Categories
Security

US State Department announces $10 million bounty after Costa Rica ransomware attack

In the wake of a massive ransomware attack on the Costa Rican government in April, the US government issued a notice last week declaring a bounty potentially worth millions of dollars on people involved with the Conti ransomware used in the hack. Rodrigo Chaves Robles, Costa Rica’s recently sworn-in president, declared a national emergency due to the attack, according to CyberScoop.

According to BleepingComputer, the ransomware attack affected Costa Rica’s ministries of finance and Labor and Social Security, as well as the country’s Social Development and Family Allowances Fund, among other entities. The report also says that the attack affected some services from the country’s treasury starting on April 18th. Hackers not only took down some of the government’s systems, but they’re also leaking data, according to CyberScoop, which notes that almost 700GB of data has made its way onto Conti’s site.

The Department of State Bureau of International Narcotics and Law Enforcement Affairs (INL) Offers  Rewards of up to $10,000,000 United States dollars for Information Leading to the Identification or Location of key leaders, and up to $5,000,000 United States dollars for Information Leading to the Arrest, and/or Conviction of the Owners/Operators/A...  Conti Ransomware as a Service Group  Contact the FBI with any tips by phone or internet: Phone: +1-800-CALL-FBI +1-800-225-5324 

The US State Department says the attack “severely impacted the country’s foreign trade by disrupting its customs and taxes platforms” and offers “up to $10 million for information leading to the identification and/or location” of the organizers behind Conti. The US government is also offering $5 million for information “leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate” in a Conti-based ransomware attack.

Last year, the US offered similar bounties on REvil and DarkSide (the group behind the Colonial Pipeline attack). REvil is largely thought to be defunct after the US reportedly hacked the group’s servers and the Russian government claimed to have arrested several members.

The Costa Rican government isn’t the only entity to fall victim to Conti’s ransomware. As Krebs On Security notes, the group is particularly infamous for targeting healthcare facilities such as hospitals and research centers.

The gang is also known for having its chat logs leaked after it declared that it fully supported Russia’s government shortly after the invasion of Ukraine began. According to CNBC, those logs showed that the group behind the ransomware itself was having organizational issues — people weren’t getting paid, and there were arrests happening. However, like many ransomware operators, the actual software was also used by “affiliates,” or other entities who used it to carry out their own attacks.

In Costa Rica’s case, the attacker claims to be one of these affiliates and says that they aren’t part of a larger team or government, according to a message posted by CyberScoop. They have, however, threatened to carry out “more serious” attacks, calling Costa Rica a “demo version.”

Repost: Original Source and Author Link

Categories
Security

US State Department phones were reportedly hacked by NSO spyware

At least nine employees of the US State Department working in or with Uganda had their iPhones hacked with spyware made by NSO Group, according to a report from Reuters. The Wall Street Journal has corroborated the story, putting the number of US and Ugandan embassy workers hacked at 11. While it’s unclear who carried out the attacks, NSO Group says it only sells its software to government organizations that have gotten approval from the Israeli government.

NSO has claimed that its spyware isn’t able to target US phone numbers (that is, numbers with a country code of +1). This case doesn’t seem to disprove that claim — Reuters reports that, while the people targeted were employees of the State Department, they were using foreign telephone numbers. Still, the devices were used for official State Department business, suggesting NSO may now be implicated in an espionage effort against the US government.

According to Reuters, the attacks happened in “the last several months.”

NSO’s Pegasus spyware is capable of remotely logging data from an infected iOS or Android device and can be used to covertly turn on a phone’s microphones or cameras. It’s also designed to infect phones using a “zero-click” attack, in which spyware can be installed without the target clicking a link or otherwise taking action.

Pegasus is also not supposed to leave any traces, though investigators have developed some methods to determine if a phone was hacked by it. You can read our explainer on it here, which goes into the media investigations of its usage by governments to target journalists, politicians, and activists.

