Connect with us


Japanese worker loses city’s personal data in USB fail • The Register

Voice Of EU



In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis’s 460,000 residents.

 The lock, 17 m wide, having 4 sector gates was designed to protect Amagasaki area with the same elevation of sea level

Amagasaki lock in Amagasaki’s Nishinomiya Ashiya port

The unidentified man, who was a contractor with the city working to disburse pandemic subsidies, placed the drive containing all the records into his bag, which he took with him on a night out on the town earlier this week. 

It’s unknown how good of a time the man had, but he did reportedly end up passing out in the street, Japanese news source NHK reported the company who employed him as saying, elaborating on an incident report from the Amagasaki city government. The company told the newspaper that, upon waking, the contractor found his bag was missing.

The incident report states that the memory stick contained names, birth dates, addresses, tax details, banking information, and social security records – all of it very private and potentially harmful if stolen.

Amagasaki officials said the data on the USB stick was encrypted, and offered apologies for harming the public’s trust in their administration.

All the worry came to naught, though. After searching the area with police, the bag and the USB stick were found. Amagasaki officials said there’s no evidence anyone attempted to access the information. 

CISA fields advisor recommendations, warns that Log4j is still around

The Cybersecurity and Infrastructure Security Agency (CISA) held its third Cybersecurity Advisory Committee meeting this week, where it made a laundry list of recommendations on its programs and policies.

After six months of prognostication here’s a quick rundown of the recommendations made by advisors from Mastercard, Apple, the University of Washington, and other organizations, which met in six subcommittees:

  • CISA needs to prioritize developing a strong workforce by improving its talent acquisition process to compete with the private sector
  • Create a new chief people officer at CISA
  • CISA should launch a nationwide “311” program to provide an emergency call line for SMBs hit by cyber attacks
  • CISA needs to expand its “More Than a Password” MFA campaign by reaching out to NGOs, other government agencies, and private sector partners
  • CISA should take all necessary steps to ensure all companies working with the US Federal Government have fully adopted MFA by 2025
  • Streamline the incident reporting and vulnerability reporting processes
  • Establish a central platform to handle intake of suspected vulnerabilities
  • Improve communication between security researchers, agencies and vendors
  • Address the risks of misinformation, disinformation, and malinformation in American society

Of the recommendations, two were mentioned by more than one subcommittee: expanding the More Than a Password campaign, and establishing the SMB 311 line.

CISA director Jen Easterly said that the next meeting would focus on strategies to develop a national alert system for cyber risks. 

CISA also released a cybersecurity alert this week warning that Log4Shell is still around and actively being exploited. Together with the US Coast Guard Cyber Command, CISA released an advisory stating that hackers and state-sponsored APT groups are still exploiting Log4Shell on devices that haven’t been patched. 

CISA said the info it reported was derived from two related incidents. It wasn’t immediately clear how the Coast Guard was involved.

Chrome add-ons can be used to fingerprint browsers

Modern privacy software has undone much of the methods for browser fingerprinting, but it’ll have a hard time undoing this problem with Chrome, which seems to be inherent to the way the browser handles extensions. 

Browser fingerprinting involves gathering information left behind by sessions that identify the browser, or the person behind it, well enough to serve ads and tailor online experiences. In the case of Chrome extensions, says a security researcher going by z0ccc on GitHub, the combination in any given browser can easily ID users. 

Chrome stores a list of its extensions in a web-accessible resource file that any web page can view. z0ccc was able to build a demo website that scans for over 1,000 Chrome browser extensions and returns a percentage-based chance that another user was using the exact same extensions. 

In this hack’s case, only 0.003 percent of Chrome users have the same set of add-ons used, meaning the extension fingerprint would be pretty likely to be identified from a pool of other visitors. 

For those concerned there’s no place safe from browser fingerprinting online, z0ccc said that Firefox uses unique extension IDs for every browser instance, and thus can’t be fingerprinted the same way. Microsoft Edge is vulnerable, however. 

