5554 stories
·
0 followers

OpenAI's AI-Powered Robot Learned How To Solve a Rubik's Cube One-Handed

1 Share
Earlier today, San Francisco-based research institute OpenAI announced that it had taught a robotic hand to solve Rubik's cube one-handed. "Lost in the shuffle is just what is new here, if anything, and what of it may or may not be machine learning and artificial intelligence -- the science in other words," writes Tiernan Ray via ZDNet. An anonymous Slashdot reader shares an excerpt from his report: The real innovation in Tuesday's announcement, from a science standpoint, is the way many versions of possible worlds were created inside the computer simulation, in an automated fashion, using an algorithm called ADR. ADR, or "Automatic domain randomization," is a way to reset the neural network at various points based on different appearances of the Rubik's cube and different positions of the robotic hand, and all kinds of physical variables, such as friction and gravity. It's done by creating thousands of variations of the values of those variables inside the computer simulator while the neural network is being trained. ADR is an algorithm that changes the variables automatically and iteratively, as the policy network is trained to solve the Rubik's cube. The ADR, in other words, is a separate piece of code that is designed to increase random variation in training data to make things increasingly hard for the policy neural network. Using ADR, the real world Dexterous Hand can adapt to changes such as when it drops the cube on the floor and the cube is placed back in the hand at a slightly different angle. The performance of the Dexterous Hand after being trained with ADR is vastly better than without it, when only a handful (sorry again again for the pun) of random variants are thrown at it using the prior approach of manually-crafted randomness, the authors report. What's happening, they opine, is the emergence of a kind of "meta-learning." The neural network that has been trained is still, in a sense "learning" at the time it is tested on the real-world Rubik's cube. What that means is that the neural network is updating its model of what kinds of transitions can happen between states of affairs as events happen in the real world. The authors assert that they know this is happening "inside" the trained network because they see that after a perturbation -- say, the Dexterous Hand is hit with some object that interrupts its effort -- the robot's activity suddenly plunges, but then steadily improves, as if the whole policy network is adjusting to the changed state of affairs.

Read more of this story at Slashdot.

Read the whole story
tain
3 hours ago
reply
Share this story
Delete

Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA's doorstep

1 Share

Of the countless security conferences held across the globe, only one combines craft beer and malware analysis in the National Security Agency’s backyard.

Every year, federal contractors and analysts at Beltway cybersecurity companies gather for a day at Jailbreak Brewery’s Laurel, Maryland, headquarters to trade specialized knowledge in digital forensics.

“The training is really good; the beers are even better,” said a Department of Justice employee sipping a Lemon Meringue Berliner Weisse.

The DOJ employee, who declined to speak on the record, has been coming since the summit’s inception in 2015. “I learn something new every year,” he said, before descending from the bar and taking a seat in front of the presentation stage.

That is the comfort zone that Kasey Turner, a former NSA employee, sought to create when he opened the brewery in 2014 with cybersecurity contractor-turned-entrepreneur Justin Bonner.

“We wanted this to be everybody’s own jailbreak,” Turner told CyberScoop. “Whatever drama is in your life…while you sit here and drink a beer, we hope that you don’t think about that for a few minutes.”

The brewery’s name is a nod to the cybersecurity definition of a “jailbreak”: using a vulnerability to gain “root access” to a device and install whatever programs you like on it.

“It’s more about the freedom of the jailbreak, so to speak,” Turner said. “You’re setting your phone free from the network and all of the constraints that are put on it.”

It was early Friday evening and Turner and his colleague Tom McGuire, another ex-NSA-er, were taking a break from the exertions of running the brewery to reflect on how their project had progressed. Around them, glasses clinked as attendees lingered long after the last speaker had finished to share stories and exchange contact information. 0Day IPA was available at the bar, the walls were adorned with Big Lebowski-themed art, and 90s grunge hummed through the hall.

Before cybersecurity became a multibillion-dollar and endlessly hyped industry, security conferences had this low-key feel.

“They were small, they were intimate, and you pretty much went to them because there wasn’t anywhere else to talk about this stuff,” Turner recalled. “This was your opportunity to meet with these people and talk with them and put a face to a handle.”

Sarah Edwards, a Mac/iOS forensics specialist who, fittingly, presented on jailbreaking tools at the conference, said the event was fertile ground for collaborating with others in her niche. It helped drive home the many positive reasons to jailbreak a phone, she said, including to study the device’s interactions with its applications in order to make them more secure.

Staying low-key

While previous summits focused on SCADA systems or Internet of Things devices, this year’s theme was reverse-engineering malware.

“We need to make reverse engineering accessible to more people,” proclaimed one presenter, in between meditations on binary static analysis. Carbon Black’s Erika Noerenberg riffed on the ability of a threat-hunting tool to decrypt payloads, while Google Project Zero’s Maddie Stone walked attendees through how she deconstructed a vulnerability exploited in WhatsApp.

“Each of us in this room may have a different reason for analyzing [a bug],” Stone said.