NSO, based in Israel, has to get approval from the Israeli Ministry of Defense before it sells its software to another government agency. NSO co-founder Shalev Hulio has insisted that the company doesn’t know who its clients are spying on using its software. The company also says that it will investigate clients if they’re using Pegasus on off-limits targets and cut off the client’s access to the software if there’s evidence of abuse.

An NSO spokesperson told Reuters that the company would be investigating its reports, and the Israeli embassy told the outlet that a government targeting US officials with Pegasus would be “a severe violation” of its licensing agreements.

The US recently added NSO to its entity list, which puts heavy restrictions on American companies being able to sell their products or services to the group. In the private sector, Apple filed a lawsuit against NSO Group, claiming that the company broke Apple’s terms of service by creating over a hundred iCloud accounts to send malicious data via iMessage. Apple says that it patched the specific vulnerability NSO used to install Pegasus with iOS 14.8 and that it had added additional protections in iOS 15, which the company says it hasn’t seen Pegasus breach yet.

When the company announced its lawsuit, Apple said it would also notify users who had been targeted by a state-sponsored spying campaign. Ugandan politician Norbert Mao tweeted in November that he received one of the notifications. The Wall Street Journal reports that the US officials also received these notifications.

There are also reports that the US government is working on an initiative with other countries to prevent surveillance tools and technology from being sold to authoritarian governments. According to The Wall Street Journal, the effort will focus on export controls and will likely be announced at the Summit for Democracy, which starts December 9th.

Update December 3, 5:35PM ET: Added information from The Wall Street Journal’s report.



Repost: Original Source and Author Link

Categories
Game

Six state treasurers want Activision Blizzard to address its toxic workplace culture

Following scrutiny from state and federal regulators, Activision Blizzard and its CEO Bobby Kotick now face pressure from an unexpected source. Per , state treasurers from California, Massachusetts, Illinois, Oregon, Delaware and Nevada recently contacted the company’s board of directors to discuss its “response to the challenges and investment risk exposures that face Activision.” In a letter dated to November 23rd, the group tells the board it would “weigh” a “call to vote against the re-election of incumbent directors.”

That call was made on November 17th by a collection of activist shareholders known as . SOC, which holds about , has demanded Kotick resign and that two of the board’s longest-serving directors, Brian Kelly and Robert Morgado, retire by December 31st.

“We think there needs to be sweeping changes made in the company,” Illinois state treasurer Michael Frerichs told Axios. “We’re concerned that the current CEO and board directors don’t have the skillset, nor the conviction to institute these sweeping changes needed to transform their culture, to restore trust with employees and shareholders and their partners.”

Between the six treasurers, they manage about a trillion dollars in assets. But as Axios points out, it’s unclear how much they have invested in Activision, and it’s not something they disclosed to the outlet. However, Frerichs did confirm Illinois has been impacted by the company’s falling stock price.

To that point, the day before  published its bombshell report on Activision and CEO Bobby Kotick, the company’s stock closed at $70.43. The day California’s fair employment agency sued the company its stock was worth $91.88. As of the writing of this article, it’s trading at about $58.44.

The group has asked to meet with Activision’s board by December 20th. We’ve reached out to Activision for comment.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.



Repost: Original Source and Author Link

Categories
AI

LinkedIn and Intel tech leaders on the state of AI

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


Disclosure: The author is the managing director of Connected Data World.

AI is on a roll. Adoption is increasing across the board, and organizations are already seeing tangible benefits. However, the definition of what AI is and what it can do is up for grabs, and the investment required to make it work isn’t always easy to justify. Despite AI’s newfound practicality, there’s still a long way to go.

Let’s take a tour through the past, present, and future of AI, and learn from leaders and innovators from LinkedIn, Intel Labs, and cutting-edge research institutes.

Connecting data with duct tape at LinkedIn

Mike Dillinger is the technical lead for Taxonomies and Ontologies at LinkedIn’s AI Division. He has a diverse background, ranging from academic research to consulting on translation technologies for Fortune 500 companies. For the last several years, he has been working with taxonomies at LinkedIn.