Smart Jacuzzi not so smart with user data

A security researcher trying to set up their Jacuzzi SmartTub discovered an easily exploited flaw that gave them access to personal info of hot tub owners from around the world.

SmartTub, like other IoT products, lets users control their appliance from outside the home using an app. The bug in Jacuzzi’s SmartTub system comes from its web portal, which uses a white-labeled Auth0 login page.

“I entered my details, thinking this was a website alternative to the mobile app. I was greeted with an Unauthorized screen. Right before that message appeared, I saw a header and table briefly flash on my screen… I was surprised to discover it was an admin panel populated with user data,” said the researcher, who goes by Eaton Works.

All it took for Eaton to break into the admin panel was using web debugging tool Fiddler to intercept and modify an HTTP response to give himself admin access. “Once into the admin panel, the amount of data I was allowed to was staggering,” Eaton exclaimed.

Details on each tub, owner name and email address, dealer location, and more were available to view on customers from around the world. Eaton said it also appeared he could edit any data he wanted to, though he didn’t confirm if changes would be saved.

Jacuzzi wasn’t very willing to talk to Eaton about his findings either. “Dialog was not established until Auth0 stepped in. Even then, communication with Jacuzzi/SmartTub eventually dropped off completely, without any formal conclusion or acknowledgement they have addressed all reported issues,” Eaton reported. 

Eaton added that the admin panel has been taken offline, and can’t be accessed via the web anymore. Eaton also has other security concerns with Jacuzzi not addressed in their report, and is open to speaking to the hot tub maker to help.

Mitel VoIP zero-day found exploited in the wild

CrowdStrike security researchers have discovered a flaw in Mitel VoIP appliances being actively exploited to launch ransomware attacks. 

The novel exploit was found by CrowdStrike when investigating a failed ransomware attack on a customer. “All of the identified malicious activity had originated from an internal IP address” discovered to be “a Linux-based Mitel VoIP appliance sitting on the network perimeter,” CrowdStrike said.

All the attacker needed to gain access to the VoIP appliances was to send a pair of GET requests: one to mask traffic to a malicious address, and a second to inject a command that pointed the GET request to attacker-controlled infrastructure.

CrowdStrike said the attack was stopped before ransomware could be deployed, and said Mitel has released a patch that addresses the problem. Of the exploit itself, CrowdStrike said that edge appliances like Mitel VoIP devices have extremely limited security or endpoint detection options available, making timely patching a must.

Additionally, CrowdStrike emphasize security best practices, like isolating critical assets from perimeter devices, segmenting a network, maintaining an up-to-date asset inventory, keeping a short leash on service accounts and requiring MFA, especially for access to critical assets. ®

Source link


The big idea: are we living in a simulation? | Philosophy books

Voice Of EU



Elon Musk thinks you don’t exist. But it’s nothing personal: he thinks he doesn’t exist either. At least, not in the normal sense of existing. Instead we are just immaterial software constructs running on a gigantic alien computer simulation. Musk has stated that the odds are billions to one that we are actually living in “base reality”, ie the physical universe. At the end of last year, he responded to a tweet about the anniversary of the crude tennis video game Pong (1972) by writing: “49 years later, games are photo-realistic 3D worlds. What does that trend continuing imply about our reality?”

This idea is surprisingly popular among philosophers and even some scientists. Its modern version is based on a seminal 2003 paper, Are We Living in a Computer Simulation? by the Swedish philosopher Nick Bostrom. Assume, he says, that in the far future, civilisations hugely more technically advanced than ours will be interested in running “ancestor simulations” of the sentient beings in their distant galactic past. If so, there will one day be many more simulated minds than real minds. Therefore you should be very surprised if you are actually one of the few real minds in existence rather than one of the trillions of simulated minds.

