Slashdot Mirror

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they're captured, with about 20 million hours of video stored at any one time. "We soon found it impossible to process such volumes of data by police officers alone," said Artem Ermolaev, head of the department of information technology in Moscow. "We needed an artificial intelligence to help find what we are looking for." Moscow says the city's centralized surveillance network is the world's largest of its kind. The U.K. is one of the most notorious for its use of CCTV cameras but precise figures are difficult to obtain. However, a 2013 report by the British Security Industry Association estimated there were as many as 70,000 cameras operated by the government across the nation.

British inventor Sir James Dyson has announced plans to build an electric car that will be "radically different" from current models and go on sale in 2020. The Guardian reports: The billionaire who revolutionized the vacuum cleaner said 400 engineers in Wiltshire had been working since 2015 on the 2.5 billion British pound project. No prototype has yet been built, but Dyson said the car's electric motor was ready, while two different battery types were under development that he claimed were already more efficient than in existing electric cars. Dyson said consumers would have to "wait and see" what the car would look like: "We don't have an existing chassis [...] We're starting from scratch. What we're doing is quite radical." However, he said the design was "all about the technology" and warned that it would be an expensive vehicle to purchase. While he did not name a price, he said: "Maybe the better figure is how much of a deposit they would be prepared to put down."

Last week, a lawyer for Uber said Waymo was seeking about $2.6 billion from the company for the alleged theft of one of several trade secrets in a lawsuit over self-driving cars. Over the weekend, Waymo filed a document with the court noting that the correct figure was actually $1.859 billion. TechCrunch reports: It's not clear why this seemingly important detail was left uncorrected for nearly a week. The filing also includes some additional clarification around the way in which the damages figure was calculated. Though Waymo is arguing that nine trade secrets were put in jeopardy by Anthony Levandowski, it is seeking a maximum of $1.8 billion in damages. That figure is the value that Waymo is attributing to a single trade secret -- trade secret 25. The other eight secrets are being individually valued at less than $1.8 billion. Consequently, Waymo is capping the damages at the value of its most valuable compromised trade secret. Waymo's attorneys note that the $1.8 billion figure was calculated based on an estimate of "Uber's unjust enrichment from Uber's trade secret misappropriation." Waymo continues that the damages are based on Uber's own profitability forecasts of deploying autonomous vehicles into its ridesharing business.

AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

An anonymous reader quotes a report from The Guardian: Children inherit four times as many new mutations from their fathers than their mothers, according to research that suggests faults in the men's DNA are a driver for rare childhood diseases. Researchers studied 14,000 Icelanders and found that men passed on one new mutation for every eight months of age, compared with women who passed on a new mutation for every three years of age. The figures mean that a child born to 30-year-old parents would, on average, inherit 11 new mutations from the mother, but 45 from the father. Kari Stefansson, a researcher at the Icelandic genetics company, deCODE, which led the study, said that while new mutations led to variation in the human genome, which is necessary for evolution to happen, "they are also believed to be responsible for the majority of cases of rare diseases in childhood." In the study published in Nature, the researchers analyzed the DNA of 1,500 Icelanders and their parents and, for 225 people, at least one of their children. They found that new mutations from mothers increased by 0.37 per year of age, a quarter of the rate found in men. While the vast majority of new mutations are thought to be harmless, occasionally they can disrupt the workings of genes that are important for good health.

Alphabet's Waymo unit is seeking about $2.6 billion from Uber for the alleged theft of one of several trade secrets in a lawsuit over self-driving cars, a lawyer for Uber said on Wednesday. From a report: Uber attorney Bill Carmody disclosed the figure in a hearing in federal court in San Francisco, where both companies are discussing whether a trial in the case will begin next month. Waymo has asserted claims that Uber stole several of its trade secrets. The total amount of Waymo's damages request was not publicly disclosed at the hearing on Wednesday. Waymo claimed in a lawsuit earlier this year that former engineer Anthony Levandowski downloaded more than 14,000 confidential files before leaving to set up a self-driving truck company, which Uber acquired soon after.

An anonymous reader shares a report from TechCrunch, adding: "Is the world ready for flying cars? Sebastian Thrun, the supposed godfather of autonomous driving, and several other tech investors seem to think so." From the report: At TechCrunch Disrupt SF 2017, Thrun talked a lot about flying cars and how that was the future of transportation. So did GGV's Jenny Lee, a prolific investor in China. And so did Steve Jurvetson, one of the original investors in SpaceX. The technical backbone for flying cars seems to be there already -- with drones becoming ever-present and advancements in AI and self-driving cars -- but the time is coming soon that flying cars will be the primary mode of transportation. "I can't envision a future of highways [and being] stuck in cars," Thrun said. "I envision a [future] where you hop in a thing, go in the air, and fly in a straight line. I envision a future where Amazon delivers my food in the air in five minutes. The air is so free of stuff and is so unused compared to the ground, it has to happen in my opinion."

