Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Submission + - SoftBank's Son Seeks to Build a $100 Billion AI Chip Venture (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: SoftBank Group Chief Executive Officer Masayoshi Son is looking to raise up to $100 billion for a chip venture that will rival Nvidia, Bloomberg News reported on Friday, citing people with knowledge of the matter. The project, code named Izanagi, will supply semiconductors essential for artificial intelligence (AI), the report added. The company would inject $30 billion in the project, with an additional $70 billion potentially coming from Middle Eastern institutions, according to the report.

The Japanese group already holds about a 90% stake in British chip designer Arm, per LSEG. SoftBank is known for its tech investments with high conviction bets on startups at an unheard of scale. But it had adopted a defensive strategy after being hit by plummeting valuations in the aftermath of the pandemic, when higher interest rates eroded investor appetite for risk. It returned to profit for the first time in five quarters earlier this month, as the Japanese tech investment firm was buoyed by an upturn in portfolio companies.

Submission + - California Bill Wants to Scrap Environmental Reviews To Save Downtown SF (sfchronicle.com)

Submitted by Anonymous Coward
An anonymous reader writes: San Francisco’s leaders have spent the past few years desperately trying to figure out how to deal with a glut of empty offices,shuttered retailandpublic safety concernsplaguing the city’s once vibrant downtown. Now, a California lawmaker wants to try a sweeping plan to revive the city’s core by exempting most new real estate projects from environmental review, potentially quickening development by months or even years. State Sen. Scott Wiener, D-San Francisco, introduced SB1227 on Friday as a proposal to exemptdowntown projectsfrom the California Environmental Quality Act, or CEQA, for a decade. The 1970 landmark law requires studies of a project’s expected impact on air, water, noise and other areas, but Wiener said it has been abused to slow down or kill infill development near public transit.

“Downtown San Francisco matters to our city’s future, and it’s struggling— to bring people back, we need to make big changes and have open minds,” Wiener said in a statement. “That starts with remodeling, converting, or even replacing buildings that may have become outdated and that simply aren’t going to succeed going forward.” Eligible projects would include academic institutions, sports facilities, mixed-use projects including housing, biotech labs, offices, public works and even smaller changes such as modifying an existing building’s exterior. The city’s existing zoning and permit requirements would remain intact. “We’re not taking away any local control,” Wiener said in an interview with the Chronicle on Friday.

California Sen. Scott Wiener is proposing a bill that, he said, would make it easier for San Francisco’s downtown area to recover from the pandemic. However, it’s not clear how much of an impact the bill would have if it’s eventually passed since other factors are at play. New construction has been nearly frozen in San Francisco since the pandemic, amid consistently high labor costs, elevated interest rates and weakening demand forboth apartmentsandcommercial space.Major developers have reiterated that they have no plans to start work on significant new projects any time soon. Last week, Kilroy Realty, which has approval for a massive 2.3 million-square-foot redevelopment ofSouth of Market’s Flower Mart, saidno groundbreakingsare planned this year— anywhere.

Submission + - New 'Gold Pickaxe' Android, iOS Malware Steals Your Face For Fraud (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

Submission + - SPAM: 737 Max Test Pilot Indicted in Texas

Submitted by ytene
ytene writes: Mark A. Forkner, on of Boeing's test pilots for the 737 Max, has been indicted for fraud by a federal grand jury in Texas.

What's interesting about this, however, is illustrated by comments made by the Department of Justice: “Forkner allegedly abused his position of trust by intentionally withholding critical information about MCAS during the FAA evaluation and certification of the 737 MAX and from Boeing’s U.S.based airline customers,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “In doing so, he deprived airlines and pilots from knowing crucial information about an important part of the airplane’s flight controls. Regulators like the FAA serve a vital function to ensure the safety of the flying public. To anyone contemplating criminally impeding a regulator’s function, this indictment makes clear that the Justice Department will pursue the facts and hold you accountable.”

This charge, however, seems to ignore the FAA's own responsibilities in aircraft certification, which include:-

"- A review of any proposed designs and the methods that will be used to show that these designs and the overall airplane complies with FAA regulations;
— Ground tests and flight tests to demonstrate that the airplane operates safely;
— An evaluation of the airplane's required maintenance and operational suitability for introduction of the airplane into service; and
— Collaboration with other civil aviation authorities on their approval of the aircraft for import."

In fact, the FAA's practice of embedding inspectors in the development programs of new aircraft and aircraft versions was set up precisely to catch these sorts of issues. In fact, the Department of Transport's Office of Inspector General released a report in February this year, slammed the agency's practice of allowing manufacturers to select, hire and pay inspectors to carry out what should be the FAA's role. Nor is this "new news", in that issues can be traced back to at least 2013.

Submission + - Missouri Governor Threatens to Prosecute Reporter Who Discovered Vulnerability (stlpublicradio.org) 4

Submitted by cube farmer
cube farmer writes: In a confluence of information security, freedom of the press, political intrigue, and misuse of the term "hacker", Missouri governor Mike Parson has opened an investigation into St. Louis Post-Dispatch reporter Josh Renaud. The reporter disclosed a State of Missouri website vulnerability that exposed social security numbers and other personally identifiable information ahead of publishing a story revealing the issue. Did the reporter violate the law?

Submission + - OpenBSD 7.0 released (openbsd.org)

Submitted by ArchieBunker
ArchieBunker writes: Everyone's favorite security focused operating system OpenBSD released version 7.0 today. In addition to the usual bug fixes and performance enhancements support for RISC-V processors has been added.

Submission + - SPAM: Facebook rule protects journalists and activists as 'involuntary' public figures

Submitted by schwit1
schwit1 writes: “The social media company, which allows more critical commentary of public figures than of private individuals, is changing its approach on the harassment of journalists and ‘human rights defenders’, who it says are in the public eye due to their work rather than their public personas.”

Meet the new protected classes.
Link to Original Source

Submission + - SPAM: Merck Sells Federally Financed Covid Pill to US for 40x What It Costs to Make 2

Submitted by schwit1
schwit1 writes: Merck’s new ‘not Ivermectin’ Covid-19 treatment, molnupiravir, costs $17.74 to produce – yet the company is charging the US government $712 for the treatment – a 40x markup, according to The Intercept , citing a report issued last week by the Harvard School of Public Health and King’s College Hospital in London.

The pill, originally developed using US government funds as a possible treatment for Venezuelan equine encephalitis, cut the risk of hospitalization and death in half in a randomized trial of 775 adults with mild/moderate Covid who were considered at high risk for disease due to comorbidities such as obesity, diabetes, and heart disease. The trial was stopped early so the company could apply for an emergency use authorization (EUA). The drug did not benefit patients who were already hospitalized with severe disease.
Link to Original Source

Submission + - SPAM: How Coinbase Phishers Steal One-Time Passwords

Submitted by Anonymous Coward
An anonymous reader writes: A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

Holden’s team managed to peer inside some poorly hidden file directories associated with that phishing site, including its administration page. That panel, pictured in the redacted screenshot below, indicated the phishing attacks netted at least 870 sets of credentials before the site was taken offline. Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. “These guys have real-time capabilities of soliciting any input from the victim they need to get into their Coinbase account,” Holden said. Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

Holden said the phishing group appears to have identified Italian Coinbase users by attempting to sign up new accounts under the email addresses of more than 2.5 million Italians. His team also managed to recover the username and password data that victims submitted to the site, and virtually all of the submitted email addresses ended in “.it." But the phishers in this case likely weren’t interested in registering any accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail. After doing that several million times, the phishers would then take the email addresses that failed new account signups and target them with Coinbase-themed phishing emails. Holden’s data shows this phishing gang conducted hundreds of thousands of halfhearted account signup attempts daily. For example, on Oct. 10 the scammers checked more than 216,000 email addresses against Coinbase’s systems. The following day, they attempted to register 174,000 new Coinbase accounts.
Link to Original Source

Submission + - SPAM: AI Fake-Face Generators Can Be Rewound To Reveal the Real Faces They Trained On

Submitted by Anonymous Coward
An anonymous reader writes: Load up the website This Person Does Not Exist and it’ll show you a human face, near-perfect in its realism yet totally fake. Refresh and the neural network behind the site will generate another, and another, and another. The endless sequence of AI-crafted faces is produced by a generative adversarial network (GAN)—a type of AI that learns to produce realistic but fake examples of the data it is trained on. But such generated faces—which are starting to be used in CGI movies and ads—might not be as unique as they seem. In a paper titled This Person (Probably) Exists (PDF), researchers show that many faces produced by GANs bear a striking resemblance to actual people who appear in the training data. The fake faces can effectively unmask the real faces the GAN was trained on, making it possible to expose the identity of those individuals. The work is the latest in a string of studies that call into doubt the popular idea that neural networks are “black boxes” that reveal nothing about what goes on inside.

To expose the hidden training data, Ryan Webster and his colleagues at the University of Caen Normandy in France used a type of attack called a membership attack, which can be used to find out whether certain data was used to train a neural network model. These attacks typically take advantage of subtle differences between the way a model treats data it was trained on—and has thus seen thousands of times before—and unseen data. For example, a model might identify a previously unseen image accurately, but with slightly less confidence than one it was trained on. A second, attacking model can learn to spot such tells in the first model’s behavior and use them to predict when certain data, such as a photo, is in the training set or not.

Such attacks can lead to serious security leaks. For example, finding out that someone’s medical data was used to train a model associated with a disease might reveal that this person has that disease. Webster’s team extended this idea so that instead of identifying the exact photos used to train a GAN, they identified photos in the GAN’s training set that were not identical but appeared to portray the same individual—in other words, faces with the same identity. To do this, the researchers first generated faces with the GAN and then used a separate facial-recognition AI to detect whether the identity of these generated faces matched the identity of any of the faces seen in the training data. The results are striking. In many cases, the team found multiple photos of real people in the training data that appeared to match the fake faces generated by the GAN, revealing the identity of individuals the AI had been trained on.
Link to Original Source

Comment Totally obvious (Score 1) 215

WTF is a 39 YO man doing inside a dinosaur in the first place? He had to have had a BAC off the meter. The rest of the story follows naturally from there.
Explains why there was an immediate lack of suspicion of foul play.
Stupid drunks doing stupid things.

"It's OK, go back to your knitting, Grandma"

Slashdot Top Deals

The most exciting phrase to hear in science, the one that heralds new discoveries, is not "Eureka!" (I found it!) but "That's funny ..." -- Isaac Asimov

Close