Search the Community
Showing results for tags 'intelligence'.
-
‘Thought vectors’ could revolutionize artificial intelligence
Che posted a topic in Stiri securitate
Despite all the recent hullabaloo concerning artificial intelligence, in part fueled by dire predictions made by the likes of Stephen Hawking and Elon Musk, there have been few breakthroughs in the field to warrant such fanfare. The artificial neural networks that have caused so much controversy are a product of the 1950s and 60s, and remain relatively unchanged since then. The strides forward made in areas like speech recognition owe as much to improved datasets (think big data) and faster hardware than to actual changes in AI methodology. The thornier problems, like teaching computers to do natural language processing and leaps of logic remain nearly as intractable now as they were a decade ago. This may all be about to change. Last week, the British high priest of artificial intelligence Professor Geoffrey Hinton, who was snapped up by Google two years back during its massive acquisition of AI experts, revealed that his employer may have found a means of breaking the AI deadlock that has persisted in areas like natural language processing. AI Guru Geoffrey Hinton at the Google Campus The hope comes in the form of a concept called “thought vectors.” If you have never heard of a thought vector, you’re in good company. The concept is both new and controversial. The underlying idea is that by ascribing every word a set of numbers (or vector), a computer can be trained to understand the actual meaning of these words. Now, you might ask, can’t computers already do that — when I ask Google the question, “Who was the first president of the United States?”, it spits back a short bit of text containing the correct answer. Doesn’t it understand what I am saying? The answer is no. The current state of the art has taught computers to understand human language much the way a trained dog understands it when squatting down in response to the command “sit.” The dog doesn’t understand the actual meaning of the words, and has only been conditioned to give a response to a certain stimulus. If you were to ask the dog, “sit is to chair as blank is to bed,” it would have no idea what you’re getting at. Thought vectors provide a means to change that: actually teaching the computer to understand language much the way we do. The difference between thought vectors and the previous methods used in AI is in some ways merely one of degree. While a dog maps the word sit to a single behavior, using thought vectors, that word could be mapped to thousands of sentences containing “sit” in them. The result would be the computer arriving at a meaning for the word more closely resembling our own. While this sounds well and dandy, in practice things will prove more difficult. For instance, there is the issue of irony, when a word is being used in more than just its literal sense. Taking a crack at his contemporaries across the pond, Professor Hinton remarked, “Irony is going to be hard to get, [as] you have to be master of the literal first. But then, Americans don’t get irony either. Computers are going to reach the level of Americans before Brits.” While this may provide some small relief to Hinton and his compatriots, regardless of which nationality gets bested by computers first, it’s going to come as a strange awakening when the laptop on the kitchen counter starts talking back to us. ‘Thought vectors’ could revolutionize artificial intelligence | ExtremeTech 2024 ?...- 1 reply
-
- artificial
- intelligence
-
(and 3 more)
Tagged with:
-
Document Title: =============== Oracle Business Intelligence Mobile HD v11.x iOS - Persistent UI Vulnerability References (Source): ==================== http://vulnerability-lab.com/get_content.php?id=1361 Oracle Security ID: S0540289 Tracking ID: S0540289 Reporter ID: #1 2015Q1 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1361 Common Vulnerability Scoring System: ==================================== 3.8 Product & Service Introduction: =============================== Oracle Business Intelligence Mobile HD brings new capabilities that allows users to make the most of their analytics information and leverage their existing investment in BI. Oracle Business Intelligence Mobile for Apple iPad is a mobile analytics app that allows you to view, analyze and act on Oracle Business Intelligence 11g content. Using Oracle Business Intelligence Mobile, you can view, analyze and act on all your analyses, dashboards, scorecards, reports, alerts and notifications on the go. Oracle Business Intelligence Mobile allows you to drill down reports, apply prompts to filter your data, view interactive formats on geo-spatial visualizations, view and interact with Dashboards, KPIs and Scorecards. You can save your analyses and Dashboards for offline viewing, and refresh them when online again; thus providing always-available access to the data you need. This app is compatible with Oracle Business Intelligence 11g, version 11.1.1.6.2BP1 and above. (Copy of the Vendor Homepage: http://www.oracle.com/technetwork/middleware/bi-foundation/bi-mobile-hd-1983913.html ) (Copy of the APP Homepage: https://itunes.apple.com/us/app/oracle-business-intelligence/id534035015 ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered an application-side validation web vulnerability in the official Oracle Business Intelligence Mobile HD v11.1.1.7.0.2420 iOS web-application. Vulnerability Disclosure Timeline: ================================== 2014-10-27: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2014-11-01: Vendor Notification (Oracle Sec Alert Team - Acknowledgement Program) 2015-02-25: Vendor Response/Feedback (Oracle Sec Alert Team - Acknowledgement Program) 2015-04-15: Vendor Fix/Patch (Oracle Developer Team) 2015-05-01: Bug Bounty Reward (Oracle Sec Alert Team - CPU Bulletin Acknowledgement) 2015-05-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Oracle Product: Business Intelligence Mobile HD 11.1.1.7.0.2420 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ The Vulnerability Laboratory Research Team discovered an application-side validation web vulnerability in the official Oracle Business Intelligence Mobile HD v11.1.1.7.0.2420 iOS web-application. The vulnerability is located in the input field of the dasboard file export name value of the local save (lokal speichern) function. After the injection of a system specific command to the input field of the dasboard name the attacker is able to use the email function. By clicking the email button the script code gets wrong encoded even if the attachment function is activated for pdf only. The wrong encoded input of the lokal save in the mimeAttachmentHeaderName (mimeAttachmentHeader) allows a local attacker to inject persistent system specific codes to compromise the integrity of the oracle ib email function. In case of the scenario the issue get first correct encoded on input and the reverse encoded inside allows to manipulate the mail context. Regular the function is in use to get the status notification mail with attached pdf or html file. For the tesings the pdf value was activated and without html. The security risk of the filter bypass and application-side input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.8. Exploitation of the persistent web vulnerability requires a low privilege web application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects, persistent load of malicous script codes or persistent web module context manipulation. Vulnerable Module(s): [+] Lokal speichern - Local save Vulnerable Parameter(s): [+] mimeAttachmentHeaderName (mimeAttachmentHeader) Affected Service(s): [+] Email - Local Dasboard File Proof of Concept (PoC): ======================= The application-side vulnerability can be exploited by local privilege application user accounts with low user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual reproduce of the vulnerability ... 1. Install the oracle business intelligence mobile hd ios app to your apple device (https://itunes.apple.com/us/app/oracle-business-intelligence/id534035015) 2. Register to your server service to get access to the client functions 2. Click the dashboard button to access 3. Now, we push top right in the navigation the local save (lokal speichern) button 4. Inject system specific payload with script code to the lokal save dashboard filename input field 5. Switch back to the app index and open the saved dashboard that as been saved locally with the payload (mimeAttachmentHeaderName) 6. Push in the top right navigation the email button 7. The mail client opens with the wrong encoded payload inside of the mail with the template of the dashboard 8. Successful reproduce of the security vulnerability! PoC: Email - Local Dasboard File <meta http-equiv="content-type" content="text/html; "> <div>"><[PERSISTENT INJECTED SCRIPT CODE!]"></x></div><div><br><br></div><br> <fieldset class="mimeAttachmentHeader"><legend class="mimeAttachmentHeaderName">"><"x">%20<[PERSISTENT INJECTED SCRIPT CODE!]>.html</legend></fieldset><br> Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure restriction and filter validation of the local dashboard file save module. Encode the input fields and parse the ouput next to reverse converting the context of the application through the mail function. The issue is not located in the apple device configuration because of the validation of the mimeAttachmentHeaderName in connection with the email function is broken. Security Risk: ============== The security risk of the application-side input validation web vulnerability in the oracle mobile application is estimated as medium. (CVSS 3.8) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - Evolution Security GmbH ™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
-
- business
- intelligence
-
(and 3 more)
Tagged with:
-
Intel sharing used as stick, Vice Chancellor says The US Government threatened to starve Berlin of intelligence if it harboured fugitive document-leaker Edward Snowden, German Vice Chancellor Sigmar Gabriel says. The National Security Agency (NSA) leaker considered Germany as a place of refuge after he fled to Russia from the United States via Hong Kong in 2013. Moscow granted Snowden a three-year residency permit in the country, which expires in August 2017. At that date Snowden will need to apply for citizenship or move elsewhere. In a speech given this week in Hamburg Gabriel said Washington would withhold information on "plots" and "intelligence matters" if Germany offered Snowden asylum. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said, according to an Intercept report. The report did not name the US agency or official who made the extraordinary threats. Severing intelligence which appear to place the country of 80 million at heightened risk of terrorist and espionage attacks. Germany would be obligated to extradite Snowden to the US if he entered the country, Gabriel says, and faced being cut-off from "all intercepted intelligence sharing" if it offered asylum, according to the report. Questions of whether Snowden should be granted asylum in Germany were raised in November 2013 when the leaker was still under temporary protection from Moscow. German Green Party figure Hans-Christian Ströbele who was the first parliamentarian to visit the leaker during his Moscow exile raised the concept after the US had submitted an extradition request for Snowden should he have set foot in the country. Vice Chancellor Gabriel said it was "a shame" Snowden was confined to “Vladimir Putin’s autocratic Russia”. The report comes as Snowden's Russian lawyer Anatoly Kucherena said last month the former sys-admin is reportedly ready to return to the US if he is promised a fair trial. Source
-
