Steve Wozniak Now Afraid of AI Too, Just Like Elon Musk

SlashdotSteve Wozniak maintained for a long time that true AI is relegated to the realm of science fiction. But recent advances in quantum computing have him reconsidering his stance. Just like Elon Musk, he is now worried about what this development will mean for humanityWill this kind of fear actually engender the dangers that these titans of industry fear? Will Steve Wozniak draw the same conclusion and invest in quantum comuting to keep an eye on the development? One of the bloggers in the field thinks that would be a logical step to take. If you can't beat'em, and the quantum AI is coming, you should at least try to steer the outcome.
Woz actually seems more ambivalent than afraid, though: in the interview linked, he says "I hope [AI-enabling quantum computing] does come, and we should pursue it because it is about scientific exploring." "But in the end we just may have created the species that is above us."

Read more of this story at Slashdot.

Dell support tool put PCs at risk of malware infection

ComputerworldAttackers could have remotely installed malware on systems running a flawed Dell support tool used to detect customers' products.

A security researcher discovered the flaw in November and reported it to the PC manufacturer, which patched it in January. However, it's not clear if the fix closed all avenues for abuse.

The application, called Dell System Detect, is offered for download when users click the "Detect Product" button on Dell's support site for the first time. It is meant to help the website automatically detect the user's product -- more specifically its Service Tag -- so that it can offer the corresponding drivers and resources.

To read this article in full or to leave a comment, please click here

Android Installer Hijacking Vulnerability Could Expose Android Users to Malware

Researchers have discovered a widespread vulnerability in Google’s Android OS we are calling “Android Installer Hijacking,” estimated to impact 49.5 percent of all current Android users. In detail:
  • Android Installer Hijacking allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge. This only affects applications downloaded from third-party app stores.
  • The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data.
  • Palo Alto Networks worked with Google and major manufacturers such as Samsung and Amazon to inform them of the vulnerability and issue patches for their devices.

Please read on at:

http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/

FTC: Google Altered Search Results For Profit

We've always suspected that Google might tweak its search algorithms to gain an advantage over its rivals — and, according to an FTC investigation inadvertently shared with the Wall Street Journal, it did. Quoting: "In a lengthy investigation, staffers in the FTC's bureau of competition found evidence that Google boosted its own services for shopping, travel and local businesses by altering its ranking criteria and "scraping" content from other sites. It also deliberately demoted rivals. For example, the FTC staff noted that Google presented results from its flight-search tool ahead of other travel sites, even though Google offered fewer flight options. Google's shopping results were ranked above rival comparison-shopping engines, even though users didn't click on them at the same rate, the staff found. Many of the ways Google boosted its own results have not been previously disclosed.

/.
http://tech.slashdot.org/story/15/03/20/1639215/ftc-google-altered-search-results-for-profit

At least 700K routers given to customers by ISPs can be hacked

ComputerworldMore than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

Most of the routers have a "directory traversal" flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn't new and has been reported by multiple researchers since 2011 in various router models.

Security researcher Kyle Lovett came across the flaw a few months ago in some ADSL routers he was analyzing in his spare time. He investigated further and unearthed hundreds of thousands of vulnerable devices from different manufacturers that had been distributed by ISPs to Internet subscribers in a dozen countries.

To read this article in full or to leave a comment, please click here

Apple secures Safari against FREAK attacks

Computerworld

Apple on Monday patched the FREAK flaw in both OS X and iOS, issuing updates for both operating systems to protect users of its Safari browser.

In a pair of accompanying advisories, Apple noted the FREAK fix as one of several in iOS 8.2 and OS X Yosemite, Mavericks and Mountain Lion. The OS X update was labeled 2015-002 to identify it as a multi-edition fix.

"Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites," Apple stated in both advisories. "This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys."

To read this article in full or to leave a comment, please click here

Tool allows account hijacking on sites that use Facebook Login [feedly]

Computerworld

new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.

The tool, dubbed Reconnect, was released last week by Egor Homakov, a researcher with security firm Sakurity. It takes advantage of a cross-site request forgery (CSRF) issue in Facebook Login, the service that allows users to log in on third-party sites using their Facebook accounts.

Homakov disclosed the issue publicly on his personal blog in January 2014, after Facebook declined to fix it because doing so would have broken compatibility with a large number of sites that used the service.

To read this article in full or to leave a comment, please click here

Google Ventures and the Search for Extending human lifespan to 500 years and beyond

Bill Maris has $425 million to invest this year, and the freedom to invest it however he wants. He's looking for companies that will slow aging, reverse disease, and extend life. "If you ask me today, is it possible to live to be 500? The answer is yes," Bill Maris, president and managing partner of Google Ventures, said one January afternoon in Mountain View, California. 

Google Ventures has close to $2 billion in assets under management, with stakes in more than 280 startups. Each year, Google gives Maris $300 million in new capital, and this year he'll have an extra $125 million to invest in a new European fund. That puts Google Ventures on a financial par with Silicon Valley's biggest venture firms, which typically put to work $300 million to $500 million a year. According to data compiled by CB Insights, a research firm that tracks venture capital activity, Google Ventures was the fourth-most-active venture firm in the U.S. last year, participating in 87 deals.

Google has spent hundreds of millions of dollars backing a research center, called Calico, to study how to reverse aging, and Google X is working on a pill that would insert nanoparticles into our bloodstream to detect disease and cancer mutations.


Read more » at Next Big Future

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability since 2010

A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnetfailed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.

Read more of this story at Slashdot.

Subscribe to: Posts (Atom)