Given the shutdown/attack today, which targeted stations far from the capital, this, ah... did not go well.

Excerpts from article:

> Security measures in Paris have been turbocharged by a new type of AI, as the city enables controversial algorithms to crawl CCTV footage of transport stations looking for threats.

> After training its algorithms on both open source and synthetic data, Wintics’ systems have been adapted to, for example, count the number of people in a crowd or the number of people falling to the floor—alerting operators once the number exceeds a certain threshold.

>Houllier argues that his algorithms are a privacy-friendly alternative to controversial facial recognition systems used by past global sporting events, such as the 2022 Qatar World Cup. “Here we are trying to find another way,” he says. To him, letting the algorithms crawl CCTV footage is a way to ensure the event is safe without jeopardizing personal freedoms. “We are not analyzing any personal data. We are just looking at shapes, no face, no license plate recognition, no behavioral analytics.”

> Levain is concerned the AI surveillance systems will remain in France long after the athletes leave. To her, these algorithms enable the police and security services to impose surveillance on wider stretches of the city. “This technology will reproduce the stereotypes of the police,” she says. “We know that they discriminate. We know that they always go in the same area. They always go and harass the same people. And this technology, as with every surveillance technology, will help them do that.”

This guy! 😮‍💨

Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set.

Now they have a new way to prove it: “copyright traps” developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history—strategies like including fake locations on a map or fake words in a dictionary.

These AI copyright traps tap into one of the biggest fights in AI. A number of publishers and writers are in the middle of litigation against tech companies, claiming their intellectual property has been scraped into AI training data sets without their permission. The New York Times’ ongoing case against OpenAI is probably the most high-profile of these.

The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.

> At issue in the case is the Web and App Activity toggle in Android device’s settings. Turning the toggle off prevents future web and app activity being saved to a user’s Google account. > >The class plaintiffs, a suit first filed in 2020, claim that Google collected their personalized data even though they turned the toggle off. They claim the toggle gives users the false impression that they can “opt out” of sharing all data with Google and third-party developers, and accused Google of invasion of privacy.

> Santacana said that none of the data that Google collected could be tied back to a user and that the defendants had failed to include a single example of the data being tracked back to a user, being used for personalized advertisements or being used to build marketing profiles.

> Seeborg, a Barack Obama appointee, told Santacana that he thought the language in Google’s privacy policy could possibly mislead a reasonable consumer into believing that toggling the function off stops collection of all data. > >Santacana replied that it’s not Google’s fault if a user doesn’t interpret the policies correctly.

> David Boies, counsel for the class plaintiffs, told Seeborg that he didn’t believe that Google doesn’t collect personal information, and that even the non-personal information could identify a person’s mobile device and be linked to a specific individual.

> Boies read Seeborg copies of Google employees’ internal emails, in which multiple employees expressed that they felt the privacy policy was fooling users into thinking that personal information wasn’t being collected. In the emails, the Google employees also said they were collecting and using personal information.

>Seeborg took the matter under submission.

To deal with all this Intel CPU disaster, I've been having to manually check MSI's website for mobo updates. It occurred to me that keeping BIOSes and other drivers that aren't delivered through your OS's update manager of choice is such a pain, and it's common knowledge that a lot of critical BIOS updates just don't get applied to systems because folks don't check for updates unless there's a problem.

Thinking about that, I realized that it would make life a lot easier if you could just have section in your RSS reader for firmware updates, and each mobo manufacturer published BIOS update announcements as an RSS feed. All your updates are in one place, and you're notified promptly! Of course, this would also apply to NVIDIA drivers, so you can get automatic updates on Windows without having to download Geforce NOW bloatware, but of course that's very intentional on NVIDIA's part.

Does anyone know of other easy ways to passively keep track of BIOS updates?

cross-posted from: https://lazysoci.al/post/15908451

> I've been saying this and people keep arguing.

Looks like AMD saw Intel and is trying to capitalize and learn from Intel's mistake by delaying until they can guarantee a stable launch

Personally I see this as a win for consumers as you're more likely to get a higher quality product by either company (AMD's move here is likely to echo in Intel)

Key Takeaways:

1. If you or someone you know has had any system instability issues with their 13th or 14th gen Intel processor/CPU, GN recommends on immediately filing an RMA with Intel even if a previous one was rejected.
2. If you're an owner of a 13 or 14th gen, please update the BIOS as soon as you can and keep an eye out for newer microcode patches/AGESA updates from Intel coming in mid-late August 2024.
3. Please continue to be informed/vigilant when buying second-hand/used Intel 13 and or 14th gen CPUs as you probably don't want to buy a defective CPU.

Archived version

KnowBe4 needed a software engineer for our internal IT AI team. "We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person," the firm writes on its blog.

