000 different versions of the virus script at Barracuda’s customers, Eugene Weiss, lead platform architect at Barracuda, told Axios, and it’s hitting at a steady rate of about 2 million attacks per hour. What to watch out for: An incoming email spoofing the destination host, with a subject about “Herbalife” or a “copier” file delivery. Two of the latest variants Barracuda has detected include a paragraph about legalese to make it seem official, or a line about how a “payment is attached, ” which tricks you to click since, as Weiss puts it, “everyone wants a payment.” Read more of this story at Slashdot.

Categories: reader

An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the “cybersecurity incident.” But the decision to create “equifaxsecurity2017” in the first place was monumentally stupid. The URL is long and it doesn’t look very official — that means it’s going to be very easy to emulate. To illustrate how idiotic Equifax’s decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words “security” and “equifax” around.) As if to demonstrate Sweeting’s point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting’s fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th. Read more of this story at Slashdot.

Categories: reader

Pee on a postcard to determine if you have a UTI

Posted by kenmay on September - 20 - 2017

Among the many startups on display at the TechCrunch Disrupt hall in San Francisco this week are companies focused on health and biotech. The products ranged from smart exercise bikes to breast pumps that look like they’re from a science-fiction film. One of them, however, stood out from the rest with a large sign that simply read “Take the piss, ” with the last word in big bold letters. The company is called Testcard , and it claims to tell you if you have a urinary tract infection just by peeing on a postcard. It’s just one of many medtech startups vying for legitimacy in an increasingly crowded field. The postcard comes with four different pull-out tabs, and each tab is equipped with a QR code as well as three tiny square pads, each with a different color. You then either pee on the tab — or, as Testcard would recommend, dip the tab in a cup you’ve already peed into — and the three tiny squares may or may not change in color. After that, you then use the companion Testcard app to scan the QR code and then align the colored squares with the in-app camera. Within about 20 seconds, the app will let you know if you have a urinary tract infection or not. Testcard is also working on different postcards to test pregnancy (it’ll even tell you how far along you are) and sexually transmitted infections as well. Dr. Andrew Botham, Testcard’s co-founder, explains how it works: “The app uses the camera as a colorimeter, ” he says. “It converts the color to a signal, and then compares to an internal calibration curve for the test substance.” A pregnancy test, on the other hand, would measure density rather than color. It compares the test response to a control, which then approximates how pregnant the person is. According to Botham, the tests here are very similar to the kinds you would take in an office — a doctor testing for UTI would also be comparing your results to a color chart, for example — except the postcards are more accessible, especially to those who live far away from clinics and hospitals. “Point-of-care testing has never been able to show improved patient outcomes, ” says Botham. “I feel this is because it is being done in doctors’ surgeries and clinics, and at this point, patients are already being managed.” The key, he says, is to make testing like this more convenient, so that those concerned can take the tests in the privacy of their own home. Testcard sounds like a really interesting idea, but as with any medtech startup these days, it’s probably wise to approach it with a healthy dose of skepticism. As we’ve seen with Theranos , for example, sometimes these claims amount to nothing more than snake oil. Accusations of pseudoscience have even permeated the field of genetics testing — sure, services like 23andMe and Helix can offer an interesting insight into your genetic past, but the results aren’t always conclusive. Plus, while FDA clearance has been awarded to certain disease-assessment DNA tests, the ones that focus on giving diet and fitness advice aren’t given the same level of scrutiny. For Testcard’s part, Botham tells me it’s still in a pre-regulatory phase. It’ll launch next year through clinical trial testing in certain laboratories in the UK as it seeks regulatory approval. This way, he says, the company can still make revenue while undergoing testing — the app itself is free, but each postcard will cost around $3 (the pricing is not yet final). Plus, the clinical trials will be a great way to figure out what’s working and what’s not. When asked about how Testcard can differentiate itself from Theranos and learn from its mistakes, Botham says that its product is already proven. “The revelation is not in the technology, it’s in the accessibility, ” he says. “We are pushing laboratory grade testing into the home.”

Categories: reader

Budweiser offers 150,000 free Lyft round trips

Posted by kenmay on September - 20 - 2017

If you’re on the lookout for a designated driver this holiday season, a brewery can save the day. Starting today, Budweiser is offering up to 150, 000 free round-trip Lyft rides (worth up to $10 each way) with its “Give a Damn” program until the end of the year. Every Thursday at 2 PM ET, Budweiser will share a code on its Facebook and Instagram channel that you can use Thursday, Friday and Saturday night (in the US only). The program, which Budweiser piloted in New York, Colorado, Illinois and Florida last year , will also be available in Massachusetts, Pennsylvania, Missouri, Texas, Georgia and Washington, D.C. this year. When you claim the code, the funds will be transferred to your Lyft account, but only for the three-day period. This year’s program offers round-trips instead of the one-way trips offered during the pilot, which makes a lot more sense. Obviously, Budweiser is offering the rides to gain some feel-good PR and let customers freely consume its product without fear of repercussions. There’s no reason you can’t, say, drink whiskey and still use the codes, though. Budweiser plays no favorites in the ride-sharing game. Working with Uber’s Otto trucking division, it transported 8, 000 cases of Bud over a 120-mile distance, the first such delivery for an autonomous semi-truck. Somehow it makes sense that Uber is delivering the beer, and Lyft is bringing the drunk customers home safely.

Categories: reader