kenmay

Quantum encryption is now fast enough for voice calls

Quantum encryption is theoretically a dream for security, as you can’t even inspect the data without altering it. However, it’s currently several times slower than the conventional kind, which makes it impractical for voice calls or streaming video. Science may have come to the rescue, though: researchers have developed a quantum encryption key distribution system that promises to be five to 10 times faster than existing methods, or roughly on par with conventional encryption when run in parallel. The trick was to cram more data into each photon. Normally, you can only encode one bit per photon by using a weak laser. The team discovered that it could encode two bits by tweaking the release time of photons and using high-speed photon detectors to track these changes. Effectively, they’re giving photons properties they couldn’t have before. There’s a lot of effort left before this becomes practical, not the least of which is the size: a transmitter/receiver combo would be about as large as a computer. It’s more realistic than you might think, mind you. All the parts beyond the single-photon detector are readily available, and it could even be used for “free space” (read: over the air) transmissions. Eventually, there may be a time when you could hold a secure voice chat knowing that even the most determined spy couldn’t listen in. Via: Phys.org Source: Science Advances

Devs Working To Stop Go Math Error Bugging Crypto Software

Richard Chirgwin, writing for The Register: Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big numbers — particularly big primes — are the foundation of cryptography. Vranken posted to the oss-sec mailing list that he found the potential issue during testing of a fuzzer he wrote that “compares the results of mathematical operations (addition, subtraction, multiplication, …) across multiple bignum libraries.” Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: “it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver.” Read more of this story at Slashdot.

More here:
Devs Working To Stop Go Math Error Bugging Crypto Software

‘MST3K’ will mock B movies for another season on Netflix

If Twitch’s Mystery Science Theater 3000 binge-fest didn’t scratch your itch, we’ve got good news for you: Netflix is renewing the show’s revival MST3K: The Return for a second season (and the 12th season overall). A brief announcement video (featuring series creator Joel Hodgson, current host Jonah Ray, and Felicia Day) hit YouTube shortly after Shout Factory’s annual Turkey Day marathon — which diehards no doubt tuned in to for Thanksgiving b-movie wisecracks. If you’re planning to make it a MST3K -themed weekend, you can still catch the 20 classic episodes stocked on Netflix. Or, maybe you’re saving a box set or two for the occasion. After all, nothing says Thanksgiving like robots sending up Space Mutiny . Source: Mystery Science Theater 3000 (YouTube)

See the original post:
‘MST3K’ will mock B movies for another season on Netflix

Museum of African American History is freely digitizing home movies

Humanity has access to more data than ever before, but there’s still so much media scattered around the world that might rot away before it can be preserved. The National Museum of African American History and Culture is launching an initiative to save some of the most precious — home movies — by digitizing, for free, any and all films that folks want to bring in to the Washington, DC institution. The Great Migration home movie project will set up service on the museum’s second floor, and visitors can make an appointment to have their media safely stored in digital form. The team can digitize a range of formats, from 16mm and 8mm home video to obsolete tape-based mediums like MiniDV, Betacam and VHS to audio recordings. Home movies offer real insight into the lives of African Americans that popular films and television from the day don’t offer, the museum wrote in its post on the project: “While major motion picture film and television historically lacked diverse representation, black history was instinctively being preserved in everyday home movies. Today, these personal narratives serve as an invaluable tool for understanding and re-framing black moving image history, and provide a much needed visualization of African American history and culture. Just as the museum explores what it means to be an American and share how American values like resiliency, optimism, and spirituality are reflected in African American history and culture; these films are a moving image record of these values in practice.” Via: Blavity Source: The National Museum of African American History and Culture

Google voice recognition could transcribe doctor visits

Doctors work long hours, and a disturbingly large part of that is documenting patient visits — one study indicates that they spend 6 hours of an 11-hour day making sure their records are up to snuff. But how do you streamline that work without hiring an army of note takers? Google Brain and Stanford think voice recognition is the answer. They recently partnered on a study that used automatic speech recognition (similar to what you’d find in Google Assistant or Google Translate) to transcribe both doctors and patients during a session. The approach can not only distinguish the voices in the room, but also the subjects. It’s broad enough to both account for a sophisticated medical diagnosis and small talk like the weather. Doctors could have all the vital information they need for follow-ups and a better connection to their patients. The system is far from perfect. The best voice recognition system in the study still had an error rate of 18.3 percent. That’s good enough to be practical, according to the researchers, but it’s not flawless. There’s also the matter of making sure that any automated transcripts are truly private and secure. Patients in the study volunteered for recordings and will have their identifying information scrubbed out, but this would need to be highly streamlined (both through consent policies and automation) for it to be effective on a large scale. If voice recognition does find its way into doctors’ offices, though, it could dramatically increase the effectiveness of doctors. They could spend more time attending patients and less time with the overhead necessary to account for each visit. Ideally, this will also lead to doctors working more reasonable hours — they won’t burn out and risk affecting their judgment through fatigue. Via: 9to5Google Source: Google Research Blog , ArXiv.org

