SoylentNews

guest reader writes:

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla – Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000).

Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

Throughout the Pwn2Own Vancouver 2023 contest, security researchers will target products in enterprise applications, enterprise communications, local escalation of privilege (EoP), server, virtualization, and automotive categories.

[...] After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro's Zero Day Initiative publicly discloses them.

During last year's Vancouver Pwn2Own contest, security researchers earned $1,155,000 after hacking Windows 11 six times, Ubuntu Desktop four times, and successfully demonstrating three Microsoft Teams zero-days.

Previous:
Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
It's March 2018 and Your Windows PC Can Be Pwned By a Web Article

Original Submission

hubie writes:

Urban inequality in Europe and the United States is so severe that urban elites claim most of the benefits from the agglomeration effects that big cities provide, while large parts of urban populations get little to nothing:

In recent years, researchers from across disciplines have identified striking and seemingly universal relationships between the size of cities and their socioeconomic activity. Cities create more interconnectivity, wealth, and inventions per resident as they grow larger. However, what may be true for city populations on average, may not hold for the individual resident.

"The higher-than-expected economic outputs of larger cities critically depend on the extreme outcomes of the successful few. Ignoring this dependency, policy makers risk overestimating the stability of urban growth, particularly in the light of the high spatial mobility among urban elites and their movement to where the money is", says Marc Keuschnigg, associate professor at the Institute for Analytical Sociology at Linköping University and professor at the Institute of Sociology at Leipzig University.

[...] An individual's productivity depends on the local social environments in which they find themselves in. Because of the greater diversity in larger cities, skilled and specialized people are more likely to find others whose skills are complementary to their own. This allows for higher levels of productivity and greater learning opportunities in larger cities.

But, not everyone can access the productive social environments that larger cities provide. Different returns from context accumulate over time which gives rise to substantial inequality.

[...] Consequently, the initially successful individuals in the bigger cities increasingly distanced themselves from both the typical individual in their own city, creating inequality within the big cities, and the most successful individuals in smaller cities, creating inequality between cities.

Freeman writes:

https://arstechnica.com/science/2023/03/moderna-ceo-says-us-govt-got-covid-shots-at-discount-ahead-of-400-price-hike/

In congressional testimony Wednesday, Moderna CEO Stéphane Bancel unabashedly defended the company's plans to raise the US list price of its COVID-19 vaccines by more than 400 percent—despite creating the vaccine in partnership with the National Institutes of Health, receiving $1.7 billion in federal grant money for clinical development, and making roughly $36 billion from worldwide sales.

Bancel appeared this morning before the Senate's Health, Education, Labor, and Pensions committee, chaired by Sen. Bernie Sanders (I-Vt.), who has long railed at the pharmaceutical price gouging in the US and pushed for policy reforms. After thanking Bancel for agreeing to testify, Sanders didn't pull any punches. He accused Moderna of "profiteering" and sharing in the "unprecedented level of corporate greed" seen in the pharmaceutical industry generally.
[...]
Early doses were priced between $15 to $16, while the government paid a little over $26 for the updated booster shots. When federal supplies run out later this year and the vaccines move to the commercial market, Moderna will set the list price of its vaccine at $130.

"This vaccine would not exist without NIH's partnership and expertise, and the substantial investment of the taxpayers of this country," Sanders summarized. "And here is the thank you that the taxpayers of this country received from Moderna for that huge investment: They are thanking the taxpayers of the United States by proposing to quadruple the price of the COVID vaccine."

upstart writes:

In Memoriam: Gordon Moore, 1929 - 2023:

With great sadness, the Gordon and Betty Moore Foundation announces the passing of our founder, Gordon Moore.

With his characteristic humility and word economy, Gordon Moore once wrote "my career as an entrepreneur happened quite by accident." A brilliant scientist, business leader and philanthropist, Gordon co-founded and led two pioneering technology enterprises, Fairchild Semiconductor and Intel, and, with his wife, Betty, created one of the largest private grantmaking foundations in the U.S., the Gordon and Betty Moore Foundation.

He may argue that his career as an entrepreneur happened by accident, but his world-changing contributions did not. Never one to trumpet his own accomplishments, Gordon wasn't able to dissuade others from celebrating his wide and long-reaching legacy: the revolutionary technologies and breakthroughs, a long and generous history of philanthropy, and the very culture of experimentation, invention and relentless progress that now defines Silicon Valley.

