nihil.
6 stories
·
7 followers

Hiding Malware in ML Models

1 Comment and 2 Shares

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”.

Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability. By embedding malware into the neurons, malware can be delivered covertly with minor or even no impact on the performance of neural networks. Meanwhile, since the structure of the neural network models remains unchanged, they can pass the security scan of antivirus engines. Experiments show that 36.9MB of malware can be embedded into a 178MB-AlexNet model within 1% accuracy loss, and no suspicious are raised by antivirus engines in VirusTotal, which verifies the feasibility of this method. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks.

News article.

Read the whole story
guilhermea
6 days ago
reply
London, England
Share this story
Delete
1 public comment
sness
6 days ago
reply
noice
milky way

It's not remote if you have to go to the office

1 Comment
As companies begin to experiment with pulling people back to the office, you're hearing a lot of talk about hybrid work arrangements. Work at the office a few days a week, work remotely the other days.

In general I think that's a fair approach for a lot of companies. But it's not remote work. That's work from the office + work from home work. If you have to go into a physical office, it's not remote work. You can't work remotely if you have to still work locally.

Remote work means working from anywhere. Moving or traveling without penalty. If you have to commute, you can't work remotely. On the other hand, if you can get up and move to a new city and keep your job (without transferring to another local office in the new city), that's remote work.

Remote work is ultimately about flexibility and optionality. Working from home is ultimately about being close enough to go to an office. Nothing wrong with a work from home situation, but it's not remote working. Beware companies that call it remote work if there are office visits attached. There's a good chance over time that you'll be required to be at the office more and more. If they can pull you in, they will pull you in.

To be clear, there's nothing wrong with being required to work in an office. If that's the policy, and you like the company, office, and commute, it may, in fact, be the best fit. But if you're looking for true remote work, be sure not to get caught with in-office requirements, or overly-specific geographic requirements. Time zone coverage or team overlaps are one thing, but requiring a relatively narrow radius around a corporate office means you'll be pinned to working from home, not working remotely.
Read the whole story
guilhermea
18 days ago
reply
To each their own, but I see nothing perky about working from home when "home" has to be in an expensive/crowded city like London. Especially if your team's communication has simply shifted to video calls all day.
London, England
Share this story
Delete

We Got the Phone the FBI Secretly Sold to Criminals

2 Shares
Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The sleek, black phone seems perfectly normal.

Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings.

Clicking the calculator doesn't open a calculator—it opens a login screen.

"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app.

The person Motherboard bought the phone from said they panicked "when I realised what I had just purchased." Motherboard granted the person anonymity to protect them from any retaliation.

Do you know anything else about Anom? Were you a user? Did you work for the company? Did you work on the investigation? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries. They said they contacted the Australian Federal Police (AFP) in case the phone or the person who sold it was of interest to them; when the AFP didn't follow up, the person agreed to sell the phone to Motherboard for the same price they paid. They said they originally bought it from a site similar to Craigslist.

Another person Motherboard spoke to who bought one of the phones said they were in Lithuania.

A photo of the security settings page of the Anom device. Image: Motherboard.

"I bought this phone online, for ridiculously low price, now I understand why," that second person said. That person also provided Motherboard with photos and a video of their device. In that case, the Anom login screen appeared inaccessible, but other settings such as the decoy PIN code remained. "Probably this phone was used by some drug dealer :D," they said.

For the past few months, members of Android hobbyist and developer forums have been trying to help the people who bought the strange phones return them to a usable state.

"I cannot install any apps because there is no [App Store], everything has been removed," one person who said they bought the phone second-hand wrote on a German language forum in March, before the FBI and its partners stopped the operation.

"If he also had access to/data, he could change all of the cell phone's settings manually," one forum user replied.

A photo of the scrambled PIN entry screen on the Anom device. Image: Motherboard.

"That's strange... You have the boot screen saying that the phone has been modified, yet you seem to have a locked bootloader... Doesn't make any sense to me :/," a user on another forum replied to someone facing similar issues.

"I have the same thing. A friend got a used pixel 4a and it's running arcaneos with the same issues described by the OP. Nothing works when attempting to flash," someone else added to the thread.

After Motherboard determined that ArcaneOS was linked to the Anom devices and had bought the phone, someone else on one of the forums also made the connection.

"This is a phone the used with that FBI ANON [sic] application to read the message with the users," a user wrote on a thread. That user did not respond to a request for comment on how they also came to the same conclusion.

Besides ArcaneOS, the phone has a few other interesting features and settings.

Ordinarily, Android phones have a setting to turn location tracking off or on. There appears to be no setting for either on this device.

The phone offers "PIN scrambling," where the PIN entry screen will randomly rearrange the digits, potentially stopping third-parties from figuring out the device's passcode if watching someone type it in. The status bar at the top of the screen includes a shortcut for what appears to be a wipe feature on the phone, with an icon showing a piece of paper going through a shredder. Users can also set up a "wipe code," which will wipe the device from the lockscreen, and configure the phone to automatically wipe if left offline for a specific period of time, according to the phone's settings reviewed by Motherboard.