LinkedIn relies heavily on taxonomies. As the de facto social network for professionals, launching a skill-building platform is a central piece in its strategy. Following CEO Ryan Roslanski’s statement, LinkedIn Learning Hub was recently announced, powered by the LinkedIn Skills Graph, dubbed “the world’s most comprehensive skills taxonomy.”

The Skills Graph includes more than 36,000 skills, more than 14 million job postings, and the largest professional network with more than 740 million members. It empowers LinkedIn users with richer skill development insights, personalized content, and community-based learning.

For Dillinger, however, taxonomies may be overrated. In his upcoming keynote in Connected Data World 2021, Dillinger is expected to refer to taxonomies as the duct tape of connecting data. This alludes to Perl, the programming language that was often referred to as the duct tape of the internet.

“Duct tape is good because it’s flexible and easy to use, but it tends to hide problems rather than fix them,” Dillinger said.

A lot of effort goes into building taxonomies, making them correct and coherent, then getting sign-off from key stakeholders. But this is when problems start appearing.

Key stakeholders such as product managers, taxonomists, users, and managers take turns punching holes in what was carefully constructed. They point out issues of coverage, accuracy, scalability, and communication. And they’re all right from their own point of view, Dillinger concedes. So the question is — what gives?

Dillinger’s key thesis,, is that taxonomies are simply not very good as a tool for knowledge organization. That may sound surprising at first, but coming from someone like Dillinger, it carries significant weight.

Dillinger goes a long way to elaborate on the issues with taxonomies, but perhaps more interestingly, he also provides hints for a way to alleviate those issues:

“The good news is that we can do much better than taxonomies. In fact, we have to do much better. We’re building the foundations for a new generation of semantic technologies and artificial intelligence. We have to get it right,” says Dillinger.

Dillinger goes on to talk about more reliable building blocks than taxonomies for AI. He cites concept catalogs, concept models, explicit relation concepts, more realistic epistemological assumptions, and next-generation knowledge graphs.

It’s the next generation, Dillinger says, because today’s knowledge graphs do not always use concepts with explicit human-readable semantics. These have many advantages over taxonomies, and we need to work on people, processes, and tools levels to be able to get there.

Thrill-K: Rethinking higher machine cognition

The issue of knowledge organization is a central one for Gadi Singer as well. Singer is VP and director of Emergent AI at Intel Labs. With one technology after another, he has been pushing the leading edge of computing for the past four decades and has made key contributions to Intel’s computer architectures, hardware and software development, AI technologies, and more.

Singer said he believes that the last decade has been phenomenal for AI, mostly because of deep learning, but there’s a next wave that is coming: a “third wave” of AI that is more cognitive, has a better understanding of the world, and higher intelligence. This is going to come about through a combination of components:

“It’s going to have neural networks in it. It’s going to have symbolic representation and symbolic reasoning in it. And, of course, it’s going to be based on deep knowledge. And when we have it, the value that is provided to individuals and businesses will be redefined and much enhanced compared to even the great things that we can do today”, Singer says.

In his upcoming keynote for Connected Data World 2021, Singer will elaborate on Thrill-K, his architecture for rethinking knowledge layering and construction for higher machine cognition.

Singer distinguishes recognition, as in the type of pattern-matching operation using shallow data and deep compute at which neural networks excel, from cognition. Cognition, Singer argues, requires understanding the very deep structure of knowledge.

To be able to process even seemingly simple questions requires organizing an internal view of the world, comprehending the meaning of words in context, and reasoning on knowledge. And that’s precisely why even the more elaborate deep learning models we have currently, namely language models, are not a good match for deep knowledge.

Language models contain statistical information, factual knowledge, and even some common sense knowledge. However, they were never designed to serve as a tool for knowledge organization. Singer believes there are some basic limitations in language models that make them good, but not great for the task.

Singer said that what makes for a great knowledge model is the capability to scale well across five areas of capabilities: scalability, fidelity, adaptability, richness, and explainability. He adds that sometimes there’s so much information learned in language models, that we can extract it and enhance dedicated knowledge models.

