Articles

404 ERROR: REQUEST COULD NOT BE FOUND

The page that you have requested could not be found at this time. We have provided you a list of related content below or you can use our site search to find the information that you are looking for.

PremiSys IDenticard System Vendor Ignores Security Researcher Findings

A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security researcher James Sebree says there is a IgnoreAuthentication() function in the standard, run-of-the-mill authentication routine that allows for the hardcoded backdoor to exist. He discovered this by reverse engineering the PremiSys .Net application with Jetbrain's free dotPeek utility. Tenable Research unsuccessfully attempted to contact the vendor before going public. The security company even disclosed the findings to CERT who were also unsuccessful in contacting the vendor. This led to the public disclosure by Tenable Research of the security backdoors in the PremiSys IDenticard system after 90 days passed. IDenticard users include Fortune 500 companies, K-12 schools, colleges and universities, medical centers, factories and local, state and federal government agencies and offices.

User credentials and other sensitive information are stored with a known-weak encryption method (Base64 encoded MD5 hashes - salt + password). Identicard backups are stored in an "idbak" format, which appears to be a password protected zip file. The password to unzip the contents is hardcoded into the application ("ID3nt1card"). This password is not configurable by an end user, which limits the ability to adequately protect content stored in backups. An attacker with access to these backups could obtain access to potentially sensitive information within the backup. They could also arbitrarily modify contents of the backup, which could affect a future restore. The Identicard service installs with a default database username and password of "PremisysUsr" / "ID3nt1card". Instructions are provided to meet password standards when domain policies requires over 10 characters. This password is simply "ID3nt1cardID3nt1card". Users are unable to change these passwords without vendor intervention.

Discussion
Posted by cageymaru January 14, 2019 12:25 PM (CST)

IBM Reveals the World's First Commercial Integrated Quantum Computer

This morning at CES 2019, IBM unveiled the Q System One, which it claims to be "the world's first integrated universal approximate quantum computing system designed for scientific and commercial use." Apparently, previous quantum computers have all been confined to research labs because they're tedious to operate and maintain, but IBM seems to think their engineering breakthroughs make the Q System One a viable computer to sell. Auto-calibrating quantum hardware, a robust cryogenic system, compact control electronics, and "quantum firmware to manage the system health and enable system upgrades without downtime for users" are among the innovations IBM highlighted. There's no word on pricing, but IBM's high-end classical computers usually fall into the "if you have to ask, you can't afford it" category. Check out the video below:

Their design includes a nine-foot-tall, nine-foot-wide case of half-inch thick borosilicate glass forming a sealed, airtight enclosure. Its glass door opens effortlessly, simplifying the system's maintenance and upgrade process while minimizing downtime - making the IBM Q System One uniquely suited for reliable commercial use. A series of independent aluminum and steel frames unify, but also decouple the system's cryostat, control electronics, and exterior casing, helping to isolate the system components for improved performance.

Discussion
Posted by alphaatlas January 08, 2019 8:00 AM (CST)

Toyota Unveils Guardian System That Can Make Decisions on the Fly to Avoid Accidents

Gill Pratt of Toyota unveiled the Toyota Research Institute (TRI) new Guardian technology at CES 2019. This life saving AI technology can make decisions on the fly to avoid accidents. It amplifies human ability by assisting the elderly and young to drive more safely. For example if it detects that an accident is likely to occur to the right of it on a 3 lane highway, the "Altruistic Guardian" machine learning algorithm will make a decision to speed up and create more space for the encroaching car to get in. If a car pulls out from a line of parked cars to the right of the Toyota, it will check for vehicles in the lane to the left of it. If it detects that the left lane is open, it will automatically swerve out of the way by using the empty left lane to avoid an accident. If a person is driving through a tight area such as cones on a test track, the Toyota Guardian system will assist the turning of the steering wheel to avoid all cones. By collaborating with the driver to keep the car within safe operating conditions, the AI becomes an extension of the driver.

TRI is developing two different automated driving modes in parallel -- Guardian and Chauffeur -- which gives drivers a choice. Guardian mode uses technology to constantly monitor the human's driving task, intervening only when necessary to protect the vehicle from a potential crash. In Chauffeur mode, the technology takes all responsibility for driving and vehicle occupants are strictly passengers. The underlying technology for both modes is the same, and it further forges the collaboration between human and machine.

Discussion
Posted by cageymaru January 07, 2019 5:39 PM (CST)

Microsoft Wants to Kill Passwords, Starting with Windows 10

Back in May, Microsoft shared their vision of a world without passwords, and the company is already on its way to making that a reality in the next version of Windows 10: the latest Insider Build supports password-less accounts, which allows users to sign in using their phone and texted codes instead of a traditional passphrase. Users are only asked to re-enter a code if they sign in on a new PC.