Privacy International (PI) is calling on people to sign up to be part of a mass request for confirmation they have been spied on by Five Eyes spy agencies and to demand the removal of captured information. Would-be signatories are being asked to submit their name and email address to the organisation, which will then pass them on to Britain's Investigatory Powers Tribunal tasked with determining if the sharing of NSA-intercepted material with the UK's GCHQ spy agency was illegal. The requests would cover a prodigious amount of data numbering billions of records hoovered up by the NSA and shared with the GCHQ until December last year. PI will not reveal if agencies other than the NSA collected data, and would cover only that shipped to the GCHQ. This could conceivably include data captured by any Five Eyes agency and shared with the GCHQ via the NSA. The offer came on the heels of the tribunal's ruling this month in favour of Privacy International that the mass funnelling of intelligence information between Britain and the United States was illegal prior to December. That decision made on the grounds that rules governing the exchange were secret opened an avenue for users to request the tribunal examine and notify if their data was illegally obtained and, if found in breach, for the information to be destroyed. The British charity dubbed the ruling a "major victory against the Five Eyes" group of nations which includes Australia, New Zealand and Canada, and said it was possible only due to the flurry of NSA leaks from Edward Snowden. "Through their secret intelligence sharing relationship with the NSA, GCHQ has had intermittently unrestricted access to PRISM - NSA's means of directly accessing data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple," deputy director Eric King said at the time. "GCHQ's access to NSA material therefore makes up the large bulk of all surveillance material handled by the security services; some ex- GCHQ staffers estimated that 95 per cent of all signals intelligence material handled at GCHQ is American. "The extraordinary implications of [the] judgement is that all historical sharing of raw intelligence between NSA and GCHQ took place without an adequate legal framework, and thus was unlawful." The Tribunal will likely be swamped if the campaign takes off. Probes could trawl records collected from NSA programmes UPSTREAM, CO-TRAVELLER, and DISHFIRE, the former having intercepted some 160 billion records from its top five programmes in one month alone. Privacy International said requests could take years to be fulfilled. New requests could be made to discover the data collected by individual agencies to current day if the charity was successful in its appeal with the European Court of Human Rights against the decision that the data shared between the US and UK spy agencies was kosher due to the policies of the arrangement being made public as a result of the legal action Source
-
In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats. The center will analyze intelligence contributed by several agencies, along with the private sector, a model that will face some serious hurdles. The proposed Cyber Threat Intelligence Integration Center will fall under the Office of the Director of National Intelligence and it will not be responsible for actually gathering any threat intelligence. Rather, it will serve as an aggregation point for information collected by intelligence agencies and, the Obama administration hopes, private companies. A major piece of the plan for the CTIIC is for it to be a point of information exchange with the private sector, said Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, in a speech Tuesday. That’s a strategy that the United States government has been trying to implement for the better part of two decades now in various incarnations. But there are two main issues with the information-sharing model: the government tends to hoard its intelligence and the private sector tends not to want to give and get nothing in return. Monaco said that for the CTIIC to be effective, both sides need to get past those challenges and start helping one another. “We’re not going to bottle up intelligence. We want the flow of information to go both ways,” Monaco said. In her speech at the Wilson Center in Washington, Monaco said that the CTIIC will be modeled after the National Counterterrorism Center and will draw on what the government and intelligence community learned about responding to and tracking threats after 9/11. She also hinted that the administration is going to be more aggressive in the future in tracking and prosecuting cyber criminals and other attackers. “There are structural, cultural and organizational shifts made in the government in counter-terror that also apply to cyber,” she said. “Those who would do us harm should know they will be found and they will be held to account.” Monaco cited the attack on Sony Pictures late last year as a key example of the kind of attack that the new CTIIC will be able to deal with. “That was a game-changer, because it wasn’t about profit, it was about a dictator trying to impose censorship,” she said. “Which is why we took the extraordinary step of identifying the attackers publicly.” Administration officials blamed the Sony hack on North Korea and later imposed more sanctions on the country as a result. Monaco did not specify when the CTIIC would be operational or who would be part of the new group. Sursa
-
