Tag Archives: isn’t

The uphill battle of beating back weaponized AI

Artificial intelligence isn’t just for the law-abiding. Machine learning algorithms are as freely available to cybercriminals and state-sponsored actors as they are to financial institutions, retailers and insurance companies.

“When we look especially at terrorist groups who are exploiting social media, [and] when we look at state-sponsored efforts to influence and manipulate, they’re using really powerful algorithms that are at everyone’s disposal,” said Yasmin Green, director of research and development at Jigsaw, a technology incubator launched by Google to try to solve geopolitical problems.

Criminals need not develop new algorithms or new AI, Green said at the recent EmTech conference in Cambridge, Mass. They can and are exploiting what is already out there to manipulate public opinion.

The good news about weaponized AI? The tools to combat these nefarious efforts are also advancing. One promising lead, according to Green, is bad actors don’t exhibit the same kinds of online behavior that typical users do. And security experts are hoping to exploit the behavioral “tells” they’re seeing — with the help of machines, of course.

Variations on weaponized AI

Cybercriminals and internet trolls are adept at using AI to simulate human behavior and trick systems or peddle propaganda. The online test used to tell humans from machines, CAPTCHA, is continuously bombarded by bad guys trying to trick it.

In an effort to stay ahead of cybercriminals, CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, has had to evolve, creating some unanticipated consequences, according to Shuman Ghosemajumder, CTO at Shape Security in Mountain View, Calif. Recent data from Google shows that humans solve CAPTCHAs just 33% of the time. That’s compared to state-of-the-art machine learning optical character recognition technology that has a solve rate of 99.8%.

“This is doing exactly the opposite of what CAPTCHA was originally intended to do,” Ghosemajumder said. “And that has now been weaponized.”

He said advances in computer vision technology have led to weaponized AI services such as Death By CAPTCHA, an API plug-in that promises to solve 1,000 CAPTCHAs for $1.39. “And there are, of course, discounts for gold members of the service.”

A more aggressive attack is credential stuffing, where cybercriminals use stolen usernames and passwords from third-party sources to gain access to accounts.

Sony was the victim of a credential-stuffing attack in 2011. Cybercriminals culled a list of 15 million credentials stolen from other sites and then tested if they worked on Sony’s login page using a botnet. Today, an outfit by the good-guy-sounding name of Sentry MBA — the MBA stands for Modded By Artists — provides cybercriminals with a user interface and automation technology, making it easy to test the veracity of stolen usernames and passwords and to even bypass security features like CAPTCHAs.

“We see these types of attacks responsible for tremendous amounts of traffic on some of the world’s largest websites,” Ghosemajumder said. In the case of one Fortune 100 company, credential-stuffing attacks made up more than 90% of its login activity.

Shuman Ghosemajumder, EmTech, Shape Security, credential-stuffing attacks
Shuman Ghosemajumder shares a snippet of traffic from a Fortune 100 retailer. ‘We see that on a 24/7 basis, more than 90% of the login activity was coming from credential-stuffing attacks,’ he said.

Behavioral tells in weaponized AI

Ghosemajumder’s firm Shape Security is now using AI to detect credential-stuffing efforts. One method is to use machine learning to identify behavioral characteristics that are typical of cybercriminal exploits.

When cybercriminals simulate human interactions, they will, for example, move the mouse from the username field to the password field quickly and efficiently — in an unhumanlike manner. “Human beings are not capable of doing things like moving a mouse in a straight line — no matter how hard they try,” Ghosemajumder said.

Jigsaw’s Green said her team is also looking for “technical markers” that can distinguish truly organic campaigns from coordinated ones. She described state-sponsored actors who peddle propaganda and attempt to spread misinformation through what she called “seed-and-fertilizer campaigns.”

The goal of these state-sponsored campaigns is to plant a seed in social conversations and to have the unwitting masses fertilize that seed for it to actually become an organic conversation.
Yasmin Greendirector of research and development, Jigsaw

“The goal of these state-sponsored campaigns is to plant a seed in social conversations and to have the unwitting masses fertilize that seed for it to actually become an organic conversation,” she said.

“There are a few dimensions that we think are promising to look at. One is the temporal dimension,” she said.

Looking across the internet, Jigsaw began to understand that coordinated attacks tend to move together, last longer than organic campaigns and pause as state-sponsored actors waited for instructions on what to do. “You’ll see a little delay before they act,” she said.

