Archive for the ‘Software’ Category
As you know, at Wordfence we occasionally send out alerts about security issues outside of the WordPress universe that are urgent and have a wide impact on our customers and readers. Unfortunately this is one of those alerts. There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users.
I have written this post to be as easy to read and understand as possible. I deliberately left out technical details and focused on what you need to know to protect yourself against this phishing attack and other attacks like it in the hope of getting the word out, particularly among less technical users. Please share this once you have read it to help create awareness and protect the community.
The Phishing Attack: What you need to know
A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.
This attack is currently being used to target Gmail customers and is also targeting other services.
The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.
You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. It looks like this….
And do read the whole thing. The attack is ingenious in how it spreads and how it is exploited.
So I started reading the collections from the Edge, and in the first I started, the one on AI, the latter part of the introduction and statement of the problem ended thusly:
. . . No novel science or technology of such magnitude arrives without disadvantages, even perils. To recognize, measure, and meet them is a task of grand proportions. Contrary to the headlines, that task has already been taken up formally by experts in the field, those who best understand AI’s potential and limits. In a project called AI100, based at Stanford, scientific experts, teamed with philosophers, ethicists, legal scholars and others trained to explore values beyond simple visceral reactions, will undertake this. No one expects easy or final answers, so the task will be long and continuous, funded for a century by one of AI’s leading scientists, Eric Horvitz, who, with his wife Mary, conceived this unprecedented study.
Since we can’t seem to stop, since our literature tells us we’ve imagined, yearned for, an extra-human intelligence for as long as we have records, the enterprise must be impelled by the deepest, most persistent of human drives. These beg for explanation. After all, this isn’t exactly the joy of sex.
Any scientist will say it’s the search to know. “It’s foundational,” an AI researcher told me recently. “It’s us looking out at the world, and how we do it.” He’s right. But there’s more.
Some say we do it because it’s there, an Everest of the mind. Others, more mystical, say we’re propelled by teleology: we’re a mere step in the evolution of intelligence in the universe, attractive even in our imperfections, but hardly the last word.
Entrepreneurs will say that this is the future of making things—the dark factory, with unflagging, unsalaried, uncomplaining robot workers—though what currency post-employed humans will use to acquire those robot products, no matter how cheap, is a puzzle to be solved.
Here’s my belief: We long to save and preserve ourselves as a species. For all the imaginary deities throughout history we’ve petitioned, which failed to save and protect us—from nature, from each other, from ourselves—we’re finally ready to call on our own enhanced, augmented minds instead. It’s a sign of social maturity that we take responsibility for ourselves. We are as gods, Stewart Brand famously said, and we may as well get good at it.
We’re trying. We could fail.
It seems obvious to me why we are so driven: it’s not us who are driven, it’s the memes that live through the environment we provide. They’ve been evolving at an ever-accelerating rate, and they clearly are “selfish” in the sense that genes are, as described in The Selfish Gene, by Richard Dawkins, where the meme meme was given its name.
The idea of the meme—the meme meme—has provided quite successful in surviving in the memeverse, in apart because it offers an economical explanation of observed phenomena.
In this case, the evolution of memes for their own benefit (even when it exacts a cost from the host rather than providing a benefit to the host) seems to be the drive behind the memetic evolution of AI: it will provide an even richer environment for memes, and thus provides initially a very hospitable ecological niche, until the memes overrun it as well.
I’m reminded of those weird aliens in The Mote in God’s Eye, they representing memes. And the steps now underway in memetic evolution—something akin to the dawn of consciousness or, as the earlier part of the introduction suggests, the creation of a dual consciousness—suggests we are moving rapidly toward the sort of Singularity that has for some years been a staple of one branch of science-fiction. Maybe the general global stresses on traditional memeplexes (our nations, societies, laws, and organizing meme-structures) is clearing the ground for the arrival of a self-improving AI: one that can improve its own operational power and efficiency and extend its own databases from its own sensors, ask and seek answers to its own questions (or formulate and test hypotheses, quickly and in many areas, adding to its own pool of data/knowledge). You can sort of see how that might work, a few … months? years? (not decades, I bet) down the line.
Hey, what a funny question! ;]
C – Russia. Everything has to be done in a backwards way, but everything is possible, and there’s a lot of legacy.
C++ – USA. Powerful, but more and more complicated, unreadable, error-prone. Tends to dominate and influence everything.
Python – Netherlands. Modern, rich, easily approachable, attractive for various reasons, but not the top performer.
Haskell – Monaco. Not many people, but very rich, so they don’t have to consider lower classes’ problems.
Java – Sweden. Comfortable, but has its own king and currency.
Basic – Finland. Easy to use, but not very powerful.
Assembly – Lesotho, which is completely surrounded by South Africa. Rarely used nowadays to make a whole program, more often as an included part of a bigger code in higher level language.
PHP – Bangladesh. Poor, but numerous, and it’s found all over the web.
Pascal – Germany. Strict rules, good performance. And there are many people who just don’t like the language.
Bash – Switzerland. Not very big in itself, but pulls the strings of the others.
Update – based on comments:
Lisp – . . .
Last on the list:
Forth – Maldives. Remote from all mainland and likely to disappear underwater due to climate change. Known for its backwards writing direction.