It took decades for Gordon to be able to speak with a straight face of his eponymous "Moore's Law," the prophetic 1965 observation that became a cornerstone principle of innovation and driving force for the exponential pace of technological progress in the modern world. Gordon later observed that he had looked it up and was pleasantly surprised to find more references on the internet to "Moore's Law" than to "Murphy's Law."

Dubbed a "quiet revolutionary" by his biographers, Gordon always worked in the absence of any pretense or desire for recognition, driven instead by an exceptional curiosity, generosity and unassuming commitment to hard work.

Gordon was always a visionary. Even at the start of his career, he keenly recognized the impact that the technologies he was developing would have on the world. And at an industry event in 1979, he told an Intel audience: "We are bringing about the next great revolution in the history of mankind — the transition to the electronic age." (Moore's Law, Thackray, Brock and Jones).

Although Gordon was reluctant to spotlight his own contributions, his biographers have been less reticent about attribution. Gordon is simply, they argue, "the most important thinker and doer in the story of silicon electronics."

Original Submission

guest reader writes:

Why we can't keep our hands off chocolate bars and co.:

Chocolate bars, crisps and fries - why can't we just ignore them in the supermarket? Researchers at the Max Planck Institute for Metabolism Research in Cologne, in collaboration with Yale University, have now shown that foods with a high fat and sugar content change our brain: If we regularly eat even small amounts of them, the brain learns to consume precisely these foods in the future.

[...] To test this hypothesis, the researchers gave one group of volunteers a small pudding containing a lot of fat and sugar per day for eight weeks in addition to their normal diet. The other group received a pudding that contained the same number of calories but less fat. The volunteer's brain activity was measured before and during the eight weeks.

The brain's response to high-fat and high-sugar foods was greatly increased in the group that ate the high-sugar and high-fat pudding after eight weeks. This particularly activated the dopaminergic system, the region in the brain responsible for motivation and reward. "Our measurements of brain activity showed that the brain rewires itself through the consumption of chips and co. It subconsciously learns to prefer rewarding food. Through these changes in the brain, we will unconsciously always prefer the foods that contain a lot of fat and sugar," explains Marc Tittgemeyer, who led the study.

Journal paper highlights:
- Daily consumption of a high-fat/high-sugar snack alters reward circuits in humans
- Preference for low-fat food decreases while brain response to milkshake increases
- Neural computations that support adaptive associative learning are also enhanced
- Effects are observed despite no change in body weight or metabolic health

Journal Reference:
Sharmili Edwin Thanarajah, Alexandra G. DiFeliceantonio, Kerstin Albus, et al., Habitual daily intake of a sweet and fatty snack modulates reward processing in humans [open], Cell Metabolism, 2023, ISSN 1550-4131, https://doi.org/10.1016/j.cmet.2023.02.015

Original Submission

Freeman writes:

https://arstechnica.com/cars/2023/03/ford-will-lose-3-billion-on-electric-vehicles-in-2023-it-says/

There's no doubt that Ford is embracing electrification. It was first to market with an electric pickup truck for the US market, and a darn good one at that. It has a solid midsize electric crossover that's becoming more and more common on the road, even if it does still upset the occasional Mustangophile. And there's an electric Transit van for the trades. But its electric vehicle division will lose $3 billion this year as it continues to build new factories and buy raw materials.

The news came in a peek into Ford's financials released this morning. As we reported last year, Ford has split its passenger vehicle operations into two divisions. Electric vehicles fall under Ford Model e, with internal combustion engine-powered Fords (including hybrids and plug-in hybrids) falling under Ford Blue. The move was in large part to placate investors and analysts, no doubt starry-eyed during a time when any EV-related stock was booming.

Related:
Tesla Exceeded Revenue Estimates in Q4 2021 by More than $1 Billion (20220127)
Tesla Burns More Cash, Fails to Meet Production Targets (20171102)
Ford Investing $4.5 Billion to Bring Electrification to 40% of Its Vehicles by 2020 (20151214)

Original Submission

Freeman writes:

https://arstechnica.com/information-technology/2023/03/ethical-ai-art-generation-adobe-firefly-may-be-the-answer/

On Tuesday, Adobe unveiled Firefly, its new AI image synthesis generator. Unlike other AI art models such as Stable Diffusion and DALL-E, Adobe says its Firefly engine, which can generate new images from text descriptions, has been trained solely on legal and ethical sources, making its output clear for use by commercial artists. It will be integrated directly into Creative Cloud, but for now, it is only available as a beta.