See the original article here:
Google voice recognition could transcribe doctor visits

DOJ names Iranian as hacker who stole unaired episodes from HBO

Enlarge / Acting US Attorney Joon H. Kim speaks during a press conference at the US Attorney’s Office, Southern District of New York, on September 26, 2017. (credit: Kevin Hagen/Getty Images ) On Tuesday, federal authorities in New York indicted Behzad Mesri, an Iranian citizen, accusing him of hacking HBO earlier this year. Seeing as Iran and the United States lack an extradition treaty, it is unlikely that Mesri will be sent to the United States to face the charges, unless he somehow decides to come to the states of his own volition. According to prosecutors, Mesri stole unaired episodes of Game of Thrones , Curb Your Enthusiasm , and other popular shows. He then allegedly demanded a ransom of $5.5 million, payable in Bitcoin. Read 3 remaining paragraphs | Comments

Taken from:
DOJ names Iranian as hacker who stole unaired episodes from HBO

Report: Uber paid hackers $100,000 to keep 2016 data breach quiet

Enlarge (credit: Jaap Arriens/NurPhoto via Getty Images ) In a public statement, Uber has announced that it sustained a massive data breach in 2016: 57 million customers’ and drivers’ names, e-mail addresses, and phone numbers were compromised. According to Bloomberg , no trip location info, credit card information, or Social Security numbers was taken. Uber did not immediately respond to Ars’ request for comment. Read 7 remaining paragraphs | Comments

Original post:
Report: Uber paid hackers $100,000 to keep 2016 data breach quiet

PC vendors scramble as Intel announces vulnerability in firmware

Enlarge / All the Cores are affected by a major vulnerability in management firmware—as are Xeon servers and Atom, Celeron and Pentium devices. (credit: Intel ) Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms is vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel’s security team stated that “in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.” Four vulnerabilities were discovered that affect Intel Management Engine firmware versions 11.0 through 11.20. Two were found in earlier versions of ME, as well as two in Server Platform Services version 4.0 firmware and two in TXE version 3.0. Read 3 remaining paragraphs | Comments

See the original article here:
PC vendors scramble as Intel announces vulnerability in firmware

Uber fined $8.9 million for hiring drivers with criminal records

Uber has notorious issues when it comes to its background checks for its drivers. The company has missed (or outright ignored) criminal records in the past; earlier this year, over 8, 000 Uber and Lyft drivers failed a Massachusetts background check . It appears that these issues haven’t improved much; this week, Colorado regulators fined Uber for allowing 57 people with criminal offenses to drive for the company. The penalty totals $8.9 million, reports the Denver Post . Back in 2014, the San Francisco and Los Angeles District Attorneys offices sued Uber for misleading consumers by claiming that the company conducts thorough background checks of its drivers . The company has gotten in hot water countless times due to its lax approach when it comes to this issue. The organization in charge of the Colorado investigation, the Public Utilities Commission (PUC), determined that Uber had the necessary background information on these drivers, yet chose to do nothing. Instead, the drivers should have been disqualified. The investigation started because the police department in Vail referred a case to the PUC in which an Uber driver dragged a passenger out of the car and kicked him in the face. The PUC then asked Uber and Lyft for all records of drivers accused, arrested or convicted of any crimes that would prevent them from being accepted as a driver. Lyft provided 15–20 records; there were no problems there. Uber provided 107 records of drivers that had been removed from its system; when the PUC cross-checked the names, they found multiple aliases for 57 of the drivers with criminal records. The fine based on $2, 500 per driver per day they were working for Uber. The real issue here is that these drivers with criminal background checks (the PUC set aside people who only had drivers license issues) are being entrusted to drive passengers around. These kinds of problems are putting passengers in danger, and it’s well past time that Uber did something about it. Source: Denver Post

See the original article here:
Uber fined $8.9 million for hiring drivers with criminal records

Over 400 of the World’s Most Popular Websites Record Your Every Keystroke

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn’t new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled “No Boundaries, ” three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers’ findings. If you accidentally paste something into a form that was copied to your clipboard, it’s also recorded. These scripts, or bits of code that websites run, are called “session replay” scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don’t just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don’t run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can’t “reasonably be expected to be kept anonymous, ” according to the researchers. Read more of this story at Slashdot.

Tech Today w/ Ken May

Author: kenmay