Mike Bell, a longtime NSA contractor, presented on Ghidra, the reverse-engineering tool that the NSA publicly released earlier this year.

Looking relaxed in a sailor hat after going out on a boat the previous night with fellow presenters, Bell talked about his hope that Ghidra would be a valuable resource for academic researchers. Bell, who had helped write some of Ghidra’s algorithms, stood at the bar, his chin raised slightly, exuding an eagerness about where the project would go next.

“The simple fact is the team can’t keep up with all the changes in industry,” Bell said, explaining one reason why the NSA released Ghidra publicly.

The camaraderie on display is one reason Turner and McGuire say they want to keep the conference small and unassuming, a contrast to the pomp and glitz of other industry events.  What started for Turner and McGuire as a means of catching up with former colleagues will stay that way, they said.

“Having a conference at a brewery gets people going,” Turner said. “They talk to one another.”

The post Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA's doorstep appeared first on CyberScoop.

Read the whole story
tain
14 hours ago
reply
Share this story
Delete

A Code Glitch May Have Caused Errors In More Than 100 Published Studies

1 Share
Scientists have uncovered a glitch in a piece of code that could have yielded incorrect results in over 100 published studies that cited the original paper. From a report: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, last week in the journal Organic Letters. "This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]." Yuheng Luo, a graduate student at the University of Hawai'i at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to "try to find compounds that are effective against cancer," Williams said.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities

1 Share

Ethical hackers have found nine “high severity” vulnerabilities and one “critical” vulnerability across Department of Defense proxies, virtual private networks, and virtual desktops through the “Hack the Proxy,” bug bounty program, the Department of Defense’s Defense Digital Service and HackerOne announced Monday.

In addition to the high severity and critical vulnerabilities uncovered, “Hack the Proxy” found 21 “medium” or “low severity” vulnerabilities. Defense Digital Service and HackerOne spokespeople did not immediately return requests for comment on what kinds of vulnerabilities constitute as “high severity,” “critical,” or “medium/low severity.”

The bug bounty program, sponsored by U.S. Cyber Command, zeroed in on finding vulnerabilities external to the Department of Defense Information Network that could enable foreign hackers to watch internal affairs at the Pentagon.

This comes just a week after the National Security Agency issued an alert warning that multiple nation-state adversaries have been exploiting VPN vulnerabilities in Pulse Secure and Fortinet products, products which Chinese hackers known as “Manganese” or APT5 are known to have targeted in the past.

Maj. Sgt. Michael Methven at Cyber Command’s Directorate of Operations said in a statement this program helps the Department of Defense ensure its networks are more resilient against attacks emanating from malicious actors, noting that “validating capabilities, closing previously unknown vulnerabilities, and enforcing standards improve[s] our ability to conduct multi-domain military operations.”

While discussing multi-domain operations — operations meant to link air, sea, land, space, and cyber activities to better meet adversary threats against the U.S. — the Secretary of the U.S. Army, Ryan McCarthy, noted in remarks Monday that he thinks U.S. adversaries are one step ahead of the Pentagon right now.

“U.S. adversaries are operating largely uncontested in space and cyberspace,” McCarthy said while delivering remarks at the Association of the U.S. Army summit in Washington.

“As our adversaries become more sophisticated in their tactics, we must stay one step ahead to protect our citizens and defense systems,” said Alex Romero, Digital Service Expert at the Department of Defense Defense Digital Service. “HackerOne’s global community of vetted hackers have helped us discover and remediate vulnerabilities that represent real risk to national security.”

Harnessing the talents of 81 hackers from the U.S., Ukraine, Turkey, India, and Canada, the bug bounty program ran for two weeks early last month. It was the Department of Defense’s eighth bug bounty program since the Pentagon began its partnership with HackerOne three years ago. The top bug bounty hunter, based in the U.S., received an award of $16,000. In all, hackers involved in the operation were awarded $33,750.

Just last week, HackerOne announced a bug bounty program with the Pentagon focused on the U.S. Army, which it previously partnered with in 2016.

The post Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities appeared first on CyberScoop.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

A glimpse into the present state of security in robotics

1 Share

 Download full report (PDF)

The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things (IoT) through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to production processes and improves user experience across the globe. According to some estimates, these systems will become the norm in wealthy households before 2040.

Nowadays, however, these “robots” are not limited to futuristic humanoid machines. They include various devices, such as robot arms in factories or delivery robots, autonomous cars, automated baby sitters, etc.

Digitized systems of the future will involve deployable robotic systems in highly networked environments, remotely communicating with various services and systems for higher efficiency. While for now, this is only expected to happen, and we cannot talk about real truly functional deployable robotic systems, there are already certain developments in that area.

