Archive for Tech & Net News

A new glass electrolyte-based solid-state battery has been developed by the researchers at UT Austin. Led by the Li-ion battery inventor John Goodenough, the team demonstrated that their battery is better than Li-ion. It can hold an almost 3x charge, has more charging cycles, supports fast charging, and isn’t prone to catch fire.

Full article: https://fossbytes.com/goodenough-solid-state-battery-glass-electrolyte/

Researchers use novel materials to build smallest transistor with 1-nanometer carbon nanotube gate

For more than a decade, engineers have been eyeing the finish line in the race to shrink the size of components in integrated circuits. They knew that the laws of physics had set a 5-nanometer threshold on the size of transistor gates among conventional semiconductors, about one-quarter the size of high-end 20-nanometer-gate transistors now on the market.

Some laws are made to be broken, or at least challenged.

A research team led by faculty scientist Ali Javey at the Department of Energy’s Lawrence Berkeley National Laboratory (Berkeley Lab) has done just that by creating a transistor with a working 1-nanometer gate. For comparison, a strand of human hair is about 50,000 nanometers thick.

“We made the smallest transistor reported to date,” said Javey, a lead principal investigator of the Electronic Materials program in Berkeley Lab’s Materials Science Division. “The gate length is considered a defining dimension of the transistor. We demonstrated a 1-nanometer-gate transistor, showing that with the choice of proper materials, there is a lot more room to shrink our electronics.”

The key was to use carbon nanotubes and molybdenum disulfide (MoS2), an engine lubricant commonly sold in auto parts shops. MoS2 is part of a family of materials with immense potential for applications in LEDs, lasers, nanoscale transistors, solar cells, and more.

The development could be key to keeping alive Intel co-founder Gordon Moore’s prediction that the density of transistors on would double every two years, enabling the increased performance of our laptops, mobile phones, televisions, and other electronics.

“The semiconductor industry has long assumed that any gate below 5 nanometers wouldn’t work, so anything below that was not even considered,” said study lead author Sujay Desai, a graduate student in Javey’s lab. “This research shows that sub-5-nanometer should not be discounted. Industry has been squeezing every last bit of capability out of silicon. By changing the material from silicon to MoS2, we can make a transistor with a gate that is just 1 nanometer in length, and operate it like a switch.”

Source: Researchers use novel materials to build smallest transistor with 1-nanometer carbon nanotube gate

BitWhisper: Stealing data from non-networked computers using heat

No matter how secure you think a computer is, there’s always a vulnerability somewhere that a remote attacker can utilize if they’re determined enough. To reduce the chance of sensitive material being stolen, many government and industrial computer systems are not connected to outside networks. This practice is called air-gapping, but even that might not be enough. The Stuxnet worm from several years ago spread to isolated networks via USB flash drives, and now researchers at Ben Gurion University in Israel have shown that it’s possible to rig up two-way communication with an air-gapped computer via heat exchange.

Researchers call this technique of harvesting sensitive data “BitWhisper.” It was developed and tested in a standard office environment with two systems sitting side-by-side on a desk. One computer was connected to the Internet, while the other had no connectivity. This setup is common in office environments where employees are required to carry out sensitive tasks on the air-gapped computer while using the connected one for online activities.

BitWhisper does require some planning to properly execute. Both the connected and air-gapped machines need to be infected with specially designed malware. For the Internet box, that’s not really a problem, but even the air-gapped system can be infected via USB drives, supply chain attacks, and so on. Once both systems are infected, the secure machine without Internet access can be instructed to generate heating patterns by ramping up the CPU or GPU. The internet-connected computer sitting nearby can monitor temperature fluctuations using its internal sensors and interpret them as a data stream. Commands can also be sent from the Internet side to the air-gapped system via heat.

via BitWhisper: Stealing data from non-networked computers using heat | ExtremeTech.

Google Brain’s Co-Inventor Tells Why He’s Building Chinese Neural Networks

To chat with Andrew Ng I almost have to tackle him. He was getting off stage at Re:Work’s Deep Learning Summit in San Francisco when a mob of adoring computer scientists descended on (clears throat) the Stanford deep learning professor, former “Google Brain” leader, Coursera founder and now chief scientist at Chinese web giant Baidu.

[snipped]

Um, can you elaborate on studying time?

By moving your head, you see objects in parallax. (The idea being that you’re viewing the relationship between objects over time.) Some move in the foreground, some move in the background. We have no idea: Do children learn to segment out objects, learn to recognize distances between objects because of parallax? I have no idea. I don’t think anyone does.