Cars today are forced to move on a two-dimensional plane (ramps, clover intersections and tunnels set aside), and while self-driving cars would make it easier for cars to talk to each other and move more efficiently, adding a third dimension to travel would make a lot of sense coming next. Thrun pointed to airplane transit, which is already a "fundamentally great mass transit system." Jurvetson said he was actually about to ride in a flying car before he "watched it flip over" before arriving to talk about some of the next steps in technology onstage. So, there's work to be done there, but it does certainly seem that all eyes are on flying cars. And that'll be enabled by autonomous driving, which will probably allow flying cars to figure out the most efficient paths from one point to the next without crashing into each other. Lee said that China is closely analyzing changes in transportation, which might end up leading to flying cars. "I do want to highlight that there's going to be huge disruption within the transportation ecosystem in China," Lee said. "Cars going from diesel to electric. China has about 200 million install base of car ownership. In 2016, only 1 million cars are electric. The Chinese government hopes to install 5 million parking lots that are electric... Even the Chinese OEMs are buying into flying taxis."

sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles.

Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Slashdot reader eatvegetables writes: The U.S. National Security Agency launched Codebreaker Challenge 2017 Friday night (Sept 15) at 9 p.m. EST. It started off as a reverse-engineering challenge a few years ago but has grown in scope to include network analysis, reverse-engineering, and vulnerability discovery/exploitation.

This year's challenge story centers around hackers attacking critical "supervisory control and data acquisition" (SCADA) infrastructure. Your mission, should you choose to accept it, is to figure out how the SCADA network is being attacked, find the attack vector(s), and stop the bad guy(s)/gal(s)/other(s).

Codebreaker-Challenge is unusual for capture-the-flag(ish) contests due to the scope/number of challenges and how long the contest runs (now until end of year). Also (this year, at least), the challenge is built around a less than well-known networking protocol, MQTT. It's open to anyone with a school.edu email address. A site leader-board shows which school/University has the most l33t students. Carnegie Mellon and Georgia Institute of Tech are at the top of the leader-board as of Saturday morning.
Last year, 3,300 students (from 481 schools) participated, with 15 completing all six tasks. One Carnegie Mellon student finished in less than 18 hours.

A resources page offers "information on reverse engineering," and the NSA says the first 50 students who complete all the tasks ths year will receive a "small token" of appreciation from the agency.

A new report by eMarketer predicts that 22.2 million U.S. adults will have cut the cord on cable, satellite or telco TV service by the end of 2017, which is up 33% over 2016. It also notes that ad investment will expand just 0.5% to $71.65 billion this year, down from the $72.72 billion predicted in the company's original first quarter forecast for 2017. From a report via DSLReports: This year, there will be 22.2 million cord-cutters ages 18 and older, a figure up 33.2% over 2016. That's notably higher than the 15.4 million eMarketer previously estimated. The total number of U.S. adult cord-nevers (users that have never signed up for a traditional cable TV connection) will grow 5.8% this year to 34.4 million. Note that eMarketer's numbers don't include streaming options from the likes of Dish (Sling TV) or AT&T (DirecTV Now), though so far gains in subscribers for these services haven't offset the decline in traditional cable TV subscribers anyway.

A lawsuit (PDF) filed Tuesday in U.S. District Court in Oakland, California, recounts the frustrations of five plaintiffs who found that Apple's Powerbeats 2 and Powerbeats 3 headphones did not perform as advertised. They are also claiming the company is refusing to honor warranty commitments to repair or replace the failed units. The Register reports: The complaint seeks $5,000,000 in damages and class action certification, in order to represent thousands of similarly afflicted Beats customers who are alleged to exist. "In widespread advertising and marketing campaigns, Apple touts that its costly Powerbeats (which retail for $199.95) are 'BUILT TO ENDURE' and are the 'BEST HEADPHONES FOR WORKING OUT,'" the complaint says. "But these costly headphones are neither 'built to endure' nor 'sweat & water resistant,' and certainly do not have a battery that lasts for six or twelve hours. Instead, these shoddy headphones contain a design defect that causes the battery life to diminish and eventually stop retaining a charge."

The complaint attributes the shoddiness of Apple's Powerbeats headphones to cheap components. Citing an estimate in a recent Motley Fool article, the complaint contends that Apple's Beats Solo headphones cost $16.89 to make and retail for $199.95: a markup of more than 1,000 per cent. That figure actually comes from a Medium post by Avery Louie, from hardware prototyping biz Bolt.