Other dimensions include network shape and semantics. State-sponsored actors tend to be more tightly linked together than communities within organic campaigns, and they tend to use “irregularly similar” language in their messaging.

The big question is can behavioral tells — identified by machines and combined with automated detection — be used to effectively identify state-sponsored campaigns? No doubt, time will tell.

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

CTO Gerri Martin-Flickinger talks innovation at Starbucks

Innovation at Starbucks isn’t just about technology; it’s also about language, the coffee company’s executive vice president and CTO Gerri Martin-Flickinger said at the recent Gartner Symposium in Orlando, Fla.

For example, there is no IT function at Starbucks; it’s called Starbucks Technology.

“[Once we rebranded IT,] we started thinking about ourselves a little differently,” Martin-Flickinger said. She said by taking off the artificial restrictions they had in their thinking about what IT was and what it could become, they became something bigger. “But it wasn’t just how we felt about it; it was also how our business partners felt about it. They started thinking about us differently.”

Another word change: There are also no “employees” at the coffee giant, only “partners.” It’s all part of Starbucks’ internal rebranding that started a couple of years ago and includes a revamped workplace culture, technology investments and mission statement all centered on providing digital engagement on a global scale.

“The best technology is the technology that actually enhances human connection,” Martin-Flickinger said. “I can’t think of a better brand than Starbucks that believes in the human connection.”

The star of the company’s digital lean-in position is its popular Mobile Order and Pay app, introduced in 2015. Since its rollout, the percentage of mobile-order transactions has continued to grow each quarter. At peak times, at least 2,000 stores are seeing more than 20% of transactions coming through this channel.

But Starbucks’ digital transformation goes beyond just an app, according to Martin-Flickinger. She offered a glimpse into the present state and future of innovation at Starbucks, which includes a cloud-based platform, collaboration tools, virtual reality (VR) and conversational computing.

An integration platform

Starbucks doesn’t have a unified point-of-sale environment, a single inventory system or a single supply chain system around the globe, Martin-Flickinger said, explaining it would be incredibly difficult to enforce a standard across all of its stores and systems. Instead, some stores are deeply connected on a consistent technical stack, but others are only loosely coupled.

These concepts are not far-fetched. Everyone in this room probably has technologists who could put that together.
Gerri Martin-Flickingerexecutive vice president and CTO at Starbucks

To manage this technical complexity, the company is building a cloud-based platform that will allow for integration and interconnection between diverse technical stacks and ownership models.

Martin-Flickinger gave the example of an American customer getting off a plane at Heathrow Airport in London and ordering his or her favorite drink through the mobile app. The integration platform, as she called it, takes care of issues like currency conversion, cost adjustments and sales regulations, so all the customer has to do is pick up the drink at the airport’s Starbucks.

Another example of Martin-Flickinger’s vision for the platform centers on drive-through windows. When Mobile Order and Pay customers pull up to a Starbucks drive-through, the reader board will change to show their favorite drink, offer personalized suggestions and greet them by name.

“These concepts are not far-fetched,” she said. “Everyone in this room probably has technologists who could put that together. But to put that together at scale across more than 26,000 stores across 75 countries with loosely coupled technology is a little more challenging.”

Gerri Martin-Flickinger shares examples of Starbucks' innovative projects and investments during her talk at the 2017 Gartner Symposium.
Gerri Martin-Flickinger shares examples of Starbucks’ innovative projects and investments during her talk at the 2017 Gartner Symposium.

Facebook at Work, Autodesk to the fore

With so many stores in so many countries, communication and collaboration between personnel can be difficult. To connect its employees, the company has turned to a workplace collaboration platform: Facebook at Work.

“When we opened up Workplace, almost immediately we had store managers and partners telling us about the tech in their stores and ideas they had about how we could make it better or what we could do differently,” Martin-Flickinger said. “What’s really exciting is that our technologists — even our front-line technologists — have the opportunity to engage in that conversation directly.”

More than 80% of the chain’s store managers are using Workplace on a weekly basis, forming their own macro- and micro-communities, she said. Everyone in the executive team is engaged constantly on the collaboration platform, she added. Even Starbucks CEO Kevin Johnson uses it every week for a chat and a video conversation with partners.