There have been ideas dancing around some of the properties of video that feel fundamental but there just hasn’t yet been that result. My belief is that none of us have come up with the right idea yet, the right way to think about time.

Animals see a video of the world. If an animal were only to see still images, how would its vision develop? Neuroscientists have run experiments in cats in a dark environment with a strobe so it can only see still images—and those cats’ visual systems actually underdevelop. So motion is important, but what is the algorithm? And how does [a visual system] take advantage of that?

I think time is super important but none of us have figured out the right algorithms for exploring it.

[That was all we had time for at the Deep Learning Summit. But I did get to ask Ng a followup via email.]

Do you see AI as a potential threat?

I’m optimistic about the potential of AI to make lives better for hundreds of millions of people. I wouldn’t work on it if I didn’t fundamentally believe that to be true. Imagine if we can just talk to our computers and have it understand “please schedule a meeting with Bob for next week.” Or if each child could have a personalized tutor. Or if self-driving cars could save all of us hours of driving.

I think the fears about “evil killer robots” are overblown. There’s a big difference between intelligence and sentience. Our software is becoming more intelligent, but that does not imply it is about to become sentient.

The biggest problem that technology has posed for centuries is the challenge to labor. For example, there are 3.5 million truck drivers in the US, whose jobs may be affected if we ever manage to develop self-driving cars. I think we need government and business leaders to have a serious conversation about that, and think the hype about “evil killer robots” is an unnecessary distraction.

Read full interview via Google Brain’s Co-Inventor Tells Why He’s Building Chinese Neural Networks — Backchannel — Medium.

Heartbleed Bug SSL Vulnerability – Everything You Need To Know

heartbleed

So the Internet has been exploding this week due to the Heartbleed Bug in OpenSSL which effects a LOT of servers and websites and is being hailed by some as the worst vulnerability in the history of the Internet thus far.

The main info on the bug can be found at http://heartbleed.com/. In basic terms, it allows you to grab 64kb chunks of whatever is stored in RAM on the server as long as it’s using a vulnerable version of OpenSSL with Heartbeat enabled.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Who needs the NSA when we have this eh?

via Heartbleed Bug SSL Vulnerability – Everything You Need To Know – Darknet – The Darkside.

For more visit Bruce Schneier’s blog: https://www.schneier.com/blog/archives/2014/04/heartbleed.html

Surveillance by Algorithm

PatriotGames_blackop

Increasingly, we are watched not by people but by algorithms. Amazon and Netflix track the books we buy and the movies we stream, and suggest other books and movies based on our habits. Google and Facebook watch what we do and what we say, and show us advertisements based on our behavior. Google even modifies our web search results based on our previous behavior. Smartphone navigation apps watch us as we drive, and update suggested route information based on traffic congestion. And the National Security Agency, of course, monitors our phone calls, emails and locations, then uses that information to try to identify terrorists.

Documents provided by Edward Snowden and revealed by the Guardian today show that the UK spy agency GHCQ, with help from the NSA, has been collecting millions of webcam images from innocent Yahoo users. And that speaks to a key distinction in the age of algorithmic surveillance: is it really okay for a computer to monitor you online, and for that data collection and analysis only to count as a potential privacy invasion when a person sees it? I say it’s not, and the latest Snowden leaks only make more clear how important this distinction is.

The robots-vs-spies divide is especially important as we decide what to do about NSA and GCHQ surveillance. The spy community and the Justice Department have reported back early on President Obama’s request for changing how the NSA “collects” your data, but the potential reforms — FBI monitoring, holding on to your phone records and more — still largely depend on what the meaning of “collects” is.

Indeed, ever since Snowden provided reporters with a trove of top secret documents, we’ve been subjected to all sorts of NSA word games. And the word “collect” has a very special definition, according to the Department of Defense (DoD). A 1982 procedures manual (pdf; page 15) says: “information shall be considered as ‘collected’ only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties.” And “data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.”

Director of National Intelligence James Clapper likened the NSA’s accumulation of data to a library. All those books are stored on the shelves, but very few are actually read. “So the task for us in the interest of preserving security and preserving civil liberties and privacy,” says Clapper, “is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.” Only when an individual book is read does it count as “collection,” in government parlance.

So, think of that friend of yours who has thousands of books in his house. According to the NSA, he’s not actually “collecting” books. He’s doing something else with them, and the only books he can claim to have “collected” are the ones he’s actually read.

This is why Clapper claims — to this day — that he didn’t lie in a Senate hearing when he replied “no” to this question: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

via Schneier on Security: Surveillance by Algorithm.

Magnetic materials could make future computers 1,000 times more efficient

Anyone who has ever taken the term “laptop” seriously can attest to the extraordinary amount of heat they produce when the processor is cranking away. Despite years of advances in processor design, there is still a lot of heat produced as a by-product of running a CPU. This is all wasted energy that could be used for more productive purposes, but first we need a new approach to microprocessor design. A team of UCLA engineers might have figured out a way to make integrated circuits far more efficient by using a class of magnetic materials called multiferroics.

The standard processors in your computer, phone, and even your TV rely on millions or billions of transistors packaged as an integrated circuit. A transistor is essentially a tiny electronic switch that, when chained together, act as logic gates (AND, OR, etc.) Directing current through a transistor involves a certain amount of inefficiency, resulting in heat generation and the loss of electrons. There’s really no way around that as long as you’re moving electrons from one place to another, and the problem only gets worse as more transistors are packed into smaller spaces. A multiferroic material sidesteps the issue using a phenomenon known as spin waves.

A multiferroic material can be switched on and off at will simply by applying alternating voltage. Doing so allows it to carry power from one point to another through the cascading spins of electrons rather than by actually moving them. This complex magnetic effect is called a spin wave bus, but you can think of it a bit like an ocean wave. The energy of the wave moves in toward shore, but individual water molecules don’t have to go anywhere — they just move up and down as the wave passes.

via Magnetic materials could make future computers 1,000 times more efficient | ExtremeTech.

State Department Announces New Stance on Encryption and Surveillance

Deputy Assistant Secretary Scott Busby acknowledged “support for encryption protocols,” which are “critical for an Internet that that is truly open to all.” According to Busby, the U.S. government will gather and use data based on six principles: “rule of law, legitimate purpose, non-arbitrariness, competent authority, oversight, and transparency and democratic accountability.”

When questioned on its support, Busby explained that the principles were approved government-wide, including Office of the Director of National Intelligence, which is headed by James Clapper. Clapper has been criticized for giving deceptive testimony before congress about the National Security Agency’s (NSA) practices.

His statements were not without immediate criticism. A legislator from Hong Kong responded that the U.S. government actively “undermin[es] exactly the kind of things [Busby] talked about,” and that his government was “attacked and criticized” by the U.S. after NSA whistleblower Edward Snowden fled to Hong Kong.

Nevertheless, a representative from the human rights organization Access, which hosts RightsCon, explained at a press conference that the statement from the government is significant, because it is not only “a strong statement on support for cybersecurity and encryption,” but an affirmation of “human rights law which historically they’ve been loath to acknowledge,” and “the first time they recognize international norms and laws as they apply when conducting surveillance.”

As Jon Brodkin of ArsTechnica highlighted last year, the National Security Agency has previously worked to actively undermine encryption.

via State Department Announces New Stance on Encryption and Surveillance – Hit & Run : Reason.com.

Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.

This might sound crazy, but with the right hardware it’s actually not that hard. For a start, if you know exactly what frequency to listen out for, you can use low- and high-pass filters to ensure that you only have the sounds that emanate from your PC while the CPU decrypts data. (In case you were wondering, the acoustic signal is actually generated by the CPU’s voltage regulator, as it tries to maintain a constant voltage during wildly varied and bursty loads). Then, once you have the signal, it’s time for the hard bit: Actually making sense of it.

via Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU | ExtremeTech.

Inside the Effort to Crowdfund NSA-Proof Email and Chat Services

Back in 1999, Seattle-based activists formed the communication collective Riseup.net. The site’s email and chat services, among other tools, soon offered dissidents a means of encrypted communication essential to their work. Fourteen years later, Riseup is still going strong. In fact, they’ve been fighting the US state surveillance apparatus longer than most people have been aware of the NSA’s shenanigans. Now, the collective is hoping to expand, given the gross privacy transgressions of the NSA and US government as a whole.

“What surveillance really is, at its root, is a highly effective form of social control,” reads an August Riseup newsletter. “The knowledge of always being watched changes our behavior and stifles dissent. The inability to associate secretly means there is no longer any possibility for free association. The inability to whisper means there is no longer any speech that is truly free of coercion, real or implied. Most profoundly, pervasive surveillance threatens to eliminate the most vital element of both democracy and social movements: the mental space for people to form dissenting and unpopular views.”

The impetus behind the project is Riseup’s struggle to keep up with new user demand for an email service that doesn’t log IP addresses, sell data to third parties, or hand data over to the NSA. Riseup will also be able to expand its considerable anonymous emailing lists, which features nearly 6 million subscribers spread across 14,000 lists. Their Virtual Private Network (VPN), which allows users to securely connect to the internet as a whole, will also be made more robust. What Riseup can’t do is offer its users an anonymous browsing experience, but that’s not their aim.

via Inside the Effort to Crowdfund NSA-Proof Email and Chat Services | Motherboard.