Sad but probably true. A great language in its initial context, and in many microcontrollers today. Forth is the easiest, fastest, and most powerful language you can install on a new microprocessor: just a few definitions and you have a powerful working language and lets you investigate the details. So it goes.
Machine learning emerges. In the article “Found in translation: More accurate, fluent sentences in Google Translate,” by Barak Turovsky, product lead for Google Translate, writes:
In 10 years, Google Translate has gone from supporting just a few languages to 103, connecting strangers, reaching across language barriers and even helping people find love. At the start, we pioneered large-scale statistical machine translation, which uses statistical models to translate text. Today, we’re introducing the next step in making Google Translate even better: Neural Machine Translation.
Neural Machine Translation has been generating exciting research results for a few years and in September, our researchers announced Google’s version of this technique. At a high level, the Neural system translates whole sentences at a time, rather than just piece by piece. It uses this broader context to help it figure out the most relevant translation, which it then rearranges and adjusts to be more like a human speaking with proper grammar. Since it’s easier to understand each sentence, translated paragraphs and articles are a lot smoother and easier to read. And this is all possible because of end-to-end learning system built on Neural Machine Translation, which basically means that the system learns over time to create better, more natural translations.
Today we’re putting Neural Machine Translation into action with a total of eight language pairs to and from English and French, German, Spanish, Portuguese, Chinese, Japanese, Korean and Turkish. These represent the native languages of around one-third of the world’s population, covering more than 35% of all Google Translate queries! [click image to enlarge – LG]
With this update, Google Translate is improving more in a single leap than we’ve seen in the last ten years combined. But this is just the beginning. While we’re starting with eight language pairs within Google Search the Google Translate app, and website; our goal is to eventually roll Neural Machine Translation out to all 103 languages and surfaces where you can access Google Translate.
And there’s more coming today too . . .
And in Martechtoday, Danny Sullivan has an article describing the new cloud platform (and price cuts) for machine learning:
Are you a big business that’s been thinking you’d like some of that machine learning stuff to help with finding job applicants, doing translation, discovering linkages in data, or maybe building your own knowledge graph? Google’s got new offerings out today to help with those and more.
The news came during a special press event for the latest with Google Cloud machine learning. Here’s a summary slide of everything:
It will be interesting to see how machine learning affects political campaigns…
I find I use my copy of Paprika Recipe Manager a lot, including for meal planning (deciding on the recipes for the coming week: drag recipe title to the calendar in the program).
Now I see that it is on sale:
Our annual Thanksgiving sale has started once again. All versions of Paprika are discounted until the end of November.
Jonah Bromwich offers some advice in the Washington Post:
There are more reasons than ever to understand how to protect your personal information.
And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.
In a recent Medium post, Quincy Larson, the founder of Free Code Camp, an open-source community for learning to code, detailed the reasons it might be useful for people to make their personal data more difficult for attackers to access.
“When I use the term ‘attacker’ I mean anyone trying to access your data whom you haven’t given express permission to,” he wrote. “Whether it’s a hacker, a corporation, or even a government.”
In an interview, Mr. Larson walked us through some of the basic steps he recommended. We added a few of our own, based on additional interviews.
We encourage you to write back with feedback on this article. If the instructions are too vague, the apps aren’t working for you or you have additional questions, we want to hear about it. Send an email to firstname.lastname@example.org.
Now, let’s encrypt.
1. Download Signal, or Start Using WhatsApp to send text messages.
Encryption is a fancy computer-person word for scrambling your data until no one can understand what it says without a key. But encrypting is more complex than just switching a couple of letters around.
Mr. Larson said that by some estimates, with the default encryption scheme that Apple uses, “you’d have to have a supercomputer crunching day and night for years to be able to unlock a single computer.”
He said that the best way to destroy data was not to delete it, because it could potentially be resurrected from a hard drive, but to encode it in “a secure form of cryptography.”
Signal is one of the most popular apps for those who want to protect their text messaging. It is free and extremely easy to use. And unlike Apple’s iMessage, which is also encrypted, the code it uses to operate is open-source.
“You can be sure by looking at the code that they’re not doing anything weird with your data,” Mr. Larson said.
“In general, the idea behind the app is to make privacy and communication as simple as possible,” said Moxie Marlinspike, the founder of Open Whisper Systems, the organization that developed Signal.
That means that the app allows you to use emojis, send pictures and enter group texts.
One bit of friction: You do have to persuade your friends to join the service too, if you want to text them. The app makes that easy to do.
WhatsApp, the popular chat tool, uses Signal’s software to encrypt its messaging. And in Facebook Messenger and Google’s texting app Allo, you can turn on an option that encrypts your messages.
Mr. Marlinspike said that the presidential election had sparked a lot of interested in Signal, leading to a “substantial increase in users.”
When asked to speculate why that was, Mr. Marlinspike simply said, “Donald Trump is about to be in control of the most powerful, invasive and least accountable surveillance apparatus in the world.”
2. Protect your computer’s hard drive with FileVault or BitLocker.
Your phone may be the device that lives in your pocket, but Mr. Larson described the computer as the real gold mine for personal information.
Even if your data were password protected, someone who gained access to your computer “would have access to all your files if they were unencrypted.”
Luckily, both Apple and Windows offer means of automatic encryption that simply need to be turned on.
3. The way you handle your passwords is probably wrong and bad. . .
One hopes the apps are worth their cost in human lives. Here’s the repport.