Agregátor RSS

Data broker leaves 600K+ sensitive files exposed online

The Register - Anti-Virus - 27 Listopad, 2024 - 19:00
Researcher spotted open database before criminals … we hope

Exclusive  More than 600,000 sensitive files containing thousands of people's criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher.…

Kategorie: Viry a Červi

Vybíráme nejlepší hry pro PC. Velké tituly i originální nápady na nezávislé scéně | Vánoce ????

Živě.cz - 27 Listopad, 2024 - 18:45
Hledali jsme převážně v letošních novinkách, které vyšly v plné verzi. Hry v předběžném přístupu prozatím vynecháváme, jistě dostanou zasloužený prostor, až vyjdou v plné parádě.
Kategorie: IT News

Researchers discover first UEFI bootkit malware for Linux

Bleeping Computer - 27 Listopad, 2024 - 18:37
The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. [...]
Kategorie: Hacking & Security

Chinese hackers breached T-Mobile's routers to scope out network

Bleeping Computer - 27 Listopad, 2024 - 17:53
T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network.  [...]
Kategorie: Hacking & Security

10+ tips and services for new Bluesky users

Computerworld.com [Hacking News] - 27 Listopad, 2024 - 17:47

For the past two or three weeks, upstart social network Bluesky has been attracting large numbers of new users every day, a crowd that quite evidently includes many Apple device users — the app has at times topped Apple’s App Store charts in the run-up to Thanksgiving in the US. I’ve been using it for a little while and have collected a handful of hints and services that can optimize the experience for anyone migrating to the increasingly busy social network.

What’s interesting about Bluesky is that while it lacks some of the features you can find on other social sites, the conversation seems subjectively better and the lack of ads and sponsored posts — along with the absence of algorithmic recommendations from people you don’t want to hear from — make for a pleasant social media experience. 

A place for friends?

One thing about the service is that it is a good internet citizen, which means it does not throttle outbound links and does not punish posters by reducing visibility of their posts simply for sharing them. 

Among other things, this means traffic from the service to The Boston Globe is already three times what that publication achieves from Threads. It also means the Globe is seeing significantly more of those readers converting to a subscription account.

In other words, while at roughly 22 million users, Bluesky remains a relatively small service. But the people using it appear to be actively doing so, which means it can generate decent traffic. That openness also means that data you share via the service is in the clear and can and will be picked up to train AI models and so on. There is no privacy there, and this should be clearly understood — everything you post is out in the open, so don’t share what you don’t want everyone to know. At the same time, by virtue of the service being so open, it can deliver an even better experience with the help from third-party tools and services like these.

Thread summaries

One thing we all used to use in X, thread summaries aren’t natively available on Bluesky, but you can use Skyview to quickly and easily create summaries. Just mention @skyview.social with “unroll” anywhere in a thread and receive a link to view/share the entire conversation. The downside might be that all the unroll requests end up being visible on Skyview’s account (though to be fair, everything you do is already stored somewhere on every social media service — it’s just that Skyview lets you see it, too).

Publish threads

Back in the olden days it was possible to publish entire conversations using a link from what was then Twitter. These turned up across numerous websites and within innumerable stories. Then it got switched off. The good news is that to some extent the good times are back. To turn a thread into a shareable web page use Skywriter.blue, which turns a Bluesky post URL into a shareable webpage. While this doesn’t yet work as an embed, it is at least now a page.

Mute a thread

You might need to know this in case you get involved in a conversation that blows up and you don’t want to receive additional alerts concerning it. To mute a thread, just tap the three dots on the right of any post in that thread and then choose “Mute Thread” from the options there. Additional tools you’ll find when you tap those three dots include:

  • Translate
  • Copy post text
  • Send via direct message
  • Share
  • Mute words & tags
  • Hide reply for me.
What lists are you on?

If you are interested in finding out what lists you are on, who you have blocked, and who has blocked you, visit clearsky.app, enter the relevant handle, and take a look.

Find more Starter Packs

You’ll find a directory of all Starter Packs — collections of recommended people to follow usually chosen to represent specific topics or subject areas — at Blueskydirectory.com. Explore here to find more collections from which to cherry-pick those you wish to follow, or just explore the comic genius of this Starter Pack about men called Geoff.

