Connect with us

Biz & IT

Google’s cyber unit Jigsaw introduces Intra, a new security app dedicated to busting censorship

Published

on


Jigsaw, the division owned by Google parent Alphabet, has revealed Intra, a new app aimed at protecting users from state-sponsored censorship.

Intra is a new app that aims to prevent DNS manipulation attacks. Whenever you visit a website, the easy-to-remember web address is converted to a less-than-memorable IP address — often over an unsecured connection. That makes it easy for oppressive governments — like Turkey, which has used this technique before — to intercept web addresses requests and either kill them in their tracks to stop sites from loading, or redirect to a fake site.

By passing all your browsing queries and app traffic through an encrypted connection to a trusted Domain Name Server, Intra says it ensures you can use your app without meddling or get to the right site without interference.

“Intra is dead simple to use. Just download the app and turn it on,” Jigsaw said. “That’s it.”

Jigsaw has already seen some successes in parts of the world where internet access is restricted or monitored. The government in Venezuela reportedly used DNS manipulation to prevent citizens from accessing news sites and social networks.

The app uses Google’s own trusted DNS server by default, but users can also funnel their browsing requests through Cloudflare, which also hosts its own publicly accessible secure DNS server, or any other secure DNS server.

Admittedly, that requires a bit of trust for Google and Cloudflare — or any third party. A Jigsaw spokesperson told TechCrunch that Intra’s use of Google’s DNS is covered by its privacy policy, and Cloudflare also has its own.

Jigsaw said it will bake the app into Android Pie, which already allows encrypted DNS connections. But Jigsaw is also making the app available for users in parts of the world with weaker economies that make upgrading from older devices near-impossible so they can benefit from the security features.

It’s the latest piece in the security and privacy puzzle that Jigsaw is trying to solve.

The little-known Alphabet division is focused on preventing censorship, threats of online harassment and countering violent extremism. The incubator focuses on empowering free speech and expression by providing tools and services that make online safer for higher-risk targets.

Jigsaw has also invested its time on several other anti-censorship apps, including Project Shield, which protects sites against distributed denial-of-service attacks, as well as Outline, which gives reporters and activists a virtual private network that funnels data through a secure channel.

Google’s Think Tank Changes Its Name To Jigsaw And Becomes A Tech Incubator

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Until further notice, think twice before using Google to download software

Published

on

Getty Images

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.

“Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’”

One of many new threats: MalVirt

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts data and other sensitive data from infected devices.

The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. Sentinel One researcher Tom Hegel wrote:

As a response to Microsoft blocking Office macros by default in documents from the Internet, threat actors have turned to alternative malware distribution methods—most recently, malvertising. The MalVirt loaders we observed demonstrate just how much effort threat actors are investing in evading detection and thwarting analysis.

Malware of the Formbook family is a highly capable infostealer that is deployed through the application of a significant amount of anti-analysis and anti-detection techniques by the MalVirt loaders. Traditionally distributed as an attachment to phishing emails, we assess that threat actors distributing this malware are likely joining the malvertising trend.

Given the massive size of the audience threat actors can reach through malvertising, we expect malware to continue being distributed using this method.

Google representatives declined an interview. Instead, they provided the following statement:

Bad actors often employ sophisticated measures to conceal their identities and evade our policies and enforcement. To combat this over the past few years, we’ve launched new certification policies, ramped up advertiser verification, and increased our capacity to detect and prevent coordinated scams. We are aware of the recent uptick in fraudulent ad activity. Addressing it is a critical priority and we are working to resolve these incidents as quickly as possible.

Anecdotal evidence that Google malvertising is out of control isn’t hard to come by. Searches seeking software downloads are probably the most likely to turn up malvertising. Take, for instance, the results Google returned for a search Thursday looking for “visual studio download”:

Clicking that Google-sponsored link redirected me to downloadstudio[.]net, which is flagged by VirusTotal as malicious by only a single endpoint provider:

On Thursday evening, the download this site offered was detected as malicious by 43 antimalware engines:

Continue Reading

Biz & IT

ChatGPT sets record for fastest-growing user base in history, report says

Published

on

Enlarge / A realistic artist’s depiction of an encounter with ChatGPT Plus.