This idea has a long history in philosophical scepticism (the idea that we can’t know anything for sure about the external world) and other traditions. The Chinese Taoist sage Zhuangzi wrote a celebrated fable about a man who couldn’t be sure whether he was a man dreaming of being a butterfly, or a butterfly dreaming of being a man. René Descartes imagined that he might be being manipulated by an “evil demon” (or “evil genius”) that controlled all the sensations he experienced, while the 20th-century American philosopher Hilary Putnam coined the term “brain in a vat” to describe a similar idea. But while Neo in the Wachowskis’ 1999 film The Matrix really is a brain (or rather a whole depilated body) in a vat, the simulation hypothesis says that you do not have a physical body anywhere. “You” are merely the result of mathematical calculations in some vast computer.

There are many possible objections to this idea even getting off the ground, as Bostrom notes. Perhaps it is simply not possible for computer-simulated beings to become conscious in the way we are. (This would defeat the “assumption of substrate independence”, according to which minds are not dependent on biological matter.) Or perhaps all civilisations destroy themselves before getting to the simulation stage. (Plausible if not necessarily comforting.) Or perhaps advanced civilisations are simply not interested in running such simulations, which would be surprising given the kinds of things humans do – such as developing video deep-fake technology or researching how to make viruses more virulent – even though they seem to be very bad ideas.

The simulation hypothesis is perhaps attractive to a wider culture because of its nature as a cosmic-scale conspiracy theory as well as an apparently scientific version of Creationism. The inconceivably advanced alien running its simulation of our universe is indistinguishable from traditional terrestrial ideas of God: an all-powerful being who designed everything we see. But is this god the god of deism (who sets up the laws of nature but then absents himself while creation runs its course), or a more interventionist figure? If the latter, it might make sense to court their favour.

How, though, should we please such a god? Not necessarily by being virtuous, but by being – assuming the simulator is watching us for its own pleasure – at least entertaining. This line of reasoning might imply, for example, that it is one’s duty to become a florid serial killer, or a guy who tries to colonise Mars and buy Twitter. “Be funny, outrageous, violent, sexy, strange, pathetic, heroic … in a word ‘dramatic’,” counsels the economist Robin Hanson, considering that assumption in his 2001 paper How to Live in a Simulation . “If you might be living in a simulation then all else equal it seems that you should care less about others,” he concludes, and “live more for today”.

One commonly despairing reaction to the idea that we might all be simulated is that this renders our lives meaningless, and that nothing we see or experience is “real”. The Australian philosopher David Chalmers, in his recent book Reality+: Virtual Worlds and the Problems of Philosophy, argues otherwise. For him, a digital table in VR is a real table. It is no more disqualified from being “real” by the fact that it is, at bottom, made up of digital ones and zeros than a physical table is disqualified from being real by the fact that it is, at bottom, made up of quantum wave-packets. Indeed, some esoteric theories of physics consider “reality” itself to be at base quantum-computational or mathematical in nature anyway.

Is there any good reason to actually believe the simulation argument, though? Or is it just aesthetically piquant techno-religion? Chalmers observes that it is at least more plausible than earlier iterations of scepticism such as Descartes’s evil demon, simply because we now have functioning prototypes (video games, VR) of how such a simulation might work. Others have speculated that there may be clues to the fact that our universe is a simulation hidden in the very fabric of the “reality” that we can investigate: perhaps the simulation cuts corners at very small scales or very high energies. Indeed, experiments (for instance in Campbell et al., “On Testing the Simulation Theory”, 2017) have been seriously proposed that might reveal the answer.

But not so fast. Remember that we can’t know what the goal of the simulators is. Perhaps, for them, the game is not merely to observe us as an indefinite planet‑sized soap opera, but simply to see how long the sim-people take to prove that they’re in a simulation. At which point, the game ends and the simulation is turned off. Perhaps we’re better off not finding out.