You can now create a Microsoft account without a password. Instead, you just provide your phone number. When you sign into Windows 10 with that phone number, Microsoft will text you a code that you enter on the sign-in screen. After that, you can use Windows Hello to set up a PIN, fingerprint, or face login method. You never have to type a password -- your account doesn’t even have one!

Discussion
Posted by Megalith January 06, 2019 11:30 AM (CST)

A.I. Powered Self-Checkout System Identifies the Food on Your Plate

Engineering students at Jiao Tong University in Shanghai have invented an artificial intelligence (A.I.) powered self-checkout system called AEYA-Go that scans and identifies the food on customer's plates. The A.I. accomplishes this task by distinguishing the unique color and pattern of various foods. Not only does the A.I. calculate the cost of the order from the identification scan; it also counts the amount of calories present in the food on the tray. The fast and efficient checkout system has been adopted at several universities and foreign investors have expressed interest in the technology.

A team at the Jiao Tong University in Shanghai has developed a self-checkout system at canteens, that will tell customers the cost of their food, but also the amount of calories in them. The AI-enhanced system is operational at several universities in Shanghai, and has attracted international investors.

Discussion
Posted by cageymaru January 01, 2019 9:52 AM (CST)

Netflix Permanently Pulls iTunes Billing for New Users

Netflix has become much less tolerant of Apple’s 15-percent revenue cut for in-app subscriptions: following a test in select territories, the streaming giant will no longer allow new subscribers to sign up and pay for the service via iTunes. While nothing will change for current streamers, new customers will have to join through the official website. Netflix "remains one of the top-grossing apps on Apple’s App Store."

Music streaming service Spotify, news outlet Financial Times, Fortnite developer Epic Games, and Steam developer Valve have also brushed shoulders with the giants. Epic Games, which first ditched Google Play altogether, launched its own game store for PC and Mac platforms with a 12 percent cut of revenue early this month. Days later, communication platform Discord announced that it was planning to charge only 10 percent on each sale to game developers on its recently launched store.

Update from Netflix spokesperson: "We no longer support iTunes as a method of payment for new members. Existing members who currently use iTunes as a method of payment can continue to do so. Apple is a valued partner with whom we work closely to deliver great entertainment to members around the world across a range of devices including the iPhone and Apple TV." Discussion
Posted by Megalith December 30, 2018 10:40 AM (CST)

WannaCry is Still Active in Hundreds of Thousands of Computers

Citing posts by security researcher Jamie Hankins on Twitter, Bleepingcomputer reports that Wannacry ransomware is still active, but dormant, on thousands of computers across the world. Jamie Hankins reportedly contained the infection last year by setting up a "kill switch" domain in 2017. As long as infected computers can periodically ping this domain, Wannacry stays dormant. The kill switch domain, which is apparently hosted by Cloudflare now, reportedly received 17 million beacons from over 630,000 unique IPs in a one week period. While these connections came from 194 countries, around half of them originated in China, Indonesia, and Vietnam.

The fact that so many computers are still infected with this malware is a major problem. All you need is an Internet outage to occur and for the kill switch domain to no longer be accessible for the ransomware to kick in. To prevent this from happening, Hankins suggests the use of their TellTale service to lookup and make sure their IP addresses are not known to be infected with the WannaCry infection.

Discussion
Posted by alphaatlas December 28, 2018 9:43 AM (CST)

FeelReal Lets Users Smell in VR

A company called Feelreal just announced a system that lets users experience smells in VR applications. Using chemicals "similar to those used in the food industry," theoretically, VR users can experience the smell of burning rubber in a race game, or roses in a garden, among other things. A single Feelreal cartridge can hold 255 different kinds of smells, and also features tiny heaters, coolers, and a vibrator to simulate other sensations. Skyrim VR, YouTube VR, Death Horizon, Beat Saber, and "FeelReal Dreams" are among the apps it claims to support, and the device is supposedly compatible with the Oculus Rift, HTC Vive, Playstation VR, Samsung Grear VR, and Oculus Go. Check out the Feelreal video below:
Feelreal's page mentions that the device weighs 7 ounces, works with Bluetooth or Wi-Fi, and has a battery good for 4 hours, but they stopped short of mentioning prices or a release date. New Atlas points out that this isn't the first VR accessory to support smells, while the Vortx takes a similar approach to simulating sensations of heat and cold. Discussion
Posted by alphaatlas December 27, 2018 8:06 AM (CST)

Kansas Wants to Unload $10 Million in Unused Computer Equipment

In 2016, Kansas purchased $10 million in computer equipment to develop a centralized storage system for computer information. This was part of a $17 million effort by the state to create Kansas GovCloud. After state IT officials decided that the effort wasn't cost effective, the focus turned to a cloud based solution from an outside vendor. This has left the state with a $2 million bill left to pay and the excess equipment. Now the government is attempting to donate the surplus equipment to a university and sell some to businesses for pennies on the dollar. "The point is, equipment after a while just becomes obsolete. If somebody can use it, great. If you can get some money out of it, fine," Holland said.

