source: sciencedaily.com

Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users' browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web.

The techniques fall into the category of "history sniffing" attacks, a concept dating back to the early 2000s. But the attacks demonstrated by the researchers at the 2018 USENIX Workshop on Offensive Technologies (WOOT) in Baltimore can profile or 'fingerprint' a user's online activity in a matter of seconds, and work across recent versions of major web browsers.

All of the attacks the researchers developed in their WOOT 2018 paper worked on Google Chrome. Two of the attacks also worked on a range of other browsers, from Mozilla Firefox to Microsoft Edge, as well various security-focused research browsers. The only browser which proved immune to all of the attacks is the Tor Browser, which doesn't keep a record of browsing history in the first place.

"My hope is that the severity of some of our published attacks will push browser vendors to revisit how they handle history data, and I'm happy to see folks from Mozilla, Google, and the broader World Wide Web Consortium (W3C) community already engage in this," said Deian Stefan, an assistant professor in computer science at the Jacobs School of Engineering at UC San Diego and the paper's senior author.

"History sniffing": smelling out your trail across the web

Most Internet users are by now familiar with "phishing;" cyber-criminals build fake websites which mimic, say, banks, to trick them into entering their login details. The more the phisher can learn about their potential victim, the more likely the con is to succeed. For example, a Chase customer is much more likely to be fooled when presented with a fake Chase login page than if the phisher pretends to be Bank of America.

After conducting an effective history sniffing attack, a criminal could carry out a smart phishing scheme, which automatically matches each victim to a faked page corresponding to their actual bank. The phisher preloads the attack code with their list of target banking websites, and conceals it in, for example, an ordinary-looking advertisement. When a victim navigates to a page containing the attack, the code runs through this list, testing or 'sniffing' the victim's browser for signs that it's been used to visit each target site. When one of these sites tests positive, the phisher could then redirect their victim to the corresponding faked version.

The faster the attack, the longer the list of target sites an attacker can 'sniff' in a reasonable amount of time. The fastest history sniffing attacks have reached rates of thousands of URLs tested per second, allowing attackers to quickly put together detailed profiles of web surfers' online activity. Criminals could put this sensitive data to work in a number of ways besides phishing: for example, by blackmailing users with embarrassing or compromising details of their browsing histories.

History sniffing can also be deployed by legitimate, yet unscrupulous, companies, for purposes like marketing and advertising. A 2010 study from UC San Diego documented widespread commercial abuse of previously known history sniffing attack techniques, before these were subsequently fixed by browser vendors.

"You had internet marketing firms popping up, hawking pre-packaged, commercial history sniffing 'solutions', positioned as analytics tools," said Michael Smith, a computer science Ph.D. student at UC San Diego and the paper's lead author. The tools purported to offer insights into the activity of their clients' customers on competitors' websites, as well as detailed profiling information for ad targeting -- but at the expense of those customers' privacy.

 source: bbc.com

 

(WATCH THE VIDEO AT https://www.bbc.com/news/technology-46060381

 

University classes are set to be given a futuristic spin by letting lecturers appear as hologram-like apparitions beamed in from afar.

Imperial College London will show off the technology at a special event later on Thursday before deploying it more widely.

It believes it will be the first academic body to do so regularly.

A similar effect has been used to animate images of Michael Jackson, Elvis Presley and other celebrities.

Imperial will initially limit its use to its Business School's activities but expects the technology could eventually become common.

"The alternative is to use video-conferencing software but we believe these holograms have a much greater sense of presence," Dr David Lefevre, director of Imperial's Edtech Lab, told the BBC.

"The lecturers have a high-definition monitor in front of them which is calibrated so they can point at people and look them in the eye. They can really interact."

More than one person can also appear at a time.

Indeed, at the Women in Tech event on Thursday, a panel will feature two guests whose images will be transmitted from the US alongside a further two actually on stage. All four are expected to be able to intercommunicate.

 

On budget

Strictly speaking, the illusions are not holograms but neither are they the Pepper's Ghost effect used by politicians including French presidential candidate Jean-Luc Melenchon and India's Prime Minister Narendra Modi as well the entertainment industry.

Instead, they use a technique developed by a Canadian company, Arht Media.

"The problem with Pepper's Ghost is that it can be intricate to set up and can cost about £150,000 to run an event," said Dr Lefevre.

"This is simpler - you project upon a glass screen, and a backdrop behind it uses software to give it an illusion of depth.

"It runs at the low thousands each time, so for the first time universities can afford it."

To send their image, lecturers need to use a "capture studio", which involves filming them against a black backdrop while being lit from both sides.

 source:  pwc.com, submitted by Artemus FAN, Chuck Miller

(Original PWC Article can be read at https://www.pwc.com/gx/en/issues/blockchain/blockchain-in-business.html)

 

What is the state of blockchain today? In PwC’s 2018 survey of 600 executives from 15 territories, 84% say their organisations have at least some involvement with blockchain technology. Companies have dabbled in the lab; perhaps they’ve built proofs of concept. Everyone is talking about blockchain, and no one wants to be left behind.