4K Blu-ray discs leaked, manage a whopping 100GB capacity

The Blu-ray Disc Association may not have announced the 4K disc just yet but a manufacturer has taken the plunge already. Disc creator Singlus has revealed that it will be one company, “that provides the machine technology for three-layer Blu-ray Discs with a storage volume of about 100GB”.

The big question is, will normal Blu-ray players be able to read the discs with something as simple as a software update? It’s too early to say but that could be a huge factor in growing the popularity of 4K TV fast. And with plenty of 4K screens being pushed by the likes of Samsung, Sony and LG at IFA this year all the pieces appear to be falling into place for a clearer future.

Of course there are other 4K content options like Sony’s Unlimited 4K service and Netflix demoing 4K right now. But streaming will only be an option for those with a very good broadband connection.

This is a great step towards making 4K more common. And with Sky testing 4K broadcasts it’s only a matter of time before 4K TVs become more popular and affordable for all.

via 4K Blu-ray discs leaked, manage a whopping 100GB capacity – Pocket-lint.

Ed Snowden’s Email Provider, Lavabit, Shuts Down To Fight US Gov’t Intrusion

Early on in the Snowden leaks, it was revealed that Snowden himself was using email services from an operation called Lavabit, which offered extremely secure email. However, today Lavabit’s owner, Ladar Levison, shut down the service, claiming it was necessary to do so to avoid becoming “complicit in crimes against the American people.” Not much more information is given, other than announced plans to fight against the government in court. Reading between the lines, it seems rather obvious that Lavabit has been ordered to either disclose private information or grant access to its secure email accounts, and the company is taking a stand and shutting down the service while continuing the legal fight. It’s also clear that the court has a gag order on Levison, limiting what can be said.

via Ed Snowden’s Email Provider, Lavabit, Shuts Down To Fight US Gov’t Intrusion | Techdirt.

Now, if that weren’t enough, the Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service, rather than agree to some mysterious court order.

Feds Use Patriot Act To Crack Down On Virtual Currency Exchange

Wired is reporting that the founder of Liberty Reserve has been indicted on $6 Billion money-laundering charges.

Dubbed the “financial hub of the cyber-crime world,” authorities say Liberty Reserve had more than 1 million users worldwide and processed more than 12 million transactions annually as the favored money-laundering service for carders, hackers and other cybercriminals in the digital underground who used it to transfer money around the world effortlessly and anonymously.

Prosecutors are calling it the largest international money-laundering case ever prosecuted. The LR virtual currency is one of the world’s most widely used. It’s also the first instance of the US government using the Patriot Act to go after virtual currencies.

Authorities arrested founder Arthur Budovsky in Spain last Friday, along with others in Costa Rica and New York.

The Associated Press reports that Costa Rican police have also raided three homes and five businesses linked to Liberty Reserve. Authorities seized the company’s domain name, replacing its home page with a message letting visitors know that the United States Global Illicit Financial Team was in possession of the domain.

So far it appears Budovsky’s crimes are operating a site which criminals use to launder money and failing to register in the U.S. as a money-transmitting service.

To use Liberty Reserve, participants only had to provide a name, birth date and valid email address. It used a virtual currency called the LR. Transactions were anonymous and easily accessible. The site was apparently used by the criminals who recently perpetrated a $45 million coordinated bank heist.

The New York Times quotes prosecutors describing the case as significant “because it attacks the financial infrastructure used by many cybercriminals in much the same way that drug-money-laundering prosecutions unravel the financial underpinnings of the narcotics trade.”

BusinessWeek describes the case as “a series of firsts for U.S. authorities.”

In addition to being the largest international money-laundering case brought by the Justice Department, it involved the first search warrant executed by American officials against a cloud-based server. Bharara said 30 search warrants were executed during an 18-month investigation.

And it’s the first use of U.S. Patriot Act provisions against a digital currency exchange. The Treasury claims that the Patriot Act offers agencies a range of options to protect the U.S. financial system from money laundering. These apparently include targeting businesses that are incorporated outside the United States, as Liberty Reserve is. Its founder, Ukrainian-born, Costa Rican citizen Arthur Budovsky renounced his US citizenship in 2011. It also means that the US government can prevent other financial institutions from interacting with a cyber currency without any convictions.

via Feds Use Patriot Act To Crack Down On Virtual Currency Exchange.