"We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

[Special points to KnowBe4 for publishing this on its blog. If this can happen to a security awareness firm, it can happen to everyone.]

The two sanctioned persons are Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, both key members of the Russia-aligned hacktivist group Cyber Army of Russia Reborn (CARR), according to a US Treasury press release.

Since 2022, CARR, which also uses the name Cyber Army of Russia, has conducted low-impact, unsophisticated DDoS attacks in Ukraine and against governments and companies located in countries that have supported Ukraine. In late 2023, CARR started to claim attacks on the industrial control systems of multiple U.S. and European critical infrastructure targets. Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.

Per author, if the treat passes as-is, it will hurt security and stifle speech.

> while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk. > >This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security.

>Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports.

> The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer"

> the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late)

As an AWS focused solutions/systems architect, I've been feeling this for the last 10ish months too. I attended the first 9 re:Invent conferences (up until Covid upended things) but I was glad I didn't attend last year; and re:Inforce sounds like it was even worse.

cross-posted from: https://feddit.org/post/1095016

> Archived link > > Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. > > The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware." > > Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa. It's known to be operational since 2012.

Am I the only one that thinks Scaringe looks like Steve-O?

cross-posted from: https://feddit.org/post/1019342

> Archived link > > Preventing so-called technology leakage was top of the European Commission’s agenda when it in late 2023 named quantum technology as one of four critical fields it wanted to protect. Brussels has yet to publish a promised risk assessment, though, says Jeroen Groenewegen-Lau, Head of Program at the Mercator Institute for China Studies (MERICS). > > Europe should also increase control over the export of critical components for quantum computers to China. All European countries should follow Spain, France and the UK in declaring these items dual-use, forcing exporters to apply for permits for components that can have military as well as civilian uses. As much equipment is too widely used for control through a dual-use lists, Europe should also add policy tools so that, like the US, it can restrict exports to companies and research institutions known to work against its interests. > > Taking a clear stance on the risks of quantum technologies will also enable Europe to better compete in the field. More than in digital technologies like artificial intelligence, Europe is well positioned to profit from the technology’s power – optimizing flight routes or supply chains, simulating chemical and biological processes at the atomic level. Long-term investment in basic quantum research not only led to a Nobel Prize in 2022, but has spawned quantum valleys in München and Lower Saxony, a quantum delta in the Netherlands, and the “QuantAlps” around Grenoble, to name but a few clusters.

A much needed reminder that Machine Learning and Large Language Models (so called 'AI') is plagiarism, don't necessarily agree it's theft in the strict legal definition (but definitely in the colloquial meaning), but it's definitely immoral and unethical and the used by those that want to contribute nothing themselves.

A new report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia. The technology suite is composed of software, Domain Name System (DNS) configurations, website hosting, payment mechanisms, mobile apps, and more—a full cybercrime supply chain.

Tens of seemingly unrelated gambling brands that advertise by way of sponsorship deals with European sports teams use this technology. The owners of these brands prey on residents of Greater China and on victims across the globe to take advantage of the US$1.7 trillion illegal gambling economy.

The report names the actor who designed, developed, and operates this supply chain: Vigorish Viper.

Happy BSOD Day!

Archived link

Half a century ago, a young Stanford professor named Mark Granovetter published what would become one of the seminal papers in the field of sociology. “The Strength of Weak Ties” argued for the important of mere acquaintances — not just your friends — in the growing field of social network analysis. (It’s been cited more than 73,000 times.)

Granovetter surveyed a few hundred people in the Boston area who had recently taken a new job they learned about through a contact. (It’s who you know, right?) It turned out their weak ties — people they reported seeing once a year or less — were responsible for nearly twice as many job discoveries as their closest friends (people they saw twice a week or more).

[...]

Granovetter’s insight has been fundamental to the explosion of social networking platforms. Facebook is fundamentally a tool for flattening out all your strongest and weakest ties — from your spouse or sibling all the way to that kid you sat next to for two weeks in fifth grade. They all exist side by side, first-class citizens in your feed. LinkedIn was essentially Granovetter’s research turned into a startup. (Indeed, the strongest empirical support for Granovetter’s thesis is a massive study looking at more than 20 million LinkedIn users.)

So why do your weak links matter so much? One big reason is that they’re more likely than your closest friends to possess novel, salient information that you might lack. Your BFFs likely live in roughly the same knowledge universe that you do and are thus less likely to come across a new insight that’s unknown to you. That kid from fifth grade lives far enough outside your personal bubble to present you with a truly important piece of information.

Steve from Gamers Nexus explicitly states that they "can't recommend Intel CPUs right now" until Intel provides information and assurance to customers

Intel what are you doing? Shit's on fire, yo