Benj Edwards / Ars Technica / OpenAI

On Wednesday, Reuters reported that AI bot ChatGPT reached an estimated 100 million active monthly users last month, a mere two months from launch, making it the “fastest-growing consumer application in history,” according to a UBS investment bank research note. In comparison, TikTok took nine months to reach 100 million monthly users, and Instagram about 2.5 years, according to UBS researcher Lloyd Walmsley.

“In 20 years following the Internet space, we cannot recall a faster ramp in a consumer internet app,” Reuters quotes Walmsley as writing in the UBS note.

Reuters says the UBS data comes from analytics firm Similar Web, which states that around 13 million unique visitors used ChatGPT every day in January, doubling the number of users in December.

ChatGPT is a conversational large language model (LLM) that can discuss almost any topic at an almost human level. It reads context and answers questions easily, though sometimes not accurately (improving its accuracy is a work in progress). After launching as a free public beta on November 30, the GPT-3 powered AI bot has inspired awe, wonder, and fear in education, computer security, and finance. It’s shaken up the tech industry, prompting a $10 billion investment from Microsoft and causing Google to see its life flash before its eyes.

Also on Wednesday, OpenAI announced ChatGPT Plus, a $20 per month subscription service that will offer users faster response times, preferential access to ChatGPT during peak times, and priority access to new features. It’s an attempt to keep up with the intense demand for ChatGPT that has often seen the site deny users due to overwhelming activity.

Over the past few decades, researchers have noticed that technology adoption rates are quickening, with inventions such as the telephone, television, and the Internet taking shorter periods of time to reach massive numbers of users. Will generative AI tools be next on that list? With the kind of trajectory shown by ChatGPT, it’s entirely possible.

Continue Reading

Biz & IT

Netflix stirs fears by using AI-assisted background art in short anime film

Published

on

Enlarge / A still image from the short film Dog and Boy,, which uses image synthesis to help generate background artwork.

Netflix

Over the past year, generative AI has kicked off a wave of existential dread over potential machine-fueled job loss not seen since the advent of the industrial revolution. On Tuesday, Netflix reinvigorated that fear when it debuted a short film called Dog and Boy that utilizes AI image synthesis to help generate its background artwork.

Directed by Ryotaro Makihara, the three-minute animated short follows the story of a boy and his robotic dog through cheerful times, although the story soon takes a dramatic turn toward the post-apocalyptic. Along the way, it includes lush backgrounds apparently created as a collaboration between man and machine, credited to “AI (+Human)” in the end credit sequence.

In the announcement tweet, Netflix cited an industry labor shortage as the reason for using the image synthesis technology:

As an experimental effort to help the anime industry, which has a labor shortage, we used image generation technology for the background images of all three-minute video cuts!

Netflix and the production company WIT Studio tapped Japanese AI firm Rinna for assistance with generating the images. They did not announce exactly what type of technology Rinna used to generate the artwork, but the process looks similar to a Stable Diffusion-powered “img2img” process than can take an image and transform it based on a written prompt.

The film is currently available to view for free on YouTube.

Netflix’s official Dog and Boy promotional video.

Almost immediately, Twitter users responded with a torrent of negative replies to Netflix’s tweet announcing the film, such as, “I know a ton of animators looking for work if you guys are struggling to find them (are you looking very hard?).” Several others quoted legendary Studio Ghibli animator Hayao Miyazaki as saying that AI-powered art “is an insult to life itself.”

In a news release, Netflix expressed its hopes that the new technology would assist with future animation productions (translated by Google Translate): “As a studio, Netflix focuses on supporting creators in the creation of works on a daily basis. As the shortage of human resources in the animation industry is seen as an issue, we hope that this initiative will contribute to the realization of a flexible animation production process through appropriate support for creators using the latest technology.”

It also looks like Makihara also wanted to push boundaries in animation by using AI technology as part of the production process. The Netflix release quoted him as saying, “By combining tools and hand-drawn techniques, we can create something unique to humans … I think that the core of the story is ‘drawing a human being.’ I think that it will be possible to secure and return to its roots, which will eventually strengthen the strengths of Japanese animation and expand its possibilities.”

Labor shortage or not, AI assistance may possibly speed up production times and lower production costs, allowing the creation of more animated content than ever before. But will people be happy about it? That remains to be seen.

Continue Reading

Trending