https://www.wired.com

Warning: for Windows systems: important spread of #WannaCry (#Wcry) ransomware

▻http://thehackernews.com/2017/05/wannacry-ransomware-unlock.html?m=1
▻https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide

The malware/worm is causing disruptions at banks, hospitals, telecommunications services, train stations, and other mission-critical organisations in multiple countries, including the UK, Spain, Germany, and Turkey. Telefonica, FedEx, and the UK government’s National Health Service (NHS) have been hit. Operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

The ransomware completely encrypts all your files and render them unusable. They ask you to pay some money to get the decryption key. ($300 to $600 worth in bitcoins). Paying does not guarantee you will get a decryption key though.

The malware spreads through social engineering e-mails.
Be careful with any attachments you receive from unknown sources (and even known sources). Make sure the files are sent intentionally.
Watch out for .pdf or .hta files, or links received via e-mail that point to .pdf or .hta files.

More than 45.000 computers worldwide have already been infected, but there appears to be a kill switch, i.e. a way to stop its spreading.
As one of the first operations, the malware tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn’t actually download anything there, just tries to connect. If the connection succeeds, the program terminates.

This can be seen as a kind of kill switch provision, or perhaps it had some particular reason. Whichever it is, the domain has now been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the malware. This will of course not help anyone already infected.

Microsoft has released a patch to block the malware on Windows machines:

MS17-010
▻https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

It is important to apply the patch because other variants of the malware can exploit the same vulnerability and/or use a different domain name check.

Nice technical analysis of the worm:

▻https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r

And more technical info about the worm itself: (careful)

▻https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

typedef struct _wc_file_t {
char     sig[WC_SIG_LEN]     // 64 bit signature WANACRY!
uint32_t keylen;             // length of encrypted key
uint8_t  key[WC_ENCKEY_LEN]; // AES key encrypted with RSA
uint32_t unknown;            // usually 3 or 4, unknown
uint64_t datalen;            // length of file before encryption, obtained from GetFileSizeEx
uint8_t *data;               // Ciphertext Encrypted data using AES-128 in CBC mode
} wc_file_t;

#malware #worm #ransomware #NSA #Shadow_Broker #EternalBlue

How the White Helmets, Syria’s Volunteer First Responders, Became a Conspiracy Theory | WIRED
▻https://www.wired.com/2017/04/white-helmets-conspiracy-theory

https://www.wired.com/wp-content/uploads/2017/04/Syrian-White-HelmetsTA_AP_500468354678-1200x630-e1492799134232.jpg

Various White Helmet “truthers”—who range from Assad and his supporters to Russian embassies, and even to Alex Jones—accuse the group of staging rescue photos, belonging to al Qaeda, and being pawns of liberal bogeyman George Soros. The story of how that conspiracy grew is a perfect distillation of how disinformation can spread unchecked, supplanting fact with frenzy where no support exists.

Meet YouTube’s Hidden Laborers Toiling to Keep Ads Off Hateful Videos
▻https://www.wired.com/2017/04/zerochaos-google-ads-quality-raters

Taken together, the scope of the work and nuance required in assessing videos shows Google still needs human help in dealing with YouTube’s ad problems. “We have many sources of information, but one of our most important sources is people like you,” Google tells raters in a document describing the purpose of their ad-rating work. But while only machine intelligence can grapple with YouTube’s scale, as company execs and representatives have stressed again and again, until Google’s machines—or anyone else’s—get smart enough to distinguish, say, truly offensive speech from other forms of expression on its own, such efforts will still need to rely on people.

“We have always relied on a combination of technology and human reviews to analyze content that has been flagged to us because understanding context in video can be subjective,” says Chi Hea Cho, a spokesperson for Google. “Recently we added more people to accelerate the reviews. These reviews help train our algorithms so they keep improving over time.”

