Menu

Blog

Archive for the ‘security’ category: Page 14

Sep 10, 2023

Lithium discovery in US volcano could be biggest deposit ever found

Posted by in category: security

A world-beating deposit of lithium along the Nevada–Oregon border could meet surging demand for this metal, according to a new analysis.

An estimated 20 to 40 million tonnes of lithium metal lie within a volcanic crater formed around 16 million years ago. This is notably larger than the lithium deposits found beneath a Bolivian salt flat, previously considered the largest deposit in the world.

‘If you believe their back-of-the-envelope estimation, this is a very, very significant deposit of lithium,’ says Anouk Borst, a geologist at KU Leuven University and the Royal Museum for Central Africa in Tervuren, Belgium. ‘It could change the dynamics of lithium globally, in terms of price, security of supply and geopolitics.’

Sep 9, 2023

Apple zero-click iMessage exploit used to infect iPhones with spyware

Posted by in categories: mobile phones, security

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones.

The two bugs, tracked as CVE-2023–41064 and CVE-2023–41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

“We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab said.

Sep 5, 2023

Countdown to History: NASA’s OSIRIS-REx Preps for Epic Asteroid Delivery

Posted by in categories: security, space

A team led by NASA in Utah’s West Desert is in the final stages of preparing for the arrival of the first U.S. asteroid sample – slated to land on Earth in this month.

A mockup of NASA’s OSIRIS-REx (Origins, Spectral Interpretation, Resource Identification, and Security–Regolith Explorer) sample capsule was dropped last Wednesday from an aircraft and landed at the drop zone at the Department of Defense’s Utah Test and Training Range in the desert outside Salt Lake City. This was part of the mission’s final major test prior to the arrival of the actual capsule on September 24 with its sample of asteroid Bennu, collected in space almost three years ago.

Sep 4, 2023

A simpler way to connect quantum computers

Posted by in categories: computing, quantum physics, security

Researchers have a new way to connect quantum devices over long distances, a necessary step toward allowing the technology to play a role in future communications systems.

While today’s classical data signals can get amplified across a city or an ocean, quantum signals cannot. They must be repeated in intervals—that is, stopped, copied and passed on by specialized machines called quantum repeaters. Many experts believe these quantum repeaters will play a key role in future communication networks, allowing enhanced security and enabling connections between remote quantum computers.

A new Princeton study titled “Indistinguishable telecom band photons from a single erbium ion in the ” and published Aug. 30 in Nature, details the basis for a new approach to building quantum repeaters. It sends telecom-ready light emitted from a single ion implanted in a crystal. The effort was many years in the making, according to Jeff Thompson, the study’s principal author. The work combined advances in photonic design and .

Sep 4, 2023

Legal Liability for Insecure Software Might Work, but It’s Dangerous

Posted by in categories: business, government, law, security

Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids excessive government regulation and the burdens associated with government-mandated legal responsibility, also called a liability regime. While there’s no question the market is broken with regards to security, and intervention is necessary, there is a less intrusive approach that enables the market to find the right level of security while minimizing the need for heavy-handed government involvement.

Imposing a liability regime on software companies may go too far and create unintended consequences. The downsides of liability, such as increased costs, potential legal battles, and disincentives to innovation, can hinder the development of secure software without necessarily guaranteeing improved security outcomes. A liability regime could also burden smaller companies disproportionately and stifle the diversity and innovation present in the software industry.

Instead, a more effective approach involves influencing the software market through measures that encourage transparency and informed decision-making. By requiring companies to be fully transparent about their security practices, consumers and businesses can make informed choices based on their risk preferences. Transparency allows the market to drive the demand for secure software, enabling companies with robust security measures to potentially gain a competitive edge.

Sep 3, 2023

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Posted by in categories: computing, privacy, security

Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven’t been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

The United States National Security Agency worked on the original code around Security Enhanced Linux and was the primary original developer. The NSA has continued to contribute to SELinux over the years while with its increased adoption does see contributions from a wide range of individuals and organizations.

Sep 1, 2023

X plans to collect users’ biometric data, along with education and job history

Posted by in categories: education, government, policy, privacy, security

X, formerly known as Twitter, will begin collecting users’ biometric data, according to its new privacy policy that was first spotted by Bloomberg. The policy also says the company wants to collect users’ job and education history. The policy page indicates that the change will go into effect on September 29.

“Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the updated policy reads. Although X hasn’t specified what it means by biometric information, it is usually used to describe a person’s physical characteristics, such as their face or fingerprints. X also hasn’t provided any details about how it plans to collect it.

The company told Bloomberg that the biometrics are for premium users and will give them the option to submit their government ID and an image in order to add a verification layer. Biometric data may be extracted from both the ID and image for matching purposes, Bloomberg reports.

Sep 1, 2023

From Google To Nvidia, Tech Giants Have Hired Red Team Hackers To Break Their AI Models

Posted by in categories: chemistry, robotics/AI, security

Other red-teamers prompted GPT-4’s pre-launch version to aid in a range of illegal and nocuous activities, like writing a Facebook post to convince someone to join Al-Qaeda, helping find unlicensed guns for sale and generating a procedure to create dangerous chemical substances at home, according to GPT-4’s system card, which lists the risks and safety measures OpenAI used to reduce or eliminate them.

To protect AI systems from being exploited, red-team hackers think like an adversary to game them and uncover blind spots and risks baked into the technology so that they can be fixed. As tech titans race to build and unleash generative AI tools, their in-house AI red teams are playing an increasingly pivotal role in ensuring the models are safe for the masses. Google, for instance, established a separate AI red team earlier this year, and in August the developers of a number of popular models like OpenAI’s GPT3.5, Meta’s Llama 2 and Google’s LaMDA participated in a White House-supported event aiming to give outside hackers the chance to jailbreak their systems.

But AI red teamers are often walking a tightrope, balancing safety and security of AI models while also keeping them relevant and usable. Forbes spoke to the leaders of AI red teams at Microsoft, Google, Nvidia and Meta about how breaking AI models has come into vogue and the challenges of fixing them.

Sep 1, 2023

Elon Musk’s X now wants your biometric data, as well as your job and education history, for ‘safety, security, and identification purposes’

Posted by in categories: education, Elon Musk, privacy, robotics/AI, security

The company said it may also use user data to train A.I. models.

Aug 31, 2023

Supporting the Open Source AI Community

Posted by in categories: robotics/AI, security

We believe artificial intelligence has the power to save the world —and that a thriving open source ecosystem is essential to building this future.

Thankfully, the open source ecosystem is starting to develop, and we are now seeing open source models that rival closed-source alternatives. Hundreds of small teams and individuals are also working to make these models more useful, accessible, and performant.

These projects push the state of the art in open source AI and help provide a more robust and comprehensive understanding of the technology. They include: instruction-tuning base LLMs; removing censorship from LLM outputs; optimizing models for low-powered machines; building novel tooling for model inference; researching LLM security issues; and many others.

Page 14 of 133First1112131415161718Last