Since the mainstream debut of image synthesis models last year, the field has been fraught with issues around ethics and copyright. For example, the AI art generator called Stable Diffusion gained its ability to generate images from text descriptions after researchers trained an AI model to analyze hundreds of millions of images scraped from the Internet. Many (probably most) of those images were copyrighted and obtained without the consent of their rights holders, which led to lawsuits and protests from artists.

Related:
Paper: Stable Diffusion "Memorizes" Some Images, Sparking Privacy Concerns
90% of Online Content Could be 'Generated by AI by 2025,' Expert Says
Getty Images Targets AI Firm For 'Copying' Photos
Adobe Stock Begins Selling AI-Generated Artwork
A Startup Wants to Democratize the Tech Behind DALL-E 2, Consequences be Damned
Adobe Creative Cloud Experience Makes It Easier to Run Malware
Adobe Goes After 27-Year Old 'Pirated' Copy of Acrobat Reader 1.0 for MS-DOS
Adobe Critical Code-Execution Flaws Plague Windows Users
When Adobe Stopped Flash Content from Running it Also Stopped a Chinese Railroad
Adobe Has Finally and Formally Killed Flash
Adobe Lightroom iOS Update Permanently Deleted Users' Photos

Original Submission

upstart writes:

A drone with 5 degrees of freedom can safely detect buried objects from the air:

Metal detecting can be a fun hobby, or it can be a task to be completed in deadly earnest—if the buried treasure you're searching for includes land mines and explosive remnants of war. This is an enormous, dangerous problem: Something like 12,000 square kilometers worldwide are essentially useless and uninhabitable because of the threat of buried explosives, and thousands and thousands of people are injured or killed every year.

[...] Because the majority of mines are triggered by pressure or direct proximity, it may seem that a drone would be the ideal way to detect them nonexplosively. However, unless you're only detecting over a perfectly flat surface (and perhaps not even then) your detector won't be positioned ideally most of the time, and you might miss something, which is not a viable option for mine detection.

But now a novel combination of a metal detector and a drone with 5 degrees of freedom is under development at the Autonomous Systems Lab at ETH Zurich. It may provide a viable solution to remote land-mine detection, by using careful sensing and localization along with some twisting motors to keep the detector reliably close to the ground.

owl writes:

http://www.righto.com/2023/03/8086-multiplication-microcode.html

While programmers today take multiplication for granted, most microprocessors in the 1970s could only add and subtract — multiplication required a slow and tedious loop implemented in assembly code. One of the nice features of the Intel 8086 processor (1978) was that it provided machine instructions for multiplication,2 able to multiply 8-bit or 16-bit numbers with a single instruction. Internally, the 8086 still performed a loop, but the loop was implemented in microcode: faster and transparent to the programmer. Even so, multiplication was a slow operation, about 24 to 30 times slower than addition.

In this blog post, I explain the multiplication process inside the 8086, analyze the microcode that it used, and discuss the hardware circuitry that helped it out.3 My analysis is based on reverse-engineering the 8086 from die photos. The die photo below shows the chip under a microscope. I've labeled the key functional blocks; the ones that are important to this post are darker. At the left, the ALU (Arithmetic/Logic Unit) performs the arithmetic operations at the heart of multiplication: addition and shifts. Multiplication also uses a few other hardware features: the X register, the F1 flag, and a loop counter.

Original Submission

An Anonymous Coward writes:

The situation for the Latitude hack has become worse with the owners forced to take the site offline.

The non-bank lender confirmed that Medicare numbers and "copies of passports or passport numbers" were included in the theft of personal information affecting approximately 333,000 customers and applicants.

[...] Latitude said of the stolen information, approximately 96 per cent was "copies of drivers' licences or driver licence numbers", "less than 4 per cent was copies of passports or passport numbers" and "less than 1 per cent was Medicare numbers".

"Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners," the statement said.

[...] But frustrated customers have hit out at Latitude's handling of the hacking describing it as "pathetic" and "disgusting".