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.

Details of new iPhones and other forthcoming Apple devices have been revealed via an apparent leak. From a report: Two news sites were given access to an as-yet-unreleased version of the iOS operating system. The code refers to an iPhone X in addition to two new iPhone 8 handsets. It also details facial recognition tech that acts both as an ID system and maps users' expressions onto emojis. One tech writer said it was the biggest leak of its kind to hit the firm. [...] "As best I've been able to ascertain, these builds were available to download by anyone, but they were obscured by long, unguessable URLs [web addresses]," wrote John Gruber, a blogger known for his coverage of Apple. "Someone within Apple leaked the list of URLs to 9to5Mac and MacRumors. I'm nearly certain this wasn't a mistake, but rather a deliberate malicious act by a rogue Apple employee." Neither Mr Gruber nor the two Apple-related news sites have disclosed their sources. However, the BBC has independently confirmed that an anonymous source provided the publications with links to iOS 11's golden master (GM) code that downloaded the software from Apple's own computer servers. It's a big blow to Apple, which uses surprise as a key element at its events. The leak could take some wind out of its sails as it looks to wow consumers. In 2012, Tim Cook had said the company was planning to "double down on secrecy." At the quarterly earnings call, he blamed the leaks about the upcoming iPhone models as one of the reasons that slowed down the sales of current generation iPhone models. However, an analysis published over the weekend found that Apple itself has been the source of several of these leaks in the years since. Earlier this year, the company held a meeting to boast about its internal progress to curb leaks. The hour-long recording of the meeting ironically got leaked. Nearly all details, except the final press renders of the new iPhone models, have leaked. In a subsequent post, Gruber wrote: The BBC doesn't say definitively that the leak was sent by an Apple employee, but I can state with nearly 100 percent certainty that it was. I also think there's a good chance Apple is going to figure out who it was. [...] That person should be ashamed of themselves, and should be very worried when their phone next rings. Moments ago, 9to5Mac reported about a new tvOS firmware leak, which appeared "to be out in the wild today" that details the upcoming features of the next generation Apple TV streaming device.

IBM will spend $240 million over 10 years to develop an artificial intelligence research lab with the Massachusetts Institute of Technology, pooling the organizations' resources as competition intensifies to produce breakthroughs in the field. Bloomberg reports: The MIT-IBM Watson AI Lab will fund projects in four broad areas, including creating better hardware to handle complex computations and figuring out applications of AI in specific industries, the Armonk, New York-based company said Thursday in a statement. While IBM has always conducted long-term research internally, it decided AI was such a vast field that it needed to reach out for talent and ideas, said John Kelly, the head of International Business Machines Corp.'s research and cognitive solutions groups, which includes Watson products. While researchers will focus on long-term innovations in artificial intelligence, IBM will also be looking for developments -- a new medical imaging algorithm, say -- that it can immediately plug into its existing products. Big Blue expects to see results that boost its Watson-branded AI business in the next year or two, Kelly said. The plan is to change the focus and number of teams as needed to produce results, he said. The partnership underscores IBM's focus on building a business selling AI software, a strategy that requires clients to adopt such products and the company to develop offerings that add actual business value and are competitive with juggernauts in artificial intelligence, including Microsoft Corp. and Alphabet. IBM and MIT will jointly own the intellectual property that results from the projects conducted together. The company also has the option to buy out MIT for full ownership, Kelly said.

According to analysis by consulting firm Counterpoint Research, China's leading smartphone marker, Huawei, surpassed Apple's global smartphone sales for the first time in June and July. The company is only behind Samsung in sales. The Verge reports: Figures haven't been released yet for August, though Counterpoint indicates sales for that month also look strong. However, it's worth noting that with Apple's new iPhone releases just around the corner, the iPhone maker is almost certain to get back on top in September. Researchers at Counterpoint also point out that Huawei has a weak presence in the South Asian, Indian, and North American markets, which "limits Huawei's potential to the near-to-mid-term to take a sustainable second place position behind Samsung." Its strongest market is China, and it's also popular in Europe, Latin America, and the Middle East. Still, Apple doesn't have much to worry about; Counterpoint says the iPhone 7 and 7 Plus remain the world's best-selling smartphones, while Oppo's R11 and A57 claimed the third and fourth spots, respectively, followed by Samsung's Galaxy S8, Xiaomi's Redmi Note 4X, and Samsung's Galaxy S8 Plus. Surprisingly, despite overtaking Apple in global sales, none of Huawei's phones appear on the Top 10 list.