Encrypted phone companies typically offer similar data destruction capabilities, and at least in some cases companies have remotely wiped phones while they're in authorities' possession, hindering investigations. The Department of Justice has charged multiple people who allegedly worked for Anom in part for obstructing law enforcement by using this wipe feature.

Daniel Micay, lead developer of security and privacy focused Android operating system GrapheneOS, also provided Motherboard with images someone had recently sent him of a third Anom device. That phone was a Google Pixel 3a, suggesting Anom loaded its software onto multiple iterations of phones over time, and the Anom login screen was not immediately accessible.

"The calculator theoretically opens chat but it doesn't work anymore. They said it requires entering a specific calculation," Micay said. "Quite amusing security theater."

A photo of the hidden apps page of the Anom device. Image: Motherboard.

A photo of the normal apps page of the Anom device. Image: Motherboard.

Micay said others claimed that Anom used GrapheneOS itself, but "it sounds like they may have advertised it to some people by saying it uses GrapheneOS but it has no basis."

"Basically [it] sounds like people have heard of GrapheneOS so these companies either use it in some way (maybe actual GrapheneOS, maybe a fork) or just claim they did when they didn't," he said.

The phone obtained by Motherboard and the one included in the video both have an identical list of contacts saved to the innocuous looking section of the device. However, at least some of these appear to be placeholder contacts generated by a specific tool available on Github. None of the people included in the contact list responded to a request for comment.

With its wipe features and the hidden user interface, the Anom device does look like one from any of the other encrypted phone firms that serious organized criminals have used in the past, such as Encrochat and Phantom Secure. That was very much on purpose, according to Andrew Young, a partner in the Litigation Department in law firm Barnes & Thornburg’s San Diego office and former Department of Justice lead prosecutor on the Anom case.

"We can't just run a good investigation; we have to run a good company," he previously told Motherboard in a phone call. That included providing customer service and solving users' tech issues, and potentially dealing with hackers who may target the company too.

Anom started when an FBI confidential human source (CHS), who had previously sold devices from Phantom Secure and another firm called Sky Global, was developing their own product. The CHS then "offered this next generation device, named 'Anom,' to the FBI to use in ongoing and new investigations," court documents read.

In June the FBI and its law enforcement partners in Australia and Europe announced over 800 arrests after they had surreptitiously been listening in on Anom users' messages for years. In all, authorities obtained over 27 million messages from over 11,800 devices running the Anom software in more than 100 countries by silently adding an extra encryption key which allowed agencies to read a copy of the messages. People allegedly smuggling cocaine hidden inside cans of tuna, hollowed out pineapples, and even diplomatic pouches all used Anom to coordinate their large-scale trafficking operations, according to court documents.

The FBI declined to comment.

Subscribe to our cybersecurity podcast, CYBER.

Read the whole story
guilhermea
21 days ago
reply
London, England
Share this story
Delete

Vulnerability in the Kaspersky Password Manager

1 Share

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords:

The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds. This article explains how to securely generate passwords, why Kaspersky Password Manager failed, and how to exploit this flaw. It also provides a proof of concept to test if your version is vulnerable.

The product has been updated and its newest versions aren’t affected by this issue.

Stupid programming mistake, or intentional backdoor? We don’t know.

More generally: generating random numbers is hard. I recommend my own algorithm: Fortuna. I also recommend my own password manager: Password Safe.

EDITED TO ADD: Commentary from Matthew Green.

Read the whole story
guilhermea
21 days ago
reply
London, England
Share this story
Delete

U.S. Citizenship exam from 1944

1 Comment and 2 Shares

Here is one sample question:

Which of the following states seceded during the Civil War?

The choices are Kentucky, Maryland, Delaware, Florida.

Or try this one:

What evidence is required for a citizen to be convicted of treason?

The options are:

— It varies by state

— Nothing beyond what is needed to convict an ordinary crime

— The testimony of two eyewitnesses or a open confession in court

— The testimony of two eyewitnesses and an open confession in court

Here is the full Bloomberg piece by David Shipley.  There are many more questions — how many would you get?

The post U.S. Citizenship exam from 1944 appeared first on Marginal REVOLUTION.

Read the whole story
guilhermea
28 days ago
reply
Contrast to the UK’s “what time do pubs open?”, or “which of these British actors won an Academy Award in 2011?”
London, England
fxer
27 days ago
“Who is your favorite Cumberbatch”
samuel
28 days ago
reply
Cambridge, Massachusetts
Share this story
Delete

Saturday Morning Breakfast Cereal - The End

8 Shares


Click here to go see the bonus panel!

Hovertext:
This is only speculative, but it seems probable to me.


Today's News:
Read the whole story
guilhermea
32 days ago
reply
London, England
popular
41 days ago
reply
Share this story
Delete