#digital_labor #google #publicité #IA

Breast Pumps Finally Join the 21st Century: Babyation, Naya Smart Pump, Willow Wearable Breast Pump | WIRED
▻https://www.wired.com/2017/04/building-a-better-breast-pump

https://www.wired.com/wp-content/uploads/2017/04/BreastPump_IL-1024x768.jpg

How come everything else is getting so smart, but this device that millions of women rely on is still stuck in the ’80s?

Catherine D’Ignazio asked herself the same question a few years ago when, as a grad student at MIT. She’d just given birth to her third child and found herself slumped on the floor of a campus bathroom, grimacing as a pump pinched and pulled at her breasts. “I really felt like if MIT can’t solve this problem, then nobody can,” she says.

She and several colleagues organized the “Make the Breast Pump Not Suck” hackathon in 2014 (...) D’Ignazio says new breast pumps create a path toward the next frontier. She and her colleagues are organizing another breast pump hackathon at MIT next year

hé oui c’est la même Catherine qu’ici : ►https://visionscarto.net/visualisation-donnees-feministe

Learning to Communicate
▻https://blog.openai.com/learning-to-communicate

To train the agents, we represent the experiment as a cooperative — rather than competitive — multi-agent reinforcement learning problem. The agents exist in a two-dimensional world with simple landmarks, and each agent has a goal.

#évolution #langage #IA #machine-learning

▻https://www.wired.com/2017/03/openai-builds-bots-learn-speak-language

Snowden’s Chronicler Reveals Her Own Life Under Surveillance | WIRED
►https://www.wired.com/2016/02/snowdens-chronicler-reveals-her-own-life-under-surveillance

https://assets.wired.com/photos/w_730/wp-content/uploads/2016/02/laura-poitras-h_14755573.jpg

Being Constantly Watched

Private as ever, Poitras declined to detail to WIRED exactly how she experienced that federal investigation in the years that followed. But flash forward to late 2012, and the surveillance targeting Poitras had transformed her into a nervous wreck. In the book, she shares a diary she kept during her time living in Berlin, in which she describes feeling constantly watched, entirely robbed of privacy. “I haven’t written in over a year for fear these words are not private,” are the journal’s first words. “That nothing in my life can be kept private.”

She sleeps badly, plagued with nightmares about the American government. She reads Cory Doctorow’s Homeland and re-reads 1984, finding too many parallels with her own life. She notes her computer glitching and “going pink” during her interviews with NSA whistleblower William Binney, and that it tells her its hard drive is full despite seeming to have 16 gigabytes free. Eventually she moves to a new apartment that she attempts to keep “off the radar” by avoiding all cell phones and only accessing the Internet over the anonymity software Tor.

When Snowden contacts her in January of 2013, Poitras has lived with the specter of spying long enough that she initially wonders if he might be part of a plan to entrap her or her contacts like Julian Assange or Jacob Appelbaum, an activist and Tor developer. “Is C4 a trap?” she asks herself, using an abbreviation of Snowden’s codename. “Will he put me in prison?”

#politique #psychologie #surveillance

Mother Earth Mother Board, by Neal Stephenson (WIRED, 1996)
▻https://www.wired.com/1996/12/ffglass

AUTHOR: NEAL STEPHENSON. DATE OF PUBLICATION: 12.01.96.
12.01.96

The hacker tourist ventures forth across the wide and wondrous meatspace of three continents, chronicling the laying of the longest wire on Earth.

In which the hacker tourist ventures forth across the wide and wondrous meatspace of three continents, acquainting himself with the customs and dialects of the exotic Manhole Villagers of Thailand, the U-Turn Tunnelers of the Nile Delta, the Cable Nomads of Lan tao Island, the Slack Control Wizards of Chelmsford, the Subterranean Ex-Telegraphers of Cornwall, and other previously unknown and unchronicled folk; also, biographical sketches of the two long-dead Supreme Ninja Hacker Mage Lords of global telecommunications, and other material pertaining to the business and technology of Undersea Fiber-Optic Cables, as well as an account of the laying of the longest wire on Earth, which should not be without interest to the readers of Wired.

Information moves, or we move to it.

(...) in the 19th century, when the first feeble bits struggled down the first undersea cable joining the Old World to the New, it must have made people’s hair stand up on end in more than just the purely electrical sense – it must have seemed supernatural.

#hacker_tourism #cables #oldies

à propos de la pose du Fiber Optic Link Around the Globe (FLAG)
▻https://en.wikipedia.org/wiki/Fiber-Optic_Link_Around_the_Globe

Edward Snowden’s New Job Is To Protect Reporters From Spies | WIRED
▻https://www.wired.com/2017/02/reporters-need-edward-snowden

Snowden has focused the next phase of his career on solving that very specific instance of the panopticon problem: how to protect reporters and the people who feed them informa­tion in an era of eroding privacy—without requiring them to have an NSA analyst’s expertise in encryption or to exile them­selves to Moscow.

▻https://freedom.press

#jousnalisme #surveillance #crypto

Inside the Macedonian Fake-News Complex | WIRED
►https://www.wired.com/2017/02/veles-macedonia-fake-news

https://www.wired.com/wp-content/uploads/2017/01/macedonia_opener-1200x630-e1487031653422.jpg

In the final weeks of the US presidential election, Veles attained a weird infamy in the most powerful nation on earth; stories in The Guardian and on BuzzFeed revealed that the Macedonian town of 55,000 was the registered home of at least 100 pro-Trump websites, many of them filled with sensationalist, utterly fake news. (The imminent criminal indictment of Hillary Clinton was a popular theme; another was the pope’s approval of Trump.) The sites’ ample traffic was rewarded handsomely by automated advertising engines, like Google’s AdSense. An article in The New Yorker described how President Barack Obama himself spent a day in the final week of the campaign talking “almost obsessively” about Veles and its “digital gold rush.”

Within Veles itself, the young entrepreneurs behind these websites became subjects of tantalizing intrigue. Between August and November, Boris earned nearly $16,000 off his two pro-Trump websites. The average monthly salary in Macedonia is $371.

What Veles produced, though, was something more extreme still: an enterprise of cool, pure amorality, free not only of ideology but of any concern or feeling about the substance of the election. These Macedonians on Facebook didn’t care if Trump won or lost the White House. They only wanted pocket money to pay for things—a car, watches, better cell phones, more drinks at the bar. This is the arrhythmic, disturbing heart of the affair: that the internet made it so simple for these young men to finance their material whims and that their actions helped deliver such momentous consequences.

Boris developed a routine. Several times a day he dredged the internet for pro-Trump articles and copied them into one of his two websites; if JavaScript prevented an easy copy-paste, he opened a Notepad file and typed the articles out. After publishing a piece, he shared the link in Facebook groups with names like My America, My Home; the Deplor­ables; and Friends Who Support President Donald J. Trump. Trump groups seemed to have hundreds of thousands more members than Clinton groups, which made it simpler to propel an article into virality. (For a week in July, he experimented with fake news extolling Bernie Sanders. “Bernie Sanders supporters are among the smartest people I’ve seen,” he says. “They don’t believe anything. The post must have proof for them to believe it.”) He posted under his own name but also under the guise of one of 200 or so bogus Facebook profiles that he’d purchased for this purpose. (A fake profile with a Russian name cost about 10 cents; for an American name, the price went up to 50 cents.)

At one point, practically all of Boris’ friends had set up similar websites, and they all had money to blow. As a posse, they’d go to one of Veles’ three nightclubs—Tarantino or Club Avangard or Club Drama—and order $100 bottles of Moët to shake and spray. “I don’t drink champagne,” Boris says. “I bought it for spraying. All eyes on me!” It was nothing but the best for Boris.

Boris still goes to the clubs, but he says he has lost his taste for expensive things. “It isn’t interesting anymore.” Which is just as well, because on November 24, after an eruption of concern about the malign effects of fake news, Google suspended the ads from his websites.

#post-truth #fake_news

Inside the Macedonian Fake-News Complex | Wired
►https://www.wired.com/2017/02/veles-macedonia-fake-news

https://www.wired.com/wp-content/uploads/2017/01/macedonia_opener-1200x630-e1487031653422.jpg

THE FIRST ARTICLE about Donald Trump that Boris ever published described how, during a campaign rally in North Carolina, the candidate slapped a man in the audience for disagreeing with him. This never happened, of course. Boris had found the article somewhere online, and he needed to feed his web­site, Daily Interesting Things, so he appropriated the text, down to its last mis­begotten comma. He posted the link on Facebook, seeding it within various groups devoted to American politics; to his astonish­ment, it was shared around 800 times. That month—February 2016—Boris made more than $150 off the Google ads on his website. Considering this to be the best possible use of his time, he stopped going to high school.

#infoguerre #fake_news #Macédoine #États-Unis #élections (via @opironet)

How the New York Times Is Using Strategies Inspired by Netflix, Spotify, and HBO to Make Itself Indispensible
▻https://www.wired.com/2017/02/new-york-times-digital-journalism

Sulzberger, like more than three dozen other executives and journalists I interviewed and shadowed at the Times, is working on the biggest strategic shift in the paper’s 165-year history, and he believes it will strengthen its bottom line, enhance the quality of its journalism, and secure a long and lasting future.

The main goal isn’t simply to maximize revenue from advertising—the strategy that keeps the lights on and the content free at upstarts like the Huffington Post, BuzzFeed, and Vox. It’s to transform the Times’ digital subscriptions into the main engine of a billion-dollar business, one that could pay to put reporters on the ground in 174 countries even if (OK, when) the printing presses stop forever. To hit that mark, the Times is embarking on an ambitious plan inspired by the strategies of Netflix, Spotify, and HBO: invest heavily in a core offering (which, for the Times, is journalism) while continuously adding new online services and features (from personalized fitness advice and interactive newsbots to virtual reality films) so that a subscription becomes indispensable to the lives of its existing subscribers and more attractive to future ones. “We think that there are many, many, many, many people—millions of people all around the world—who want what The New York Times offers,” says Dean Baquet, the Times’ executive editor. “And we believe that if we get those people, they will pay, and they will pay greatly.”

Laura Poitras reveals her own life under surveillance
(Andy Greenberg, February 2016)

►https://www.wired.com/2016/02/snowdens-chronicler-reveals-her-own-life-under-surveillance

https://assets.wired.com/photos/w_560/wp-content/uploads/2016/02/laura-poitras-h_14755573.jpg

“After returning to the United States [from Iraq] I was placed on a government watchlist and detained and searched every time I crossed the US border. It took me ten years to find out why.”

[...]

She sleeps badly, plagued with nightmares about the American government. She reads Cory Doctorow’s Homeland and re-reads 1984, finding too many parallels with her own life. She notes her computer glitching and “going pink” during her interviews with NSA whistleblower William Binney, and that it tells her its hard drive is full despite seeming to have 16 gigabytes free. Eventually she moves to a new apartment that she attempts to keep “off the radar” by avoiding all cell phones and only accessing the Internet over the anonymity software Tor.

When Snowden contacts her in January of 2013, Poitras has lived with the specter of spying long enough that she initially wonders if he might be part of a plan to entrap her or her contacts like Julian Assange or Jacob Appelbaum, an activist and Tor developer. “Is C4 a trap?” she asks herself, using an abbreviation of Snowden’s codename. [Citizenfour] “Will he put me in prison?”

[...]

In the end, Poitras has not only escaped the arrest or indictment she feared, but has become a kind of privacy folk hero: Her work has helped to noticeably shift the world’s view of government spying, led to legislation, and won both a Pulitzer and an Academy Award. But if her ultimate fear was to “become the story,” her latest revelations show that’s a fate she can no longer escape–and one she’s come to accept.

#Snowden #Edward_Snowden
#Poitras #Laura_Poitras

Russians find a brilliant way to cheat slot machines, and Casinos have no fix

This cheat exploits the PRNG, pseudo-random number generator in the machine by finding a way to predict the outcome based on patterns.

▻https://www.wired.com/2017/02/russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix

the operatives [persons operating the slot machine] use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.

[...]

most casinos can’t afford to invest in the newest slot machines, whose PRNGs use encryption to protect mathematical secrets; as long as older, compromised machines are still popular with customers, the smart financial move for casinos is to keep using them and accept the occasional loss to scammers.

How did they find out ? After they noticed they were losing money they started researching.

Casino security pulled up the surveillance tapes and eventually spotted the culprit, a black-haired man in his thirties who wore a Polo zip-up and carried a square brown purse. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew. Over the course of two days, his winnings tallied just over $21,000. The only odd thing about his behavior during his streaks was the way he’d hover his finger above the Spin button for long stretches before finally jabbing it in haste; typical slots players don’t pause between spins like that.

Gun Violence Researchers Race to Protect Data From Trump

Wintemute, epidemiologist and director of the Violence Prevention Research Program, was prepared. After seeing that climate scientists were systematically downloading crucial information from federal databases, he had drawn up a spreadsheet of the gun-related datasets he uses every day: lists of gun licensees, retailers, and manufacturers; gun tracing data; firearm-related death and injury numbers sorted by categories like race, location, or age. “I basically walked around the building saying, ‘Get it done now,’” Wintemute says. So on inauguration day, as Cerdá says, the #Violence_Prevention_Research_Program was less of a lab and more of a “little downloading bootcamp.”

▻https://www.wired.com/2017/02/gun-violence-researchers-race-protect-data-trump

#armes #armement #recherche #chercheurs #violence #Trump #données #données_sensibles
cc @reka @fil

Two Pilots Say They Can Find #MH370. All They Need Is $5 Million | WIRED
▻https://www.wired.com/2016/03/pilots-say-know-mh370-need-5-million

https://www.wired.com/wp-content/uploads/2016/03/3d-1200x630-e1457400295847.jpg

Two years ago, Malaysia Airlines Flight 370 disappeared somewhere over the Indian Ocean with 239 people on board. What then grew into humanity’s largest, most expensive search operation has also been among its most frustrating and beguiling. Investigators have found only one real bit of evidence, a wing flap that washed up on the shores of Réunion, near Madagascar. It was pretty useless. Because it spent nearly 500 days bobbing around on the ocean’s surface, all it indicates is that the plane crashed into the water. Likely to the east.

Computer Scientists Close In on Perfect, Hack-Proof Code
▻https://www.wired.com/2016/09/computer-scientists-close-perfect-hack-proof-code

https://assets.wired.com/photos/w_582/wp-content/uploads/2016/09/Quanta_HP.jpg

“Back in the 20th century, if a program had a bug, that was bad, the program might crash, so be it,” said Andrew Appel, professor of computer science at Princeton University and a leader in the program verification field. But in the 21st century, a bug could create “an avenue for hackers to take control of the program and steal all your data. It’s gone from being a bug that’s bad but tolerable to a vulnerability, which is much worse,” he said.

The Dream of Perfect Programs !

#langage_fonctionnel #programmation_par_contrat #haskell #caml #ada

Can You Spot the Snipers Hidden in These Photos? | WIRED
▻https://www.wired.com/2014/03/hidden-snipers

https://assets.wired.com/photos/w_1200/wp-content/uploads/images_blogs/rawfile/2014/03/SimonMennerCamouflage001.jpg

Simon Menner’s ongoing series Camouflage shows landscapes with German snipers hidden somewhere in the frame. The project is like a deadly Where’s Waldo exercise. For Menner, the challenge of finding the snipers isn’t the important part; the photos comment on the way things like fear, terror, and surveillance are constantly part of our lives in the modern world.

“I’m playing with this notion that you always have to be afraid of something that is not visible,” says Menner, who lives in Berlin.
...
He started shooting back in 2010 and actually had a fairly easy time contacting the German army. He wrote a letter to the German Defense Secretary explaining his request and soon after was contacted by several high-ranking army officials who helped him arrange the shoot.

“I didn’t expect much, but [the army] was very open to it,” he says. “I think part of the reason it was so easy was because there is a general lack of interest in society about the army, so they were very happy. They actually offered to have me go to Afghanistan as well.”

#photgraphie #art #militaire #Allemagne

How an Army of Deadheads (And Their LSD) Invented Silicon Valley | WIRED
▻https://www.wired.com/2016/04/heads-jesse-jarnow-excerpt

https://www.wired.com/wp-content/uploads/2016/04/DanielKottke-SteveJobs.jpg

The Internet is a far-off unsettled place in the ’80s, more a collection of various text-based technologies that don’t add up to much in most places. But, yet, here are these Deadheads, new kinds of citizens.

Take, for example, Gumby. Gumby is an appropriately heady figure among the early Deadhead digerati. “He basically bounced between MIT and the AI lab at Stanford,” remembers dead.dis@sail mailing list founder Paul Martin. “He was just a good hacker who hadn’t actually had any training in any of the AI stuff, but would really work hard at swinging code and making something work.”

Gumby is connected and on the go, reaching for a new form of digital harmony. “Gumby was the kind of person who was back and forth, you couldn’t just call him on the phone,” Paul Martin says. “You just had no idea where he was going to be that week, and email was a way around that problem.” Once, when working in Austin in the mid-1980s, Gumby departs for Dead tour, the whole tour.

In each city, Gumby connects with a head at a local computer lab. Never a partier, Gumby’s postshow routine involves going immediately to a terminal and posting a set list. The tour happens to end in Austin, where he’s living at the time, and he happens to go into work that day, where he encounters his boss.

“We haven’t seen you much,” the boss man says. “Well, I’ve been thinking,” he half bluffs.

“Thinking about what?” and Gumby spells it out on the whiteboard. Without really working at it, he’d untangled the whole problem in his head over the previous weeks, following the Dead, listening to the Dead, breathing the Dead. The Dead’s long jams, either experienced live or on tape, are good for thinking, Garcia’s solos unfolding with crystal themes and unexpected variations.

#grateful_dead #histoire #internet #USA #musique

HeartMob Is Signing Up Volunteers to Fight Twitter Eggs | WIRED
▻https://www.wired.com/2016/11/heartmob-signing-volunteers-fight-twitter-eggs

https://www.wired.com/wp-content/uploads/2016/11/TwitterEggHP-1200x630-e1479169416475.jpg

HeartMob is a service designed to connect targets of harassment with thousands of well-intentioned users ready to leap into action as a force to stand up to Twitter eggs. The site lets anyone sign up to send positive messages to people being trolled; volunteers can also help document and report abuse so that victims don’t have to keep telling their painful stories.

People want to help, but they don’t know what to do, says Lalonde. “HeartMob creates a space that validates victims’ experience, and it gives people practical tools.”

▻https://iheartmob.org

#twitter #trolls # harcèlement

Strikingly Imaginative Structures for Housing LA’s Homeless | WIRED
▻https://www.wired.com/2016/11/strikingly-imaginative-structures-housing-las-homeless

https://www.wired.com/wp-content/uploads/2016/11/HomelessProjectHP-1200x630-e1478122768220.jpg

If you’ve recently driven the streets of Los Angeles, you’ve probably noticed a striking uptick in the city’s already huge homeless population. Encampments are still centered in downtown’s Skid Row, but many more tents, shopping carts, and makeshift shelters are popping up on sidewalks, in parks, near overpasses, and under and over bridges throughout the city. The Los Angeles Homeless Services Authority recently reported an 11 percent jump in the city’s overall homeless population, and L.A. officials have placed $1.2 billion bond measure HHH on the November 8 ballot, which would finance 8,000 to 10,000 units over 10 years for the chronically homeless.

#états-unis #pauvreté #sans-abris #los-angeles