Robot Operating System

The research and development community, established around a shared interest in the future of robotics, initially required a unified and standard platform. To achieve that, back in 2007, Willow Garage introduced Robot Operating System (ROS), essentially a collection of middleware frameworks for robot software development, and a distributed system providing a mechanism for nodes to exchange information over a network. It operates like a service for distribution of data among various nodes in a system. A central master service is responsible for tracking published and subscribed topics, and provides a parameter server for nodes to store various metadata. Nodes can publish data as topics by advertising to the ROS master service. Other nodes can subscribe to these topics by querying the master, which provides the IP address and TCP port number of any nodes publishing a given topic, allowing the subscriber to contact the publishers directly to establish further connections. ROS has a distributed architecture: nodes can run on the same machine as the master, or on different machines. Apart from that, ROS possesses a number of ready-to-go libraries for solving various tasks, such as recognition of objects in an image or space mapping.

That said, ROS itself hardly can be positioned as a fully functional operating system—it is rather a set of open-source libraries that helps researchers and developers to visualize and record data, easily navigate the ROS package structures, and create scripts that automate complex configuration and setup processes.

Open source for study

ROS was designed with open source in mind—by a researcher, for researchers—with the intention of enabling users to choose the configuration of the tools and libraries that interacted with the core of ROS, so that the users could shift their software stacks to fit their robot or application area.

This open-source nature brings certain peculiarities into the subject of robotics’ cyber security. ROS is mainly used in research purposes: in the universities and by engineering enthusiasts. As with many other research platforms, the ROS designers made a conscious decision to exclude security mechanisms because they did not have a clear model of security threats and were not security experts themselves—and for the sake of research and development comfort and efficiency. For instance, the ROS master node trusts all nodes that connect to it, and thus should not be exposed to the Internet or any network with unauthorized users on it, without additional measures to restrict access to the system.

Overall, ROS has no built-in security; it lacks authentication, authorization and confidentiality features. Some of those issues have been addressed in ROS 2.0, a new version of ROS that is under heavy development and will take advantage of modern libraries and technologies for core ROS functionality, adding support for real-time code and embedded hardware. However, the second version is still not quite widely spread: the first version is sufficient for most researches, and more complex projects take a long time to migrate to an updated platform.

Security

Nevertheless, ROS is expected to play an important role in robotics outside of pure research-oriented scenarios. And the significant security issues it bears should be addressed before ROS-based products like social robots, autonomous cars, etc. fly from university classrooms to reach mass markets.

By definition, networks are shared resources, so it is important to consider the security aspects of connecting systems using ROS, as a ROS master will by default respond to requests from any device on the network (or host) that can connect to it. Any host on the network can publish or subscribe topics, list or modify parameters, and so on.

In this regard, cyberattacks are a growing threat to the integrity of robotic systems at the core of this new emerging ecosystem. A robot can sense the physical world using sensors, or directly change the physical world with its actuators. Thus, a robot could leak sensitive information about its environment, such as data from sensors or cameras, if accessed by an unauthorized party, or even receive commands to move, which would create a both privacy and safety risk.

Initial studies have already validated the above consideration: in 2018, over 100 publicly accessible hosts running a ROS master node have been identified as part of analysis of the entire IPv4 address space of the Internet for instances of deployed ROS systems. Some of these appeared to be real robots, potentially exposed to either unauthorized publishing injections, or Denial of Service (DoS) attacks, or Unauthorized Data Access. This made robots potential targets, capable of being remotely moved in ways dangerous to both the robot and the objects around it.

But apart from technical aspect, there are more specific dimensions to be concerned about when it comes to robotics security. To find more in this regard, Kaspersky and the research team at the University of Ghent looked deeper into how the wide use of so-called “social robots” in the future could affect humans’ private lives, their social behavior and what the cyber security takeaways from this impact are.

It is our hope that this brief outline of robotics cybersecurity issues will encourage others to follow our example and bring about greater public and community awareness of the subject.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

New OpenLibra Cryptocurrency: Like Libra, But Not Run By Facebook

1 Share
"While Facebook's upcoming cryptocurrency Libra struggles to keep partners on board and regulators happy, an alternative called OpenLibra is here to address some of Libra's potential shortcomings," reports Mashable: Announced at Ethereum Foundation's Devcon 5 conference in Osaka, Japan, OpenLibra is described as an "open platform for financial inclusion," with a telling tagline: "Not run by Facebook." OpenLibra aims to be compatible with Libra in a technical sense, meaning someone building an app on the Libra platform should be able to easily deploy it to OpenLibra as well. OpenLibra's token's value will be pegged to the value of the Libra token. But while Libra will be a permissioned blockchain (meaning, roughly, that only permitted parties will be able to run a Libra node), OpenLibra will be permissionless from the start. There's an important difference in governance, too. Libra will initially be run by a foundation comprised of up to a 100 corporations and non-profits. It's not entirely clear how OpenLibra will be governed, but the 26-strong "core team" of the project includes people related to cryptocurrency projects such as Ethereum and Cosmos.

Read more of this story at Slashdot.

Read the whole story
tain
2 days ago
reply
Share this story
Delete
Next Page of Stories