To translate the principles of having a great knowledge model to an actual architecture that can support the next wave of AI, Singer proposes an architecture for knowledge and information organized at three levels, which he calls Thrill-K.

The first level is for the most immediate knowledge, which Singer calls the Giga scale, and believes should sit in a neural network.

The next level of knowledge is the deep knowledge base, such as a knowledge graph. This is where intelligible, structured, explicit knowledge is stored at the Terascale, available on demand for the neural network.

And, finally, there’s the world information and the world knowledge level, where data is stored at the Zetta scale.

Knowledge, Singer argues, is the basis for making reasoned intelligent decisions. It can adapt to new circumstances and new tasks. That’s because the data and the knowledge are not structured for a particular task, but it’s there with all their richness and expressivity.

It will take concerted effort to get there, and Intel Labs on its part is looking into aspects of NLP, multi-modality, common sense reasoning, and neuromorphic computing.

Systems that learn and reason

If knowledge organization is something that both Dillinger and Singer value as a key component in an overarching framework for AI, for Frank van Harmelen it’s the centerfold in his entire career. Van Harmelen leads the Knowledge Representation & Reasoning Group in the Computer Science Department of the VU University Amsterdam.

He is also Principal investigator of the Hybrid Intelligence Centre, a $22.7 million, (€20 million), ten-year collaboration between researchers at six Dutch universities into AI that collaborates with people instead of replacing them.

Van Harmelen notes that after the breakthroughs of machine learning (deep learning or otherwise) in the past decade, the shortcomings of machine learning are also becoming increasingly clear: unexplainable results, data hunger, and limited generalisability are all becoming bottlenecks.

In his upcoming keynote in Connected Data World 2021, Van Harmelen will look at how the combination with symbolic AIin the form of very large knowledge graphs can give us a way forward: Towards machine learning systems that can explain their results, that need less data, and that generalize better outside their training set.

The emphasis in modern AI is less on replacing people with AI systems, and more on AI systems that collaborate with people and support them. For Van Harmelen, however, it’s clear that current AI systems lack background knowledge, contextual knowledge, and the capability to explain themselves, which makes them not very human-centered:

“They can’t support people and they can’t be competent partners. So what’s holding AI back? Why are we in this situation? For a long time, AI researchers have locked themselves into one of two towers. In the case of AI, we could call these the symbolic AI tower and the statistical AI tower”.

If you’re in the statistical AI camp, you build your neural networks and machine learning programs. If you’re in the symbolic AI camp, you build knowledge bases and knowledge graphs and you do inference over them. Either way, you don’t need to talk to people in the other camp, because they’re wrong anyway.

What’s actually wrong, argues Van Harmelen, is this division. Our brains work in both ways, so there’s no reason why approximating them with AI should rely exclusively on either approach. In fact, those approaches complement each other very well in terms of strengths and weaknesses.

Symbolic AI, most famously knowledge graphs, is expensive to build and maintain as it requires manual effort. Statistical AI, most famously deep learning, requires lots of data, plus oftentimes also lots of effort. They both suffer from the “performance cliff” issue (, i.e. their performance drops under certain circumstances, but the circumstances and the way differ).

Van Harmelen provides many examples of practical ways in which symbolic and statistical AI can complement each other. Machine learning can help build and maintain knowledge graphs, and knowledge graphs can provide context to improve machine learning:

“It is no longer true that symbolic knowledge is expensive and we cannot obtain it all. Very large knowledge graphs are witness to the fact that this symbolic knowledge is very well available, so it is no longer necessary to learn what we already know.

We can inject what we already know into our machine learning systems, and by combining these two types of systems produce more robust, more efficient, and more explainable systems,” says Van Harmelen.

The pendulum has been swinging back and forth between symbolic and statistical AI for decades now. Perhaps it’s a good time for the two camps to reconcile and start a conversation. To build AI for the real world, we’ll have to connect more than data. We’ll also have to connect people and ideas.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Maine passes the strongest state facial recognition ban yet

The state of Maine now has the most stringent laws regulating government use of facial recognition in the country.