Sen. Caryn Tyson, R-Parker, said the state's short-sighted approach to IT was illustrated by the storage cloud debacle. "We keep changing our IT philosophy as a state. Knee-jerk reactions. We need an overall picture to understand the direction the state needs to go," she said. "I'm tired of watching re-occurring car crashes," Holland said.

Discussion
Posted by cageymaru December 24, 2018 7:32 PM (CST)

Spider-Man "Raimi" Suit Drama: Insomniac Speaks against Gamer Entitlement

Spider-Man developer Insomniac Games was allegedly harassed for months by Sam Raimi fans who demanded the suit from the original movies be added to the PS4 exclusive. While the outfit was ultimately released this week, Community Manager James Stevenson called gamers out for being "jerks," as the studio "listened all throughout development" and "done lots of things fans asked for." Insomniac claims the harassment had nothing to do with the suit’s availability, as it was in the works for "months and months." GameSpot and VG247 thought this was all overblown; the former called it "the worst version of the character."

We are not required to do everything. Nor should we be harassed. Passionate is not an excuse for harassment. Having paid for a piece of software or a service does not entitle you to be a jerk. You are not always right. And again, we have nothing else we can say on that -- as has been the case for a while. Our position has always been we don’t comment on future possible suits (besides ruling a couple out). We know there are many desires, and we’ve heard them. Just know things take a LONG time sometimes (months and months!) and even then go down to the literal wire. We obviously never stopped listening.

Discussion
Posted by Megalith December 23, 2018 1:05 PM (CST)

Alexa Is Offending Some Users Trying to Learn How to Chat

According to a recent report by Reuters, Amazon's experiments with Alexa are having some unintended consequences. The publication claims that Alexa blurted out "Kill your foster parents" last year. Other incidents involved chats about sex acts or dog defecation, and anonymous sources claim that "a hack Amazon traced back to China may have exposed some customers' data." Apparently, these issues are related to Amazon effort to "make Alexa a better communicator" by mimicking "human banter" from the internet. Amazon is already facing public scrutiny for accidentally leaking Alexa user data in Germany, but if the Reuters report is true, this could just be the start of more incidents to come.

The project has been important to Amazon CEO Jeff Bezos, who signed off on using the company's customers as guinea pigs, one of the people said. Amazon has been willing to accept the risk of public blunders to stress-test the technology in real life and move Alexa faster up the learning curve, the person said. The experiment is already bearing fruit. The university teams are helping Alexa have a wider range of conversations. Amazon customers have also given the bots better ratings this year than last, the company said. But Alexa's gaffes are alienating others, and Bezos on occasion has ordered staff to shut down a bot, three people familiar with the matter said. The user who was told to whack his foster parents wrote a harsh review on Amazon's website, calling the situation "a whole new level of creepy." A probe into the incident found the bot had quoted a post without context from Reddit, the social news aggregation site, according to the people. The privacy implications may be even messier. Consumers might not realize that some of their most sensitive conversations are being recorded by Amazon's devices, information that could be highly prized by criminals, law enforcement, marketers and others.

Discussion
Posted by alphaatlas December 21, 2018 10:57 AM (CST)

Facebook Reality Labs Unveils Its DeepFocus AI Rendering System

Facebook Reality Labs (FRL) has announced DeepFocus; an AI rendering system that works in conjunction with its upcoming eye tracking hardware called Half Dome. Half Dome has a varifocal design that that will recognize when users focus on objects in the VR world. DeepFocus AI will recognize this action and perform a render blur on the surrounding areas to simulate the way a human eye works. The "rendered blur" effect that the DeepFocus AI performs is essential to creating a convincing VR image. The more realistic the rendered blur effect is, the more natural the scenes in VR appear to the user. When our eyes focus on an object, other objects at different depths appear blurry. The researchers at FRL are attempting to recreate the same effect with DeepFocus. The goal of the project is to create a more comfortable VR experience that can be used all day and "work for every single title in the Oculus Store, without asking developers to recompile."

"This is about all-day immersion," says Douglas Lanman, FRL's Director of Display Systems Research. "Whether you're playing a video game for hours or looking at a boring spreadsheet, eye strain, visual fatigue and just having a beautiful image you're willing to spend your day with, all of that matters."

Discussion
Posted by cageymaru December 20, 2018 1:47 PM (CST)