"How long will it take to find out if I am affected? If my details have been stolen I'd like to know now. Identity theft and/or financial ruin due to your lack of security and saving items such as my drivers licence is not okay," one woman wrote on social media.

"We need more information asap," one woman pleaded. "Do we need to change our licences, change our bank accounts? As this has been happening lots what have you done with your cyber security? As a ex Security officer this is a major huge breach and should not happen. Someone dropped the ball big time."

Previously it had only been confirmed that drivers' licences were taken.

Original Submission

guest reader writes:

Fourier Transformations Reveal How AI Learns Complex Physics:

One of the oldest tools in computational physics — a 200-year-old mathematical technique known as Fourier analysis — can reveal crucial information about how a form of artificial intelligence called a deep neural network learns to perform tasks involving complex physics like climate and turbulence modeling, according to a new study.

In the paper, Hassanzadeh, Adam Subel and Ashesh Chattopadhyay, both former students, and Yifei Guan, a postdoctoral research associate, detailed their use of Fourier analysis to study a deep learning neural network that was trained to recognize complex flows of air in the atmosphere or water in the ocean and to predict how those flows would change over time. Their analysis revealed "not only what the neural network had learned, it also enabled us to directly connect what the network had learned to the physics of the complex system it was modeling," Hassanzadeh said.

"Deep neural networks are infamously hard to understand and are often considered 'black boxes,'" he said. "That is one of the major concerns with using deep neural networks in scientific applications. The other is generalizability: These networks cannot work for a system that is different from the one for which they were trained."

Hassanzadeh's team first performed the Fourier transformation on the equation of its fully trained deep-learning model. Each of the model's approximately 1 million parameters act like multipliers, applying more or less weight to specific operations in the equation during model calculations. In an untrained model, parameters have random values. These are adjusted and honed during training as the algorithm gradually learns to arrive at predictions that are closer and closer to the known outcomes in training cases. Structurally, the model parameters are grouped in some 40,000 five-by-five matrices, or kernels.

hubie writes:

Reflections in time instead of space:

Walk through a maze of mirrors, you'll soon come face to face with yourself. Your nose meets your nose, your fingertips touch at their phantom twins, stopped abruptly by a boundary of glass.

Most of the time, a reflection needs no explanation. The collision of light with the mirror's surface is almost intuitive, its rays set on a new path through space with the same ease as a ball bouncing off a wall.

For over sixty years, however, physicists have considered a subtly different kind of reflection. One that occurs not through the three dimensions of space, but in time.

Now researchers from the City University of New York's Advanced Science Research Center (CUNY ASRC) have turned the theory of 'time reflections' into practice, providing the first experimental evidence of its manipulation across the electromagnetic spectrum.

[...] Put aside thoughts of TARDIS-like technologies rewriting history. This kind of time reflection is even weirder. And, it seems, actually possible after all.

By the 1970s, it was becoming clear that there was an analog for spatial reflection in the time component of a quantum wave of light. Change the medium a wave is traveling through quickly enough, in just the right way, and the temporal component of the wave will change with it.

The effect of this reflection in time isn't going to rip a hole in reality. But It will shift the frequency of the wave, in ways technology could exploit across varied fields like imaging, analogue computing, and optical filtering.

Strangely, the 'echo' of altered frequency is also a reversal of the signal. If it was an echo of your voice counting one to ten, you'd hear each number spoken backwards, from ten back to one, in a chipmunk squeak.

upstart writes:

Russian coders blocked from contributing to FOSS tools:

The Reg has seen two recent incidents of Russian developers being blocked from public development of FOSS code. One was a refusal on the Linux kernel mailing list, the other a more general block on Github. In the last week, these events have both caused active, and sometimes heated, discussions in FOSS developer communities.

The GitHub account of developer Alexander Amelkin has been blocked, and his repositories marked as "archived" – including ipmitool, whose README describes it as "a utility for managing and configuring devices that support the Intelligent Platform Management Interface." Unable to comment on Github itself, Amelkin described what happened on the project's older Soureforge page:

Sorry to say, but on March 1st without any prior notice or any explanation whatsoever, GitHub has suspended my personal account and made orphan all the projects that I owned/maintained.

That includes ipmitool and frugen.

This mailing list and the old sourceforge project page are the only means of communication with you that I have left. I am currently searching for a way to unblock my GitHub or (less preferably) migrate ipmitool once again to another less hostile service.