Starter Packs can become lists

BlueSky users are incredibly busy building Starter Packs. They cover multiple bases — independent book publishersRStats Ecosystem Maintainersdogs of Bluesky, for example — and are maintained and provided by volunteers. The idea is that you can visit these collections and select people you want to follow or follow the entire list. It’s a good way to build a solid selection of feeds for your interests.

Lists are another thing. Lists are groups of accounts that can be used to curate feeds, follow interests, and so on. You might use these to track your favorite writers, researchers, or other high-profile people you want to keep an eye on — that way you don’t need to follow them. The great thing about lists is that, unlike Starter Packs, you can choose to create a separate feed in your own window that follows posts from that list; I follow the BlueSky Team list, for example. This lets me monitor posts in that list without following more people.

But what if you want to turn a Starter Pack into a list, so you can create your own window to follow? You can! Just use the Pack2List web app, where you can paste the URL of that Starter Pack and choose to follow it as a list. That means that all the content in one of those Starter Packs can be made easily available on your account without you following each person on the list.

More people to follow

One quick way to find other like-minded souls might be to find people you do not yet follow who are followed by lots of people you do follow. You do this using the Bluesky network analyzer, which you’ll find right here

Use Bluesky like Tweetdeck

Anyone out there with a memory that extends further than a few of months might remember Tweetdeck, the incredibly useful tool used by so many professionals to read and manage Tweets. Something very like it is now available to Bluesky users. Deck.Blue is an app you can connect to an account that lets you explore your “skeets’ in a multi-column layout, so you can monitor all your posts, posts from lists you follow, searches, notifications, hashtags — whatever you need. You can also use Deck.Blue to schedule posts, though this is currently a fee-based feature. The tool also works with Buffer, so you can monitor your LinkedIn, Mastodon, and Bluesky channels in one place.

Search tools

The search tools in Bluesky can help you in several ways, for example:

  • Find a specific phrase: Use quotes around keywords, such as “Austrian Airlines” to find skeets that include that phrase.
  • Hashtag search: Use any term with an # prefix to find any post with that tag. 
  • Find people: You can search for posts that mention specific people using their Bluesky handle or use from: and a user handle to find all posts from a user. 
  • URL: Paste in a URL to see all the posts that have shared that URL.

There are many more. Two additional third-party tools you should find useful are Skythread, which lets you search for a thread and comments using the thread link, and Label Scanner, which enables you to verify which labels have been applied to an account.

Alternative clients

Bluesky offers its own client, but the experience on an iPad is pretty bad. If you want to use the service on an iPad, take a look at Skeets, which is better and includes a host of additional features, some of which you must pay for. Other alternative Bluesky browsers include the aforementioned Deck.blueSkyFeed, and SkeetDeck. There are more, and with millions migrating to the service, it is likely additional options will appear pretty swiftly for a while.

You will need an app password to make any of these services work. Rather than using your actual account password, I utterly urge you to create an auxiliary app password. You can use this to give the clients the access they need to work for you, while keeping your primary password secure. Finally, for even more insights into using Bluesky, visit this page.

You can follow me on social media! Join me on BlueSky,  LinkedInMastodon, and MeWe

Kategorie: Hacking & Security

Aktualizace Windows 11 24H2 zlikvidovala některé díly Assassin's Creed nebo Star Wars Outlaws

Živě.cz - 27 Listopad, 2024 - 17:45
**V nedávno vydaných Windows 11 24H2 nefunguje několik her od Ubisoftu **Na seznamu jsou některé díly Assassin's Creed a Star Wars Outlaws **Hry zamrzají, ale příčinu ani jedna z firem neprozradila
Kategorie: IT News

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours

Bleeping Computer - 27 Listopad, 2024 - 17:15
Internet security giant Cloudflare announced that it lost 55% of all logs pushed to customers over a 3.5-hour period due to a bug in the log collection service on November 14, 2024. [...]
Kategorie: Hacking & Security

Co dělat, aby se iPhone v kapse nezablokoval na několik hodin. Máte na výběr tři efektivní řešení

Živě.cz - 27 Listopad, 2024 - 17:15
** iPhony se mohou v kapse samy odemknout a zablokovat se ** Stačí aktivace displeje a náhodné zadání zámku několikrát po sobě ** Pokud se to děje i u vašeho telefonu, existují tři cesty, jak z toho ven
Kategorie: IT News

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

The Hacker News - 27 Listopad, 2024 - 17:05
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
Kategorie: Hacking & Security

