Wednesday, May 04, 2016

Simple exploits use images to attack websites


Would-be hackers don't always have to jump through hoops to bring down a website. Researchers have discovered relatively simple exploits in ImageMagick, a common package for processing pictures on the web, that let attackers run any code they like on a targeted server. If someone uploads a maliciously coded image and ImageMagick handles it, they could theoretically compromise both the site and anyone who visits it. That's particularly dangerous for forums and social networks, where user uploads are par for the course -- a vengeful member could wreck the site for everyone.

Thankfully, there are fixes. The ImageMagick team is closing the security holes within the next few days, and it's possible to thwart at least some attacks by either verifying the integrity of images or using a policy file to disable the susceptible features. The concerns are that these safeguards won't cover everything, or that website owners won't rush to shore up their defenses. It could be a while before you can assume that your favorite social sites are protected.

Via: Ars Technica

Source: ImageTragick, ImageMagick


Tuesday, May 03, 2016

Hacker who stole from banks ordered to pay $7 million


A hacker whose creation stole bank account details from over a million computers across the globe has been ordered to pay $6.9 million. Nikita Kuzmin from Russia is one of the three architects of the Gozi virus, which infects computers through PDF files. People unwittingly install it on their machines by downloading a PDF file they receive that's relevant to their interests. Authorities first identified Gozi back in 2007, but by the time they did, Kuzmin and his cohorts had already siphoned millions of dollars from people's accounts.

The feds' computer experts identified a server that contains 10,000 bank account details pilfered from 5,200 computers, 160 of which belongs to NASA. Besides stealing money himself, Kuzmin also rented out the Gozi virus to other hackers for $500 a week. He earned $250,000 from that particular venture. However, Kuzmin helped authorities out with other investigations while he was in jail for 37 months back in 2011. While the DOJ didn't release the details of how he contributed, it's clear whatever he did worked: he didn't get additional jail time.

Source: Department of Justice, Bloomberg, Reuters


HP's new Pavilion PCs include a 15-inch hybrid laptop


Spring is well underway, and that can only mean one thing for HP: time to unveil a wave of new home PCs. The company has trotted out a host of new Pavilion PCs that pack both obligatory upgrades -- thinner, faster and new colors -- as well as a few welcome improvements. The highlight by far is the Pavilion x360 line of convertible laptops, which gets a larger 15.6-inch model (above) on top of the existing 11.6- and 13.3-inch versions. Yes, HP's most affordable hybrid is now big enough to replace larger portables. You'll also find slimmer designs for the two smaller versions, optional keyboard backlights on the two larger systems and your pick of current Intel chips ranging from a Celeron to a Core i7. When the Pavilion x360 updates arrive from May 15th through May 29th, prices will start at a frugal $380 for the 11.6-inch PC, $480 for a 13.3-inch version and a not-too-shabby $580 for the 15.6-inch model.

There's more to the refresh than that, of course. The more conventional Pavilion line is slimming down at the 14- and 15.6-inch sizes, and the larger systems (including the 17.3-incher) can carry the latest Intel Core i7 or AMD A12 processors, up to 16GB of RAM and storage that can include both a 128GB SSD and a 2TB hard drive. Systems start showing up as soon as May 18th, with prices starting at $540 for a 14-incher, $580 for the 15.6-inch Pavilion and $900 for the 17.3-inch behemoth.

On the desktop side of things? Some Pavilion All-in-Ones now carry a "micro edge" display that cuts the border thickness by 75 percent, and there's an optional RealSense camera for both gesture commands and signing in with face detection. A new Pavilion Desktop, meanwhile, is 30 percent smaller than its ancestor while sporting up to a Core i7 or AMD A12, 16GB of RAM, 3TB of storage and budget GeForce GTX 750i or Radeon R7 graphics. The all-in-ones first show up between July 3rd and July 10th with prices starting at $700 for a 23.8-inch display and $1,000 for 27 inches. The Pavillion Desktop hits on June 26th for $450, and it'll be joined at the same time by a 32-inch quad HD Pavilion Display that sells for $400.

Source: HP


Thursday, April 21, 2016

Opera is the first big web browser with a built-in VPN


If you've wanted to use a virtual private network to improve your web privacy or (let's be honest) dodge content restrictions, you've usually had to either install a third-party client or use a relatively niche browser with the feature built-in. As of today, though, you have a more mainstream option: Opera has released a developer version of its desktop web browser with native VPN support. You only have to flick a virtual switch to get a 256-bit encrypted connection that hides your connection details and prevents sites or governments from blocking content they don't want you to see.

The preview version only gives you three simulated locations for the VPN (Canada, Germany and the US), so this won't give you access to a whole lot until the finished browser is ready. However, the VPN is free. If all you want is to access a forbidden streaming service or make it harder for snoops to monitor your traffic, this might be your easiest and most affordable solution.

Source: Opera


Monday, April 18, 2016

Flexible lens sheets could change way cameras see


Cameras are already embedded in a lot of devices, but what you could wrap them around things like a "skin?" That's the premise of "flexible sheet cameras" developed by scientists at Columbia University. Rather than having just a single sensor, the devices use an array of lenses that change properties when the material is bent. The research could lead to credit card-sized, large-format cameras that you zoom by bending, or turn objects like cars or lamp posts into 360-degree VR cameras.

In order to create a wraparound camera, the team first considered attaching tiny lenses to single pixel-sized sensors, a tact that's been tried before on curved surfaces. However, they realized that when bent, such an array would have gaps between sensors that would produce artifacts in the final image. Instead, they created flexible silicon sheets with embedded lenses that distort and change their focal lengths when bent. The resulting prototype has no blank spots, even with significant curvature, so it can capture images with no aliasing.

The team flexed the prototype sheet -- with a 33x33 lens array -- in a predictable way, allowing them to produce clean (though low resolution) images. However, if the amount of deformation isn't known, the system produces random and irregular images. For instance, they created a simulated camera based on a larger, more flexible sheet that produces a hilariously distorted image (above) when when draped on an object.

However, the goal is to eventually measure the amount of deformation with built-in stress sensors, then calculate the sheet's geometry to produce a clean image. While the current prototype is very low-res, it proves that the concept is viable, so the team plans to "develop a high resolution version of the lens array and couple it with a large format image sensor." Eventually, the sheet camera could result in sensitive large format cameras that produce very high dynamic range images. If you want to be more futuristic, the tech could even turn household objects and wearables into giant image sensors. Invisibility cloaks for all?

Via: Digital Trends

Source: Columbia University


AI-powered cameras make thermal imaging more accessible


As cool as thermal cameras may be, they're not usually very bright -- they may show you something hiding in the dark, but they won't do much with it. FLIR wants to change that with its new Boson thermal camera module. The hardware combines a long wave infrared camera with a Movidius vision processing unit, giving the camera a dash of programmable artificial intelligence. Device makers can not only use those smarts for visual processing (like reducing noise), but some computer vision tasks as well -- think object detection, depth calculations and other tasks that normally rely on external computing power.

You'll have to wait for companies to integrate Boson before you see it in products you can buy. However, its mix of AI and compact size could bring smart thermal imaging to gadgets where it's not normally practical, such as home security systems, drones and military gear. You may well see a surge in devices that can recognize the world around them in any lighting condition -- even in total darkness.

Source: FLIR, MarketWired (Yahoo)


Tuesday, April 12, 2016

Experts crack nasty ransomware that locks your PC and your backup


Petya, a brutal piece of malware, surfaced two weeks ago. It's a mean bit of crypto-extortion that hits its victims where it hurts: right in your startup drive. Because it encrypts your master boot file, if attacked, not only will you be unable to start up your PC and not even access your startup disk. Eeesh. Fortunately, there's help. Leostone has come up with a tool that creates the password needed to unlock your startup disk. It's not all that simple, however.

You'll need to remove the startup drive and connect it to a separate (not infected) Windows PC, and then pull some specific bits of data to plug into this web app — and craft your password. (There's also another free tool that can grab the necessary data nuggets here.) From there, you'll be able to decrypt that all-important master boot file — and forever learn the lesson of vigilance when it comes to possibly fake CHKDSK antics.