The new law prohibits government use of facial recognition except in specifically outlined situations, with the most broad exception being if police have probable cause that an unidentified person in an image committed a serious crime, or for proactive fraud prevention.

Since Maine police will not have access to facial recognition, they will be able to ask the FBI and Maine Bureau of Motor Vehicles (BMV) to run these searches.

Crucially, the law plugs loopholes that police have used in the past to gain access to the technology, like informally asking other agencies or third parties to run backchannel searches for them. Logs of all facial recognition searches by the BMV must be created and are designated as public records.

The ACLU trumpeted this new law as a major win for state action to block facial recognition.

“Maine is showing the rest of the country what it looks like when we the people are in control of our civil rights and civil liberties, not tech companies that stand to profit from widespread government use of face surveillance technology,” Michael Kebede, a lawyer at the ACLU of Maine, said in a press release.

The only other state-wide facial recognition law was enacted by Washington in 2020, but many privacy advocates were dissatisfied with the specifics of the law. The Washington law gives police generous carve-outs to conduct surveillance with the technology and also allows the technology to be used to deny access to services like housing or education enrollment. Notably, it was written by State Senator Joe Nguyen, who is a current employee of Microsoft.

Virginia and Massachusetts legislatures have also banned some police use of facial recognition, but both fall short of regulating the tech in schools and other state agencies.

Maine’s new law also gives citizens the ability to sue the state if they’ve been unlawfully targeted by facial recognition, which was notably absent from Washington’s regulation. If facial recognition searches are performed illegally, they must be deleted and cannot be used as evidence.

The law was enacted after passing state legislature and will not require a signature from Maine Governor Janet Mills. It will go into effect on October 1st, 2021.

Repost: Original Source and Author Link

Categories
Game

PUBG: New State release date revealed: The wait is almost over

Krafton, the company you may still know as Bluehole, has finally revealed the release date for its upcoming mobile twist on the popular battle royale game PlayerUnknown’s Battlegrounds. The company first announced PUBG: New State in February alongside preregistration for the game, noting at the time only that it would arrive later on in 2021.

As first revealed back in February with the game’s initial announcement, PUBG: New State isn’t here to replace PUBG: Mobile. The new title will join the existing mobile game as a new option for Android and iOS users, bringing with it new content, graphics, and other key changes, the most notable being an entirely new environment.

PUBG: New State will be set in a futuristic world packed with new weapons and vehicles unlike those found in the existing PUBG titles. Krafton held a media showcase about the upcoming mobile game last week in South Korea, showing off gameplay footage and, among other things, finally announcing a release date: November 11.

That date will mark the global launch for PUBG: New State, which will be available to download and play in 200 countries. Krafton and PUBG: Corp will have a final playtest ahead of launch on October 29 and 30 that will be limited to 28 countries. Fans of the game or the battle royale genre in general can still preregister for the title on Google Play and pre-order on Apple’s App Store.

The November 11 launch will mark the arrival of another high-quality mobile game that fully leverages the latest and greatest mobile hardware while offering an experience that, says Krafton, may prove to be unlike anything you’ve played on your phone before.

PUBG: New State‘s minimum requirements are low enough that many mobile gamers should be able to enjoy the title, though players who have higher-end hardware will enjoy the best quality. Krafton says the use of “global illumination technology” will enable the game to offer a level of quality beyond “what was previously possible in mobile gaming graphics.”

Repost: Original Source and Author Link

Categories
Game

Another PlayStation State of Play is happening next week

It hasn’t been that long since the last PlayStation State of Play, but that isn’t stopping Sony from hosting another one. Today, Sony announced that another State of Play will be happening next week. Still, unlike the previous one that focused primarily on PlayStation 5 games, this one will focus on upcoming games for both PlayStation 4 and PlayStation 5.

If you thought that Sony might be out of reveals after the last State of Play, which took place in September, it appears you’d be right. Rather than showcase upcoming titles from PlayStation Studios, Sony says that this new State of Play will be “focusing on announcements and updates for upcoming third-party releases headed to PS5 and PS4.”

What those releases could be is anyone’s guess at this point. We can, as always, make a few educated guesses as to what might be on tap, as there are numerous confirmed titles in development for both consoles. Games we’d keep an eye out for in particular include Final Fantasy 16, the Star Wars: Knights of the Old Republic remake from Aspyr, and titles that are probably closer to release than either of those games including Elden Ring, Ghostwire: Tokyo, and Solar Ash.

Sony, for its part, does not indicate what’s in store aside from confirming that it’ll be primarily third-party games on the docket and that the show will mainly comprise “new looks at previously announced games, plus a few reveals from our partners around the world.” Sony says that the whole show will last for around 20 minutes, so we can expect a quick and breezy event.

The next State of Play will be happening next Wednesday, October 27th at 2 PM PT/5 PM ET. You’ll be able to watch the State of Play on the PlayStation Twitch and YouTube channels. We’ll be covering the show as it happens, so check back with us next Wednesday for all you need to know.

Repost: Original Source and Author Link

Categories
AI

State of AI Report tracks transformers in critical infrastructure

Artificial intelligence and machine learning pioneers are rapidly expanding on techniques that were originally designed for natural language processing and translation to other domains, including critical infrastructure and the genetic language of life. This was reported in the 2021 edition of the State of AI Report by investors Nathan Benaich of Air Street Capital and Ian Hogarth, an angel investor.

Started in 2018, their report aims to be a comprehensive survey of trends in research, talent, industry, and politics, with predictions mixed in. The authors are tracking “182 active AI unicorns totaling $1.3 trillion of combined enterprise value” and estimate that exits by AI companies have created $2.3 trillion in enterprise value since 2010.

One of their 2020 predictions was that we would see the attention-based transformers architecture for machine learning models branch out from natural language processing to computer vision applications. Google made that come true with its vision transformer, known as ViT. The approach has also shown success with audio and 3D point cloud models and shows potential to grow as a general-purpose modeling tool. Transformers have also demonstrated superior performance at predicting chemical reactions, for example — the UK’s National Grid utility significantly halved the error in its forecasts for electricity demand using a type of transformer.

Introduced in a 2017 paper, “Attention Is All You Need,” Transformers take an “attention-based” approach to limit the computing power required for analysis, for example by focusing attention on one word at a time in a sentence rather than letting the model grow exponentially in complexity with each additional word. The Perceivers’ architecture from DeepMind, the deep learning business unit of Google’s parent company Alphabet, is another variation on the attention concept that has shown strong results with inputs and outputs of various sizes, according to the report.

Amping up linguistic analysis

Making sense of human language is one of the toughest problems in AI, but lessons learned from linguistic analysis turn out to pay off in other realms such as computational biology and drug discovery.

As one example, researchers are “learning the language of COVID-19” for a grammatical understanding of its genetics, showing the potential to identify future possible mutations that could produce the next threat akin to the Delta variant. This raises the possibility that future vaccines and treatments could be prepared to address those variants before they emerge, the authors suggest.

Investor dollars are following for AI-first biotech and drug discovery firms, most notably with the October IPO of Britain’s Exscientia at a valuation of over $3 billion. Recursion Pharmaceuticals of Utah raised $436 million in an April IPO.

Yet, despite the promising outlook for AI in medicine, the report’s authors also note that “despite a loud call to arms and many willing participants, the ML community has had surprisingly little positive impact against COVID-19. One of the most popular problems – diagnosing coronavirus pathology from chest X-ray or chest computed tomography images using computer vision – has been a universal clinical failure.” They also caution against overstated claims about the applications of AI to domains such as radiology, noting that one study found 94% of AI systems designed to improve breast cancer screening are less accurate than the original radiologist.

Global rush for large language models and critical infrastructure

Large language models (LMMs) are proving so important that they “have become ‘nationalized,’ where every country wants their own LMM,” according to the report. These are models that attempt to understand all the words in a given language, and the largest to date is the Chinese model, Wudao, with 1.75 trillion parameters. In general, China has emerged as the world leader in academic AI research – at the same time that U.S. universities are suffering a significant “brain drain,” according to the report.

In addition to being one of the most important fronts in AI research, linguistic understanding is one of the most fraught. The machine understanding that emerges often turns out to reveal racist and sexist biases that might reflect an accurate understanding of human nature – but not one we want to promote. One of the recent scandals in the field was Google’s firing of Timnit Gebru, an AI researcher who says she was cut loose after raising ethical objections to the way Google was using LMMs. Alphabet/Google also quashed an effort by DeepMind to be spun off as a nonprofit research group, according to the report.

The report highlights these incidents in the context of a broader discussion of AI safety – the challenge of ensuring that AI progress is kept in alignment with human wellbeing – including worries over military applications like autonomous war-fighting machines.

These are just some of the many highlights included in the report, which was published as a 168-screen Google Slides deck. Among their predictions for the coming year are that this sector will likely see a wave of consolidation among AI semiconductor companies and the emergence of a new research company focused on artificial general intelligence (the most ambitious branch of AI) with a focus on a vertical like life sciences, critical infrastructure or developer tools.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Security

Missouri governor threatens reporter who discovered state site spilling private info

Missouri Governor Mike Parson is threatening legal action against a reporter and newspaper that found and responsibly disclosed a security vulnerability that left teacher and educational staffs’ social security numbers exposed and easily accessible.

The St. Louis Post-Dispatch reports that it notified the Missouri Department of Elementary and Secondary Education (DESE) that one of its tools was returning HTML pages that contained employee SSNs, potentially putting the information of over 100,000 employees at risk. Despite the fact that the outlet waited until the tool was taken down by the state to publish its story, the reporter has been called a “hacker” by Governor Parson, who says he’ll be getting the county prosecutor and investigators involved.

According to the Post-Dispatch, the tool that contained the vulnerability was designed to let the public see teachers’ credentials. However, it reportedly also included the employee’s SSN in the page it returned — while it apparently didn’t appear as visible text on the screen, KrebsOnSecurity reports that accessing it would be as easy as right-clicking on the page and clicking Inspect Element or View Source.

While the reporter followed standard protocols for disclosing and reporting on the vulnerability, the governor is treating him as if he attacked the site or was trying to access the teacher’s private information for nefarious purposes.

In a press conference, Governor Parson described the reporter’s actions as “decoding the HTML source code,” which makes it seem suspicious and clandestine. He is, however, literally describing how viewing a website works — it’s the server’s job to send an HTML file to your computer so you can view it, and anything included in that file isn’t secret (even if it’s not physically visible on your screen when viewing that webpage). Governor Parson says that nothing on DESE’s website gave users permission to access the SSN data, but it was being freely provided.

You can view the governor’s full press conference below.

The Verge has reached out to Missouri DESE to clarify whether the tool was publicly accessible or required logging in, and in response, the DESE says its only comment (due to the ongoing investigation) is that the data is now protected. Of course, it being accessible at all is an issue, regardless of whether it was behind a login.

Missouri’s response is, to put it lightly, the exact opposite of standard practice. Many organizations have bug or security bounties worth hundreds of thousands of dollars, which they’ll pay to hackers who find and responsibly disclose flaws like these. The reason these exist is that they’ll make your systems safer — yes, people will look for and find vulnerabilities, but there was likely already somebody doing that anyways. With a bug bounty, they’re telling you so you can fix it rather than selling that info on the dark web or using it for personal gain. Obviously, those kinds of sums aren’t reasonable for school districts, which often have underfunded IT departments due to shrinking budgets, but there’re a lot of options between paying out large sums of money and threatening legal action.

Governor Parson says that the incident could cost the state’s taxpayers $50 million. If a malicious hacker had found the treasure trove of SSNs, it likely would’ve been even more expensive: the state still would’ve had to fix the system, and it’d have teachers who would have solid claims against it if they needed identity protection services.

Governor Parson (along with a press release by the Office of Administration) clarifies that the SSNs were only accessible one at a time — a list of all employees’ private info wasn’t included in the HTML files. But as anyone who’s watched the opening scene of The Social Network knows, it can be trivial for hackers to download all the pages from an application and strip specific pieces of information out of them. Just because the reporter didn’t do it (it would’ve arguably been irresponsible if he had) doesn’t mean that it wasn’t possible and doesn’t speak to good security practices.

To be clear: prosecuting the reporter, news outlet, and anyone involved will only serve to put people in Missouri at risk because no one will want to report security flaws they’ve found in public systems if the state’s response will be sending law enforcement after them. Security flaws like this are extremely unfortunate, but they will inevitably happen (the Post-Dispatch reports that the DESE was found to have been storing student SSNs by an audit in 2015). With public entities and companies alike, the real test isn’t whether it happens but how you respond to it. Unfortunately, it seems like Governor Parson is failing that test.

Updated October 14th, 5:52PM ET: Updated to reflect comment from the DESE.



Repost: Original Source and Author Link

Categories
Game

Everything Shown at Playstation State of Play July 2021

PlayStation’s latest State of Play stream was chock-full of news. As announced earlier this week, the State of Play’s big focus was a nine-minute showcase of Bethesda’s Deathloop. It was accompanied by indie game updates, along with a few new announcements. Here’s everything that was announced during the show.

Indie game updates and reveals

The stream started with a reveal trailer of Moss: Book 2 for the PlayStation VR. A look at multiplayer shooter Arcadegeddon followed, along with an announcement for its early access release. We also got an update on Tribes of Midgard‘s post-launch plans, which will include a new rune system, Saga Quests, and exclusive items.

We got a new look at F.I.S.T, a new beat-’em-up that stars a gruff anthropomorphic rabbit wielding a mech suit and is coming to the PS4 and PS5 on September 7. The PvE and PvP battle royale fighter Hunter’s Arena is coming to the PS4 and PS5 for PlayStation Plus members next month from August 3 to September 6.

The developers at Superbrothers shared a peek at its new game, Jett: The Far Shore, which seems to be an exploration-focused adventure that features on-foot and space travel.

Sega made its presence known during the event as well with a new hack-and-slash game based on the hit anime and manga title Demon Slayer. The game launches on October 5 for PS4 and PS5. It also gave a fresh glance at Lost Judgment and its English voice acting.

SIFU delay and details

One announcement that may come as a blow to viewers was the delay of SIFU. The heavily hyped game from Slocap was pushed back from a 2021 release to 2022. It still has no set date or even month window for launch as of yet.

There was a new mechanic shown off for the game. After each defeat players take in the game, they’ll return at an increased age. It’s unknown if this is simply an aesthetic change or if it affects gameplay as well.

Death Stranding Director’s Cut launch date

Death Stranding Director’s Cut was confirmed to be on the way by Hideo Kojima at E3 2021. Today, we got a release date and tons of new details on the game.

The game will hit shelves on September 24, 2021. The game features new story missions, battles, combat mechanics, and some very surprising add-ons that no one expected. PS5 players can upgrade their PS4 copy of the game to the Director’s Cut for $10.

Deathloop gameplay and story details

The main highlight of this State of Play was Deathloop, and it’s clearly looking to deliver a new shooter experience from Bethesda. Players control Colt, who is stuck on the island of Deathreef, where everyone is out to kill him. To leave the island and break the loop, Colt has to kill eight targets called the visionaries before the day repeats.

With the game being so focused on death and repeating actions, each loss will give you new chances to learn about your targets and the world around you. This also opens the door to tons of different possible ways to deal with enemies.

Players will be able to carry weapons abilities between loops thanks to the Residium material. However, players have to be smart about what they want to keep due to Residium being a rare resource. There is also Reprise, which allows players to die and rewind twice before the day’s loop restarts.

Editors’ Choice




Repost: Original Source and Author Link