Amelkin works for Russian chipbuilder Yadro, which we described as working on RISC-V chips back in 2021. Microsoft is just obeying US law in this: according to the War and Sanctions database of the Ukrainian National Agency on Corruption Prevention, the NACP, Yadro is a sanctioned company.

However, on LinkedIn, Amelkin disputes his employer's involvement:

You may rest assured that this "sanctioned corporation" takes no part in this awful war, and even if making civilian server products can be viewed as somehow taking part, that part is definitely far less than what, say, BMW or Bosch took in WW2, yet nobody seems to have cancelled them or at least remembered what they've done, let alone their individual employees. All this is stupid, xenophobic and racist. Especially you labelling me as a terrorist on the basis of my ethnicity.

upstart writes:

Some of the two-legged dinosaurs called theropods grew to enormous size, but new research shows that they did not all attain their final size the same way:

When the paleontologist Michael D'Emic cut into the bones of Majungasaurus, a relative of Tyrannosaurus rex that roamed Madagascar 70 million years ago, he suspected that surprises might be hiding in them. But what he found defied all expectations.

Majungasaurus adults measured up to 7 meters from snout to tail and could weigh 1,000 kilograms. Paleontologists had thought that big dinosaurs like these massive carnivores achieved their stature through rapid growth spurts. But the fossil bones revealed a different story. "Unlike carnivorous dinosaurs that had been studied up until then," D'Emic said, the Majungasaurus grew "really, really slowly."

Puzzled, he sliced up a close relative of the dinosaur — a Ceratosaurus from North America, which was roughly the same length and weight — to see if it grew slowly too. This time, "we got the opposite result," he said. "It grew just about faster than any carnivorous dinosaur I've ever seen."

What followed for D'Emic was a decade-long whirlwind of peering at bones for clues to how dinosaurs grew. His analysis of 42 different dinosaur species, recently published in Science, demonstrates that the "get big fast" mode of growth was less predominant than researchers have assumed.

[...] Whether an animal grows quicker and faster or slower and longer might seem like a nitpicky distinction. But an animal's growth trajectory provides insights into its life and the world it inhabited. Fast-growing animals can overpower potential predators and outcompete other species, but they need plenty of food and other resources. Growing slowly is riskier, but it allows an animal to survive on less during hard times. The bones of Majungasaurus, for example, confirm that, as the top predator in its ancient ecosystem, it had the luxury of developing at a leisurely pace.

upstart writes:

Silicon Labs is hoping more device makers will follow suit and use their teeny xG27 SoC to make medical and wearable devices:

Miniaturizing tech is a perpetual challenge for wearable makers. The smaller the device, the better it is for wearability. The thing is, that usually comes at the expense of battery life. However, Silicon Labs is hoping its latest xG27 chipset is small and energy-efficient enough to spark some big ideas in the medical tech space — like a saliva reader that's so tiny it can be mounted onto a tooth.

According to Silicon Labs, the xG27 family of SoCs consists of the BG27 and the MG27. Both are built around the ARM Cortex M33 processor, but the BG27 focuses on Bluetooth, while the MG27 supports Zigbee and other protocols. As for how small these chips are, the xG27 SoCs range from 2mm-squared to 5mm-squared — roughly the width of a No. 2 pencil's lead tip to the width of the pencil itself. It's not the world's smallest Bluetooth chip, but Silicon Labs spokesperson Sam Ponedal tells The Verge that's only by "fractions of a millimeter."

This is neat from a technical perspective, but what's cooler is the BG27 is currently being used to develop an actual product — the aforementioned tooth-mounted wearable sensor. Lura Health, a medical device maker, says it's using the chip for its "salivary diagnostic sensor." The sensor is small enough to be glued to a molar (or placed inside a "smart retainer") with the intent of continually monitoring a patient's saliva. That, in turn, would allow dentists and clinicians to potentially test for more than 1,000 health conditions.

[...] As for other use cases, Silicon Labs says its chips are good candidates for medical patches, continuous glucose monitors, and wearable EKGs. That's because they can operate on as low as 0.8 volts and can switch to a "shelf mode" that reduces energy use during transportation and while stored on shelves. These features aren't quite as appealing in consumer wearables, but it opens the door for greater wearable use in hospitals and clinical settings.

Original Submission