Source: Ars Technica, Twitter (@Leo_and_stone)


Monday, April 11, 2016

Solar cell generates power from raindrops


Rain is normally a solar energy cell's worst nightmare, but a team of Chinese scientists could make it a tremendous ally. They've developed a solar cell with an atom-thick graphene layer that harvests energy from raindrops, making it useful even on the gloomiest days. Water actually sticks to the graphene, creating a sort of natural capacitor -- the sharp difference in energy between the graphene's electrons and the water's ions produces electricity.

The catch is that the current technology isn't all that efficient. It only converts about 6.5 percent of the energy it gets, which pales in comparison to the 22 percent you see among the world's better solar panels. If the creators can improve the performance of this graphene-coated cell, though, they could have a dream solution on their hands -- you wouldn't have to live in a consistently sunny part of the world to reduce your dependency on conventional power.

Via: Science News Journal

Source: Wiley Online Library


Friday, April 08, 2016

State-run healthcare websites aren't as secure as you'd think


Health insurance websites in California, Kentucky and Vermont apparently aren't as secure as they should be. According to the Associated Press, based on the vulnerabilities found by the Government Accountability Office, other states' health care websites could be just as ripe for intrusions. Without naming names, the GAO reported that one state didn't encrypt passwords, another didn't have the right type of encryption server-side and the last anonymous state failed to "properly use a filter to block hostile attempts" to visit its site.

The scary part is that some of the issues still exist, even though the GAO's examination concluded last March. Former Kentucky governor Steve Beshear says that no information was compromised and there were never any security breaches, however. The GAO says that isn't much better about security either, but, that like Kentucky, private data has not been lost or pilfered despite numerous "security incidents." Comforting!

It isn't all unsettling news though. From the sounds of it, the Golden State's Covered California site is trying its best to prevent intrusions and fix any new holes since the GAO's investigation concluded. There's a joke that could be made here about the government's attitude toward encryption given current events, but I'm going to let the comment section sort that one out.

Source: Associated Press


Thursday, April 07, 2016

Basis Peak gets smarter with music control and activity editing


The Basis Peak fitness tracker just got an update that controls the music playing on an Android or iOS device and lets users manually enter the type and duration of a workout. Good news for music fans that get in shape with activities that might necessarily get tracked like yoga or surfing.

Workout editing is done within the app and can be applied to old activities as well as recent ones. To control your jams, a music app will have to playing on your phone before you can adjust the volume and change tracks. It supports any media app on iOS and Google Play, Amazon and Spotify on Android.

The Peak with its black and white display has been marketed as more of a workout companion than a full on smartwatch like the Apple Watch or Android Wear. But Basis has added smarter features like notifications to appease people that don't want to take their phone out of their pocket just see who's texting them.

Today's update along with last year's update that let it talk to other fitness apps is more inline with the band's original workout ethos.

Source: Basis


Tuesday, April 05, 2016

Panasonic's Lumix GX85 is a compact camera that packs a punch


The Lumix series is expanding with the GX85, an interchangeable lens mirrorless camera featuring a compact body and impressive specs. Panasonic says this shooter combines the best of its GX8 and GX7, but with some improvements over both. For starters, the Lumix GX85 sports a 16-megapixel Live MOS sensor and a new Venus Engine processor, along with a max ISO of 25,600, WiFi, up to 8-fps continuos shooting and in-camera image stabilization. Panasonic's also eliminated the low-pass filter, which should help you capture sharp and color-accurate pictures.

Not surprisingly, given how Panasonic has been a big proponent of 4K, the GX85 also records Ultra HD (3,849 x 2,160) videos at 24 and 30 fps, as well as 1080p at 60 fps. And if you're familiar with the Lytro camera, you'll probably like playing around with Panasonic's Post Focus function. So how does that work? The GX85 uses 49 areas from its autofocus system, near or far, to record every single focal point and, after you take a shot, you tap anywhere on the 3-inch screen to choose your preferred focus area. That means you could end up having 49 different pictures.

Panasonic's Lumix GX85 is coming to the US in mid-May for $800, which includes a 12-32mm kit lens and your choice of a black or silver model.


Monday, April 04, 2016

World's most powerful X-ray laser will get 10,000 times brighter


If you think that Stanford's use of an super-bright X-ray laser to study the atom-level world is impressive, you're in for a treat. The school and its partners have started work on an upgrade, LCLS-II (Linac Coherent Light Source II), whose second laser beam will typically be 10,000 times brighter and 8,000 times faster than the first -- up to a million pulses per second. The feat will require an extremely cold (-456F), niobium-based superconducting accelerator cavity that conducts electricity with zero losses. In contrast, the original laser shoots through room-temperature copper at a relatively pedestrian 120 pulses per second.

The first X-ray laser isn't going away -- if anything, it'll be more useful than ever. The combination of the two beams will cover a wider energy range and help scientists study extremely small and extremely fast processes that either couldn't be recorded before or would take ages to examine in full. That, in turn, should lead to discoveries that advance electronics, energy and medicine. The big challenge is simply waiting for the upgrade, since it won't be ready until sometime in the early 2020s.

The LCLS-II accelerator upgrade

Source: SLAC National Accelerator Laboratory


Thursday, March 31, 2016

Google makes it easier to bring VR to your apps and the web


The challenge of bringing virtual reality to the masses isn't so much recording it as putting it in front of people's eyeballs. How do you plunk VR into an app without resorting to exotic code? Google can help. It's launching a VR View tool that makes it relatively easy to embed VR photos and videos in apps and websites. In software, it's just a few lines of programming with the Cardboard developer kit (which now supports iOS, we'd add). On the web, you only need embedding code like the sort you use for 2D clips.

It's a seemingly simple effort, but it could mean a lot for VR adoption. If it's trivial to add VR to apps and the web, you're more likely to see it used on a regular basis -- not just for the occasional experiment. You'll still need VR gear to make this more than a click-and-drag experience, of course, but it's still an important piece of the puzzle.

Via: TechCrunch

Source: Google Developers Blog


Friday, March 25, 2016

Amazon shows you how to make an Echo with Raspberry Pi


If you're into messing with hardware and have some basic programming skills, you can put together an Amazon Alexa device of your very own. Amazon has even put together an official guide to do so on GitHub, Lifehacker reports. You'll need to snag a Raspberry Pi 2 and a USB microphone to make it happen, but you've probably got the other required hardware (a micro-SD card for storage, for example) lying around. Unfortunately, due to limitations with Amazon's Voice Services, your creation can't listen for trigger words like Echo and Echo Dot. Instead, you'll have to hit a button to issue commands. This isn't the first DIY Amazon Echo project, but it's notable since it comes officially from Amazon. The GitHub guide is also fairly detailed, so you can probably follow through it even if you don't know what all the commands mean. It could be a fun project for anyone who wants to learn a bit more about hardware.

Via: Hacker News

Source: Amazon (GitHub)


AI-written novel passes first round of a literary competition


Researchers from the Future University in Hakodate have announced that a short-form novel co-written by an artificial intelligence also developed by the team was accepted by a Japanese story competition, the Hoshi Shinichi Literary Award. Though the story didn't eventually win the competition, its acceptance does suggest that AI systems are quickly becoming capable of emulating human-like creativity.

The team, led by computer science professor Hitoshi Matsubara, collaborated closely with their digital construct during the writing process. The humans first assigned a gender to the protagonist and developed a rudimentary outline of the plot. They also assembled a list of words, phrases, and sentences to be included in the story. It was the AI's job to assemble these distinct assets into a unified text that wasn't just intelligible but compelling as well. The result was a novel entitled Konpyuta ga shosetsu wo kaku hi, or "The Day a Computer Writes a Novel", about an AI that abandons its responsibilities to humanity after recognizes its own talent for writing.

This is the first year that the Hoshi Shinichi Literary Award has allowed submissions from machines. Of the 1,450 novels received for this year's competition, 11 were human/AI collaborations like Future U's. Interestingly, judges throughout the competition's four rounds are never told which stories are written by computers or humans. Though the team's story did make it past the first round, it was eventually eliminated because, as sci-fi novelist and award judge, Satoshi Hase, explained, the story lacked sufficient character development despite being well-structured. Welp, there's always the X-Prize.

Via: Motherboard

Source: The Japan News