It’s easy to see why. As a distributed, tamperproof ledger, a well-designed blockchain doesn’t just cut out intermediaries, reduce costs, and increase speed and reach. It also offers greater transparency and traceability for many business processes. Gartner forecasts that blockchain will generate an annual business value of more than US $3 trillion by 2030. It’s possible to imagine that 10% to 20% of global economic infrastructure will be running on blockchain-based systems by that same year.

Four strategies for blockchain success

How do you come up with a business model in which companies in an industry can agree on common standards and operate together? The answer lies in building trust. By focusing on four key areas early in their blockchain efforts, companies can set themselves on a path toward successful execution.

How blockchain is changing business

There are many indications that blockchain is fundamentally altering the business landscape. Here are just a few significant shifts:

  • Tokenisation — the representation of real or virtual assets on a blockchain — is spreading to raw materials, finished goods, income-producing securities, membership rights and more. You can now represent on a blockchain almost everything businesses do.
  • Initial coin offerings (ICOs), in which a company sells a predefined number of digital tokens to the public, are funnelling billions of dollars into blockchain platforms. Increasingly an alternative to classic debt/capital funding as provided today by venture capital and private equity firms and banks, ICOs in the first five months of 2018 raised $13.7 billion. The largest ICOs to date have been diverse and included EOS, which is focused on blockchain infrastructure; Huobi Token, a coin for a South Korean crypto exchange; and Hdac, an Internet of Things platform. 
  • Enterprise software platforms that are the engine for company operations such as finance, human resources and customer relationship management are beginning to integrate blockchain. For example, Microsoft, Oracle, SAP and Salesforce have all announced blockchain initiatives. In the future, many core business processes will run on — or interoperate with — blockchain-based systems. Using blockchain in concert with enterprise resource planning platforms will enable companies to streamline processes, facilitate data sharing and improve data integrity.
  • New industry and territory leaders are emerging. Gartner has foundthat 82% of reported blockchain use cases were in financial services in 2017, but that sector’s portion dropped to 46% of reported use cases in 2018. Our survey respondents still perceive financial services to be the current and near-term future leader of blockchain, but also see potential in industrial products, energy and utilities and healthcare. Moreover, an early centre of gravity in the US and Europe is shifting. Our survey respondents believe that the US is the most advanced territory in developing blockchain today, but that in three to five years, the leader will be China.

Why it’s hard to trust a blockchain

Blockchain, by its very definition, should engender trust. But in reality, companies confront trust issues at nearly every turn. For one, users must build confidence in the technology itself. As with any emerging technology, challenges and doubts exist around blockchain’s reliability, speed, security and scalability. And there are concerns regarding a lack of standardisation and the potential lack of interoperability with other blockchains.

Also contributing to the blockchain trust gap is a lack of understanding. Even now, many executives are unclear on what blockchain really is and how it is changing all facets of business. Although the public narrative has moved beyond bitcoin, even the more recent focus and hype around ICOs only hint at the potential impact. Blockchain’s role as a dual-pronged change agent — as a new form of infrastructure and as a new way to digitise assets through tokens, including cryptocurrency — is not easy to explain. Think about other new technologies: users can try on virtual reality goggles or watch a drone take flight. But blockchain is abstract, technical and happening behind the scenes.

Another challenge for blockchain is building trust in the network. It is perhaps ironic that a technology meant to bring consensus hits a stumbling block on the early need to design rules and standards. Take payment systems and mechanisms in banking. Though everyone plays by the rules of existing systems today, they don’t necessarily agree on how an alternative blockchain-based model should be designed and operated.

Likewise, there’s a lack of comfort regarding regulation. The majority of regulators are still coming to terms with blockchain and cryptocurrency. Many territories have begun studying and discussing the issues, particularly as they relate to financial services, but the overall regulatory environment remains unsettled.

 

  source: submitted by Artemus FAN, Linda Zall

 A former employee of the agency, he ran afoul of it as co-author of a book about its inner workings. It led to a landmark First Amendment fight.Victor Marchetti, a former C.I.A. employee and co-author of the first book, about the agency’s inner workings, that the federal government sought to censor before its publication, died on Oct. 19 at his home in Ashburn, Va. He was 88.

The cause was complications of dementia, his son Christian said.

Mr. Marchetti worked for the Central Intelligence Agency for 14 years as a Soviet-military specialist and executive assistant to the deputy director, Rufus L. Taylor. Disillusioned by what he saw as the agency’s unchecked excesses and its increasing involvement in attempted assassinations, coups and cover-ups, he resigned in 1969.

He and John D. Marks, a former State Department intelligence officer, then wrote a nonfiction book, “The C.I.A. and the Cult of Intelligence,” which was ultimately published in 1974.

“The cult of intelligence is a secret fraternity of the American political aristocracy,” they wrote. “It seeks largely to advance America’s self-appointed role as the dominant arbiter of social, economic, and political change in the awakening regions of Asia, Africa, and Latin America.”