Innovation at Starbucks also comes in the form of 3D renderings and virtual reality. Before completing final construction of a new store, the Starbucks team can tour it through detailed 3D renderings made in partnership with software company Autodesk.

These renderings, which are viewed by vice presidents and store development teams through VR headsets, give a realistic view of each new store — in the context of its surrounding environment. The Starbucks teams, for example, can view the layout at different times of day and see how the sunlight will move through the store as the day progresses. Even more impressive, Martin-Flickinger said, is teams can interact with the environment while wearing their VR headsets, moving furniture or even making a simulated beverage behind the counter.

Another emerging area Starbucks is exploring is conversational commerce. Martin-Flickinger showed an example of a customer speaking her order into her phone and a chatbot engaging with her via written text to inquire about the details of the order and place the order for her.

“By the time my kids enter their careers, my guess is keyboards will be a thing of the past,” Martin-Flickinger said.

Network redundancy design does not always equal resiliency

Network redundancy design isn’t everything, according to Ivan Pepelnjak, who tackles the subject of whether redundancy equals resiliency in an IPSpace post. His conclusion: Full redundancy doesn’t necessarily result in greater resiliency, but network redundancy design can help decrease the probability of a failure occurring.

Many companies have adopted site reliability engineers, a term that Pepelnjak suggests is becoming watered down. In some cases, these engineers sometimes trigger unanticipated failures — either manually or automatically — through mistaken actions intended to shore up redundancy. What’s more, statistics suggest that added redundancy decreases availability during “gray failure” events, when components’ performance may only be subtly degraded.

“In reality, we keep heaping layers of leaky abstractions and ever-more-convoluted kludges on top of each other until the whole thing comes crashing down resulting in days of downtime,” Pepelnjak said, adding that Vint Cerf may have said it best in a recent article, when he wrote that, when it comes to network redundancy design, “We’re facing a brittle and fragile future.”

Read more of Pepelnjak’s thoughts on network redundancy design. 

WLAN design with iBwave

Lee Badman, blogging in Wirednot, shared his assessment of the new IBwave R9 software for WLAN design. Badman identified pre-existing features with earlier versions of the software that he liked, among them 3D modeling of the WLAN environment, modeling for inclined surfaces and synchronization with the cloud for survey projects. The software package also included a mobile app and a viewer for customers to gain insight on the design team’s viewpoint, without requiring the purchase of the IBwave software.

In the new version of the IBwave design suite, the software offers an improved user interface and the ability to institute coverage exclusion zones, as well as interoperating with software-defined radios. Badman praised the software’s inclusion of smart antenna contouring, which allows users to manipulate simulated access points to determine signal strength once a floor plan is known. Additionally, IBwave includes auto cable routing, a feature that maps cables virtually after a cable tray and router location are placed.

Dig deeper into Badman’s thoughts on IBwave for WLAN design.

Adding a secure management plane in the cloud

Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., sees many cases of cybersecurity professionals installing management servers on their networks to avoid disruptive change. “Given the history of cybersecurity, this behavior is certainly understandable — I control what happens on my own network but have almost no oversight what takes place on Amazon Web Services, Azure, or Google Cloud Platform. Yup, there’s a lot of history and dogma here, but I believe it’s time for CISOs to reconsider,” he said.

Oltsik recommends a secure cloud-based management plane because of reduced costs, more rapid product upgrades and more rapid evolution and rollout of products. He also sees security operations and analytics platform architecture being deployed more rapidly through cloud-based management planes. To gain control, Oltsik recommends that buyers request standard documented APIs from vendors so that users have a say over when and how much data to ingest. “The benefits of moving to a cloud-based security management model speak for themselves. Given this, old school CISOs should think long and hard about maintaining the status quo,” Oltsik added.

Explore more of Oltsik’s thoughts on a secure cloud-based management plane.

Wanted – Dell 7350 or 7370 or 9365

Hi all,

Looking for a dell 7350 or 7370 or 9365 as there isn’t anything on the outlet at the moment.

Must be 8gb ram, 1080p minimum

: Bovey Tracey, UK

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Dell 7350 or 7370 or 9365

Hi all,

Looking for a dell 7350 or 7370 or 9365 as there isn’t anything on the outlet at the moment.

Must be 8gb ram, 1080p minimum

: Bovey Tracey, UK

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.