### Punchline ### Stratfor is just The Economist a week later and several hundred times more expensive. ### Article ### On June 2, 2009, Anya Alfano of Stratfor, which describes itself as a private "global intelligence company," sent an email to a colleague requesting some global intelligence on a certain trans-national civilian group on behalf of a powerful international client. That email has now been released to the world, along with five million others like it, by global transparency group Wikileaks, thus revealing Stratfor's shadowy scheme. According to Anya Alfano's email, Stratfor's target was PETA, the animal rights group, and its client Coca-Cola. Their top secret mission was to find out "How many PETA supporters are there in Canada?" and other tantalizing global secrets that could only be secured through such top-secret means as calling PETA's press office or Googling it. Alfano concluded her chilling email, "I need all the information our talented interns can dig up by COB tomorrow." Shortly before the release, Wikileaks told the world to prepare for "extraordinary news." In announcing today's release, Wikileaks describes Stratfor as "a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations." The group's announcement says that the released emails "show Stratfor's web of informers, pay-off structure, payment-laundering techniques and psychological methods" and calls the company "a money-making scheme of questionable legality." It adds, "The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients." Maybe what these emails actually reveal is how a Texas-based corporate research firm can get a little carried away in marketing itself as a for-hire CIA and end up fooling some over-eager hackers into believing it's true. The group's reputation among foreign policy writers, analysts, and practitioners is poor; they are considered a punchline more often than a source of valuable information or insight. As a former recipient of their "INTEL REPORTS" (I assume someone at Stratfor signed me up for a trial subscription, which appeared in my inbox unsolicited), what I found was typically some combination of publicly available information and bland "analysis" that had already appeared in the previous day's New York Times. A friend who works in intelligence once joked that Stratfor is just The Economist a week later and several hundred times more expensive. As of 2001, a Stratfor subscription could cost up to $40,000 per year. It's true that Stratfor employs on-the-ground researchers. They are not spies. On today's Wikileaks release, one Middle East-based NGO worker noted on Twitter that when she met Stratfor's man in Cairo, he spoke no Arabic, had never been to Egypt before, and had to ask her for directions to Tahrir Square. Stratfor also sometimes pays "sources" for information. Wikileaks calls this "secret cash bribes," hints that this might violate the Foreign Corrupt Practices Act, and demands "political oversight." For comparison's sake, The Atlantic often sends our agents into such dangerous locales as Iran or Syria. We call these men and women "reporters." Much like Statfor's agents, they collect intelligence, some of it secret, and then relay it back to us so that we may pass it on to our clients, whom we call "subscribers." Also like Stratfor, The Atlantic sometimes issues "secret cash bribes" to on-the-ground sources, whom we call "freelance writers." We also prefer to keep their cash bribes ("writer's fees") secret, and sometimes these sources are even *********. So why do Wikileaks and their hacker source ********* seem to consider Stratfor, which appears to do little more than combine banal corporate research with media-style freelance researcher arrangements, to be a cross between CIA and Illuminati? The answer is probably a combination of naivete and desperation. Wikileaks chief Julian Assange, after all, felt comfortable taking credit for the Egyptian revolution; how good can his understanding of world events, and the actors shaping them, really be? *********, which tried and failed to hack the Vatican's websites, doesn't appear to have much of an ideology beyond mischief-making. Wikileaks has been declining rapidly since first releasing Bradley Manning's trove of U.S. diplomatic cables; their finances are shrinking, their organization disintegrating (due in part to what former employees describe as Assange's poor leadership), and their credibility with his past media partners is mostly gone. Assange would probably like to regain some of his former glory; Wikileaks' 2010 release of video from a U.S. army helicopter in Iraq sparked a small international incident and won praise from much of the media, including me. What better way to do it than by taking on an easy target and then claiming you'd exposed an international corporate-imperialist conspiracy? Stratfor is not the shadow-CIA that Wikileaks seems to believe it is, but much of the blame for this mistake actually lies with Stratfor itself. The group has spent over a decade trying to convince the world that it is a for-hire, cutting-edge intel firm with tentacles everywhere. Before their marketing campaign fooled *********, it fooled wealthy clients; before it fooled clients, it hooked a couple of reporters. A breathless October 15, 2001, Barron's cover story called Stratfor "a private quasi-CIA," the evidence for which appears to be this quote from Stratfor chief George Friedman: "The CIA has to spend thousands of dollars a month to have an agent in, say, Teheran or Peshawar to monitor local newspapers or political developments that we can find on the Internet within a few hours." In other words, they have Google. But Stratfor's first big break had come in 1999 with a spate of glowing articles such as this January piece in Time, which reported Stratfor's "striking" theory that the U.S. bombing of Iraq in December 1998 was "actually designed to mask a failed U.S.-backed coup." That theory, like so much of Stratfor's "intelligence," was discredited long ago. ### Source ### Stratfor Is a Joke and So Is Wikileaks for Taking It Seriously - Max Fisher - International - The Atlantic ### Personal Opinion ### Articolul se leaga de Wikileaks degeaba, care nu au facut altceva decat sa publice informatiile. Poate ca au impopotonat anuntul, dar se practica, se numeste marketing. Totusi ideea din punchline e buna. Am citit rapoarte de la diverse firme de "intelligence" care erau fie foarte proaste, fie defazate (informatiile erau deja vechi si disponibile publicului larg), fie cu mult limbaj pompos si fara informatie. Am citit si rapoarte bune, dar putine ca numar.
-
- intelligence
- stratfor
-
(and 1 more)
Tagged with: