Robots, ransomware and grokking chat slang

Given that Apple is still embroiled in a battle with the FBI over recovering data from its phones, it’s probably no coincidence that Obama snubbed the firm in a speech this week about the government’s Cybersecurity National Action Plan. He also praised Microsoft as a company that is helping the government with its security plans. For Microsoft founder Bill Gates, the jury is out on whether the FBI is right to try and grab Apple’s data, though.

Participating in his fourth Reddit AMA (Ask Me Anything), Gates fielded questions from hundreds of the site’s users, including one about the FBI/Apple situation.

“I think there needs to be a discussion about when the government should be able to gather information. What if we had never had wiretapping?” he said. But he was equivocal, describing the need to protect citizen data from governmental over-reaching, too, adding the government needs to talk about safeguards so that agencies can’t use information outside of criminal situations. “For tech companies, there needs to be some consistency including how governments work with each other. The sooner we modernize the laws the better.”

Gates was more forthcoming on how technology will develop in the future, though, arguing that robots will be able to see and manipulate things as well as we do. “That will happen in the next decade and is being underestimated,” he said.

Smarter machines must be regulated, Gates continued, siding with Elon Musk and Stephen Hawking. “When a few people control a platform with extreme intelligence it creates dangers in terms of power and eventually control.”

The AMA is interesting to read in its entirety, but perhaps the best part is the photo he used to authenticate himself as the real Bill Gates: a perfect recreation of his 1973 high school yearbook photo. Sheer class.

Wat? ZOMG, Facebook wants to grok your chat slang

In its latest attempt to automate everything social, Facebook wants to develop a system that learns Internet slang. The online world is full of newly coined phrases, known as neologisms, that various communities develop for themselves. Some become widely used for long periods, while others surface, become popular for a while, and then fade away.

Facebook’s system, now patented, identifies these words and puts them in a glossary. Phrases such as ‘ugly crying’ and ‘humble bragging’ would automatically be identified and added to a glossary if they aren’t already known. They would then be deleted as they become obsolete. The system would help the firm with tasks like auto-correction, and could also help it to understand its users’ social relationships, it said.

Ransomware strikes the Mac

Think Macs are safe? Think again. Apple’s OS has been hit by its first ransomware attack. KeRanger scrambles Mac users’ files and demands a payment of one bitcoin to decode them. It was embedded in a version of Transmission, an open-source Bittorrent client, which installed itself and waited a few days before doing its worst.

Interestingly, the app was signed with a valid Mac app development certificate, enabling it to pass through the Gatekeeper protection feature in the Apple operating system. Apple, not surprisingly, revoked the certificate at the weekend.

Best of expertIP

These days, it isn’t so much a case of if you’re going to get hacked, as when. Even the NSA assumes it’s already been compromised. Six years ago, the head of its Information Assurance Directorate Deborah Plunkett admitted the agency assumed intruders were already inside its network (and they hadn’t even met Edward Snowden yet).

If a company assumes that it has already been compromised, what should it do to minimize the damage? One approach, according to Jared Lindzon, is dynamic deception. In his blog post this week, he describes how this takes conventional honeypots to the next level.

Honeypots typically log whatever is done to them in a bid to document an attacker’s actions. Dynamic deception actively attracts attackers in the network using bait such as virtual machines that look like the company’s production servers and fake user credentials that lead to ‘engagement servers.’

This technique can be particularly useful in attacks where hackers move laterally through the network looking for things to steal, which describes a significant proportion of security compromises these days. They’re particularly good at spotting new or rarely used attack methods that other signature or heuristics-based products might miss. They can then intercept these attacks and put protections in place before they’re carried out on other systems.

Image courtesy of Free Digital Photos