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

The Hacker News - 27 Listopad, 2024 - 17:05
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded
Kategorie: Hacking & Security

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

The Hacker News - 27 Listopad, 2024 - 17:05
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

The Hacker News - 27 Listopad, 2024 - 17:05
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Elektromobily s dojezdem aspoň 1000 km. Většinou jen slibují, některé už se dají koupit a jeden míří výrazně dál

Živě.cz - 27 Listopad, 2024 - 16:45
** Primární nedostatek elektromobilů známe – dojezd. ** Mercedes ujel v běžném provozu přes 1000 kilometrů na jedno nabití. ** Seznam elektromobilů, které se této metě blíží, nebo to slibují.
Kategorie: IT News

First-ever UEFI bootkit for Linux in the works, experts say

The Register - Anti-Virus - 27 Listopad, 2024 - 16:32
Bootkitty doesn’t bite… yet

Security researchers say they've stumbled upon the first-ever UEFI bootkit targeting Linux, illustrating a key moment in the evolution of such tools.…

Kategorie: Viry a Červi

Monitorix 3.16.0

AbcLinuxu [zprávičky] - 27 Listopad, 2024 - 16:22
Monitorix (Wikipedie), tj. svobodný software pro monitorování služeb a systémových zdrojů, byl po dvou letech vydán v nové verzi 3.16.0.
Kategorie: GNU/Linux & BSD

Niantic Is Training a Giant ‘Geospatial’ AI on Pokémon Go Data

Singularity HUB - 27 Listopad, 2024 - 16:00

If you want to see what’s next in AI, just follow the data. ChatGPT and DALL-E trained on troves of internet data. Generative AI is making inroads in biotechnology and robotics thanks to existing or newly assembled datasets. One way to glance ahead, then, is to ask: What colossal datasets are still ripe for the picking?

Recently, a new clue emerged.

In a blog post, gaming company Niantic said it’s training a new AI on millions of real-world images collected by Pokémon Go players and in its Scaniverse app. Inspired by the large language models powering chatbots, they call their algorithm a “large geospatial model” and hope it’ll be as fluent in the physical world as ChatGPT is in the world of language.

Follow the Data

This moment in AI is defined by algorithms that generate language, images, and increasingly, video. With OpenAI’s DALL-E and ChatGPT, anyone can use everyday language to get a computer to whip up photorealistic images or explain quantum physics. Now, the company’s Sora algorithm is applying a similar approach to video generation. Others are competing with OpenAI, including Google, Meta, and Anthropic.

The crucial insight that gave rise to these models: The rapid digitization of recent decades is useful for more than entertaining and informing us humans—it’s food for AI too. Few would have viewed the internet in this way at its advent, but in hindsight, humanity has been busy assembling an enormous educational dataset of language, images, code, and video. For better or worse—there are several copyright infringement lawsuits in the works—AI companies scraped all that data to train powerful AI models.

Now that they know the basic recipe works well, companies and researchers are looking for more ingredients.

In biotech, labs are training AI on collections of molecular structures built over decades and using it to model and generate proteins, DNA, RNA, and other biomolecules to speed up research and drug discovery. Others are testing large AI models in self-driving cars and warehouse and humanoid robots—both as a better way to tell robots what to do, but also to teach them how to navigate and move through the world.

Of course, for robots, fluency in the physical world is crucial. Just as language is endlessly complex, so too are the situations a robot might encounter. Robot brains coded by hand can never account for all the variation. That’s why researchers are now building large datasets with robots in mind. But they’re nowhere near the scale of the internet, where billions of humans have been working in parallel for a very long time.

Might there be an internet for the physical world? Niantic thinks so. It’s called Pokémon Go. But the hit game is only one example. Tech companies have been creating digital maps of the world for years. Now, it seems likely those maps will find their way into AI.

Pokémon Trainers

Released in 2016, Pokémon Go was an augmented reality sensation.

In the game, players track down digital characters—or Pokémon—that have been placed all over the world. Using their phones as a kind of portal, players see characters superimposed on a physical location—say, sitting on a park bench or loitering by a movie theater. A newer offering, Pokémon Playground, allows users to embed characters at locations for other players. All this is made possible by the company’s detailed digital maps.

Niantic’s Visual Positioning System (VPS) can determine a phone’s position down to the centimeter from a single image of a location. In part, VPS assembles 3D maps of locations classically, but the system also relies on a network of machine learning algorithms—one or more per location—trained on years of player images and scans taken at various angles, times of day, and seasons and stamped with a position in the world.

“As part of Niantic’s Visual Positioning System (VPS), we have trained more than 50 million neural networks, with more than 150 trillion parameters, enabling operation in over a million locations,” the company wrote in its recent blog post.

Now, Niantic wants to go further.

Instead of millions of individual neural networks, they want to use Pokémon Go and Scaniverse data to train a single foundation model. Whereas individual models are constrained by the images they’ve been fed, the new model would generalize across all of them. Confronted with the front of a church, for example, it would draw on all the churches and angles it’s seen—front, side, rear—to visualize parts of the church it hasn’t been shown.

This is a bit like what we humans do as we navigate the world. We might not be able to see around a corner, but we can guess what’s there—it might be a hallway, the side of a building, or a room—and plan for it, based on our point of view and experience.

Niantic writes that a large geospatial model would allow it to improve augmented reality experiences. But it also believes such a model might power other applications, including in robotics and autonomous systems.

Getting Physical

Niantic believes it’s in a unique position because it has an engaged community contributing a million new scans a week. In addition, those scans are from the view of pedestrians, as opposed to the street, like in Google Maps or for self-driving cars. They’re not wrong.

If we take the internet as an example, then the most powerful new datasets may be collected by millions, or even billions, of humans working in concert.

At the same time, Pokémon Go isn’t comprehensive. Though locations span continents, they’re sparse in any given place and whole regions are completely dark. Further, other companies, perhaps most notably, Google, have long been mapping the globe. But unlike the internet, these datasets are proprietary and splintered.

Whether that matters—that is, whether an internet-sized dataset is needed to make a generalized AI that’s as fluent in the physical world as LLMs are in the verbal—isn’t clear.

But it’s possible a more complete dataset of the physical world arises from something like Pokémon Go, only supersized. This has already begun with smartphones, which have sensors to take images, videos, and 3D scans. In addition to AR apps, users are increasingly being incentivized to use these sensors with AI—like, taking a picture of a fridge and asking a chatbot what to cook for dinner. New devices, like AR glasses could expand this kind of usage, yielding a data bonanza for the physical world.

Of course, collecting data online is already controversial, and privacy is a big issue. Extending those problems to the real world is less than ideal.

After 404 Media published an article on the topic, Niantic added a note, “This scanning feature is completely optional—people have to visit a specific publicly-accessible location and click to scan. This allows Niantic to deliver new types of AR experiences for people to enjoy. Merely walking around playing our games does not train an AI model.” Other companies, however, may not be as transparent about data collection and use.

It’s also not certain new algorithms inspired by large language models will be straightforward. MIT, for example, recently built a new architecture aimed specifically at robotics. “In the language domain, the data are all just sentences,” Lirui Wang, the lead author of a paper describing the work, told TechCrunch.  “In robotics, given all the heterogeneity in the data, if you want to pretrain in a similar manner, we need a different architecture.”

Regardless, researchers and companies will likely continue exploring areas where LLM-like AI may be applicable. And perhaps as each new addition matures, it will be a bit like adding a brain region—stitch them together and you get machines that think, speak, write, and move through the world as effortlessly as we do.

Image: Kamil Switalski on Unsplash

Kategorie: Transhumanismus

Download our Windows Repair Upgrade Cheat Sheet

Computerworld.com [Hacking News] - 27 Listopad, 2024 - 16:00

Download the PDF Computerworld Cheat Sheet today.

Kategorie: Hacking & Security

Automating endpoint management

The Register - Anti-Virus - 27 Listopad, 2024 - 15:53
Addressing the challenges of patching and vulnerability remediation

Webinar  Managing endpoints efficiently has perhaps never been more important or more complex. …

Kategorie: Viry a Červi

Z Londýna do New Yorku za 3,5 hodiny? Zkušební stroj Boom Supersonic dosáhl rekordní výšky

Živě.cz - 27 Listopad, 2024 - 15:45
Před více než dvaceti lety jsme se rozloučili s legendárním Concordem, jehož poslední let ukončil éru komerčního nadzvukového létání. Důvodem byly vysoké provozní náklady a hlučné sonické třesky, které v roce 1973 vedly k zákazu nadzvukových letů nad pevninou. Nyní firma Boom Supersonic se svým ...
Kategorie: IT News
Syndikovat obsah