Facebook claims its ads have the potential to reach more people than recent U.S. census data shows exist, and that's troublesome for one analyst, who thinks third-party measurement services stand to benefit. From a report: Recently, Pivotal Research Group analyst Brian Wieser was intrigued by a trade publication study in Australia that said Facebook was claiming to reach 1.7 million more 16- to 39-year olds than actually existed in the country, according to Australian census data. In reproducing the study for the U.S., Wieser said Facebook's Ads Manager claims it can potentially reach 41 million 18- to 24-year-olds, 60 million 25- to 34-year-olds, and 61 million 35- to 49-year-olds. The problem arises when Wieser pulls up U.S. Census data from a year ago, showing 31 million 18- to 24-year-olds, 45 million 25- to 34-year-olds, and 61 million 35- to 49-year-olds. The upshot: Where is Facebook getting the extra 25 million 18- to 34-year-olds that the U.S. census did not count? "Conversations with agency executives on this topic indicate to us that the gap between Facebook and census figures is not widely known," Wieser said. "While Facebook's measurement issues won't necessarily deter advertisers from spending money with Facebook, they will help traditional TV sellers justify existing budget shares and could restrain Facebook's growth in video ad sales on the margins."

The Trump administration said on Tuesday it plans to scrap a program that allows about 800,000 undocumented immigrants who came to the US as children to stay and work in the country, shrugging off criticism from within the president's own party and prominent business figures. From a report: The Trump administration is essentially leaving Congress a six-month window of time to try to save it. The legal shield is known as Deferred Action for Childhood Arrivals, or DACA, and since its enactment in 2012, it has allowed roughly 800,000 undocumented young adults to live in the United States and obtain work authorizations every two years. [...] In practice, implementation is complicated. Those previously approved under DACA, with the permission to work in the United States, can continue to work without interruption until those approvals expire. And those who have already applied for protection or are seeking renewals will still have their applications considered by the U.S. government. For those whose permits are set to expire before March 5, 2018, though, the U.S. government will also allow them to renew their DACA status -- provided their applications are received before Oct. 5, 2017. Currently, there are about 201,000 young adults whose authorizations are set to expire this year, officials at the Department of Homeland Security explained Tuesday.

Tech giants like Apple, Facebook and Google are no doubt going to blast the Trump administration's decision: Last week, those executives joined more than 400 other business leaders in calling on the president to preserve DACA. Apple CEO Tim Cook, who previously (and privately) pressed Trump on the issue, said on Sunday that 250 of his "co-workers" would be affected by the change. Microsoft indicated that about 27 workers spanning fields like finance and sales would be hurt from Trump's move. Zuckerberg said, "This is a sad day for our country. The decision to end DACA is not just wrong. It is particularly cruel to offer young people the American Dream, encourage them to come out of the shadows and trust our government, and then punish them for it."

An anonymous reader shares a report from Mashable, written by Kerry Flynn: "I mean if Mashable wants to pay for it, I can get you a blue check over night," reads a recent Twitter direct message. This is a guy who knows a guy, a middleman in the black market for Instagram verification, where anyone from a seasoned publicist to a 22-year-old digital marketer will offer to verify an account -- for a price. The fee is anywhere from a bottle of wine to $15,000, according to a dozen sources who have sold verification, bought verification for someone else, or directly know someone who has done one or the other. "These guys pay all their bills from one to two blue checks a month," another message from the middleman added later. The product for sale isn't a good or a service. It's a little blue check designated for public figures, celebrities, and brands on Instagram. It grants users a prime spot in search as well as access to special features. More importantly, it's a status symbol. But it's clear from people who spoke on the condition of anonymity, many of whom have their own blue checkmarks, that a black market for Instagram verification is alive and well. "Instagram has helped create this underground market," the report adds. "While anyone can apply for verification on Facebook and on Twitter, Instagram has made itself exclusive and therefore rather elitist. Influencers who have press clippings and work with big brands on sponsorship deals often can't manage to get that elusive blue checkmark, according to several verified and unverified influencers and people who have sold verification."

Instagram has revealed a flaw in its systems revealed "a number of" stars' phone numbers and email addresses to cyber-attackers. From a report: The Facebook-owned social network has emailed verified members, usually prominent figures, to let them know. It said it believed "one or more" attackers had targeted high-profile stars to get their contact information. Instagram said passwords had not been stolen but warned users to watch for suspicious activity on their accounts. However, it did not say which accounts had been affected. The security breach was made possible due to a bug in the company's own software.

An anonymous reader quotes a report from Krebs On Security: A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle "WireX," an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat. News of WireX's emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google's Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.

Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.