Steven Poole is the author of Rethink: The Surprising History of New Ideas, published by Random House. To support the Guardian and the Observer order a copy at Delivery charges may apply

Further reading

Reality+: Virtual Worlds and the Problems of Philosophy by David J Chalmers (Allen Lane)

Programming the Universe: A Quantum Computer Scientist Takes on the Cosmos by Seth Lloyd (Vintage)

The Simulation Hypothesis: An MIT Computer Scientist Shows Why AI, Quantum Physics and Eastern Mystics All Agree We Are in a Video Game by Rizwan Virk (Bayview)

Source link

Continue Reading


Lego releases Atari Video Computer System set • The Register

Voice Of EU



Lego has followed up its Nintendo Entertainment System retro throwback with one celebrating the Atari Video Computer System (VCS).

The set, retailing at a heart-stopping $239.99 (£209.99 in the UK), is a non-functional replica of the iconic game console, although only the model with four switches rather than the six of others in the range. Not that those switches do an awful lot in Lego form.

In fact, compared to the cheaper Nintendo Entertainment System set (with all its twiddly technic bits and separate television), we’d have to describe the VCS set as a bit of a disappointment if it weren’t for the nostalgia factor.

The plastic bricks also fail to include a mock cartridge of the best game on the VCS, Combat. Asteroids, Centipede, and Adventure simply don’t cut it in comparison even with the reproduction of the hopelessly optimistic cover art so beloved by ’80s and ’90s designers and some neat Lego vignettes themed after the games.

Lego also opted to skip E.T. the Extra Terrestrial, described as the worst game ever. We can imagine an appropriate model for that example and the impact it had on the industry of the time.

Still, the 2,500-plus pieces will make for a fun build and includes a replica of the classic Atari joystick and a mini-fig scale 1980s room which pops up when the front is slid forward.

The price does seem high for what is effectively a plastic throwback to simpler times. Then again, other attempts to recreate that retro magic could cost you a lot more and potentially leave you without even a pile of plastic bricks to play with.

Or one could always take the plastic assembly and stick something like a Raspberry Pi (preloaded with an emulator) into it. Similar things were done with Lego’s Nintendo Entertainment System where the Technic guts of the television were removed and replaced with a Pi and an LCD screen to create something on which one can play games (ROM ownership notwithstanding).

Youtube Video

It is a shame that Lego did not see fit to include a television with the Atari VCS in the way it did with the NES, and also limited interaction to a pop-up 1980s room and some switches. However, the design looks good and is a reminder of an age when sticking something that looked like wood on the front of the console and squeezing games into kilobytes rather than gigabytes was state of the art.

Otherwise there are many examples of the VCS that can be had on various auction sites for considerably less than Lego’s asking price that are a good deal more interactive. ®

Source link

Continue Reading


4 reasons hybrid working looks set to stay for young professionals

Voice Of EU



From priorities to practicalities, Dr Amanda Jones of King’s College London explains why hybrid working may be here to stay and outlines the pitfalls that younger employees will need to avoid.

Click here to visit The Conversation.

A version of this article was originally published by The Conversation (CC BY-ND 4.0)

We’re in the middle of a remote working revolution. In the UK, though remote working was slowly growing before the pandemic, in 2020 the number of people working from home doubled.

While this rapid rise can be explained by Covid lockdowns, a recent survey my colleagues and I conducted with 2,000 London workers found that six in 10 employees still regularly work from home despite restrictions no longer being in place. And most don’t want that to change.

Findings from other parts of the world similarly point to a substantial increase in the number of work days being undertaken from home.

For young professionals, the shift has been particularly significant. Before the pandemic, employees in their 20s were by far the least likely to work from home.

In 2022, 64pc of 16 to 24-year-olds we surveyed reported working at home for at least part of the week. This figure is in line with 25 to 49-year-olds (65pc) and in fact higher than for people over 50 (48pc).

Other research also shows that young professionals now engage in hybrid working – dividing their time between their home and their workplace – and may prefer this model to being in the office full time.

US and European data shows that around four in 10 jobs can be conducted from home. But this figure may be higher if we consider that some jobs could be at least partly done from home. In particular, jobs in finance and insurance, information and communication and education are among the most conducive to being performed remotely.

Technologies which support remote working, such as Zoom and Slack, have been available for a number of years. While the pandemic has served as a catalyst for the rise in remote working among younger employees, I would argue that other factors have also contributed to this shift – some of which were already evident before the pandemic.

Importantly, each of these factors suggest this change to the way young professionals work is here to stay.

1. Priorities

Evidence suggests that even before the pandemic, young people were becoming more focused on their own goals, wanted greater flexibility and control, and sought a better work-life balance compared with previous generations. The reasons for this may be related to the changing nature of organisations and careers, which I’ll discuss later.

Our own and other research indicates that remote working, especially working from home (as opposed to, say, at client sites), can boost feelings of flexibility and control and enhance work-life balance. So working remotely could help younger people achieve these goals in a way that traditional working arrangements can’t.

In fact, research indicates that many young people would now rather switch jobs than compromise on the flexibility they gain from hybrid working. So for employers, supporting hybrid working may be necessary to attract and retain the best employees.

2. Practicalities

Across all age groups, participants in our research picked avoiding the commute as the biggest benefit of working remotely. While this has long been a recognised advantage of remote working, it’s important to note that we surveyed London workers – and the commute may be less of an issue for people in other places.

Aside from the time and hassle involved in commuting, travelling to work every day can be expensive. The cost of working in the office goes up if you also factor in lunches, coffees and after-work social activities.

This may be difficult for younger people – who are contending with the rising costs of living, often on lower salaries – to manage. Working remotely can help reduce spending, making it an attractive option – and even a potential lifeline – for younger employees.

3. Career trajectories

Studies show that a move towards less hierarchical, more efficient and flexible organisations results in a “new deal” of employment. Employers no longer guarantee job security and progression for employees, but gain their commitment by providing opportunities – including training programmes – that enhance their employability.

The onus then moves to employees to manage their own career progression, which remote working may help them with. For example, we know working from home can reduce distractions and improve productivity.

Taken with the commuting time saved, young professionals may have more time to dedicate to development opportunities, such as studying for additional qualifications. This could increase their attractiveness in the job market.

Indeed, young professionals seem to be the most likely to switch jobs. If they don’t expect to remain with an organisation long term, they may be less motivated to build strong relationships with colleagues and managers, and unwilling to put their own goals aside for those of the organisation.

4. Managers’ behaviour

Research shows many more managers now work remotely compared with before the pandemic. This change has two important effects.

First, managers who work remotely are likely to find it harder to stop juniors from doing the same. Managers’ ability to monitor and develop their junior staff in person, a common reason for prohibiting remote work in the past, is also reduced if managers are away from the office themselves.

Second, as more managers work remotely, younger employees may feel more confident that doing so won’t prevent them achieving success. Managers serve as role models to junior employees and evidence shows that younger professionals seek success by copying role models’ behaviour.

Avoiding the pitfalls of hybrid working

Despite the positives, younger employees, with comparatively limited experience and networks, may face disproportionately negative outcomes from remote working in terms of recognition, development and networking opportunities.

So if you’re a young professional working remotely, how can you avoid the pitfalls of hybrid working?

Setting your own goals can keep motivation and performance high. Meanwhile, proactively communicating your challenges and achievements to senior and peer-level colleagues can ensure that you receive guidance and recognition.

It’s a good idea to plan some of your time in the office to coordinate with team members or managers. At the same time, it’s useful to try to schedule office visits on different days of the week. This can help maintain key relationships but also help build networks through bumping into colleagues you don’t necessarily work as closely with.

Finally, upping attendance at external conferences and events could increase your value to the organisation through encouraging innovation and fresh ideas, while keeping you aware of external employment opportunities.

The Conversation

By Dr Amanda Jones

Dr Amanda Jones is a lecturer in organisational behaviour and human resource management at King’s College London.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!