Connect with us

Biz & IT

Google’s Project Fi gets an improved VPN service

Published

on

Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between Wi-Fi and cellular connections.

By default, Fi already uses a VPN service to protect users when they connect to the roughly two million supported Wi-Fi hotspots. Now, Google is expanding this to cellular connections, as well. “When you enable our enhanced network, all of your mobile and Wi-Fi traffic will be encrypted and securely sent through our virtual private network (VPN) on every network you connect to, so you’ll have the peace of mind of knowing that others can’t see your online activity,” the team writes in today’s announcement.

Google notes that the VPN also shields all of your traffic from Google itself and that it isn’t tied to your Google account or phone number.

The VPN is part of what Google calls its “enhanced network” and the second part of this announcement is that this network now also allows for a faster switch between Wi-Fi and mobile networks. When you enable this — and both of these features are currently in beta and only available on Fi-compatible phones that run Android Pie — your phone will automatically detect when your Wi-Fi connection gets weaker and fill in those gaps with cellular data. The company says that in its testing, this new system reduces a user’s time without a working connection by up to 40 percent.

These new features will start rolling out to Fi users later this week. They are off by default, so you’ll have to head to the Fi Network Tools in the Project Fi app and turn them on to get started. One thing to keep in mind here: Google says your data usage will likely increase by about 10 percent when you use the VPN.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

Tesla shows off underwhelming human robot prototype at AI Day 2022

Published

on

Enlarge / The walking Optimus prototype demonstrated at the AI Day 2022 event.

Tesla

Today at Tesla’s “AI Day” press event, Tesla CEO Elon Musk unveiled an early prototype of its Optimus humanoid robot, which emerged from behind a curtain, walked around, waved, and “raised the roof” with its hands to the beat of techno music.

It was a risky reveal for the prototype, which seemed somewhat unsteady on its feet. “Literally the first time the robot has operated without a tether was on stage tonight,” said Musk. Shortly afterward, Tesla employees rolled a sleeker-looking Optimus model supported by a stand onto the stage that could not yet stand on its own. It waved and lifted its legs. Later, it slumped over while Musk spoke.

Video of Tesla AI Day 2022

The entire live robot demonstration lasted roughly seven minutes, and the firm also played a demonstration video of the walking Optimus prototype slowly picking up a box and putting it down, slowly watering a plant, and slowly moving metal parts in a factory-like setting—all while tethered to an overhead cable. The video also showed a 3D-rendered view of the world that represents what the Optimus robot can see.

Three stages of the Tesla Optimus robot so far, presented at AI Day 2022.
Enlarge / Three stages of the Tesla Optimus robot so far, presented at AI Day 2022.

Tesla

Tesla first announced its plans to built a humanoid robot during its AI Day event in August of last year. During that earlier event, a human dressed in a spandex suit resembling a robot and did the Charleston on stage, which prompted skepticism in the press.

At the AI Event today, Musk and his team emphasized that the walking prototype was an early demo developed in roughly six months using “semi-off the shelf actuators,” and that the sleeker model much more closely resembled the “Version 1” unit they wanted to ship. He said it would probably be able to walk in a few weeks.

Goals of the Optimus project include high-volume production (possibly “millions of units sold,” said Musk), low-cost (“probably less than $20,000”), and high-reliability. Comparing the plans for Optimus to existing humanoid robots from competitors, Musk also emphasized that the Optimus robot should have the brains-on-board to work autonomously, citing Tesla’s work with its automotive Autopilot system.

Tesla shared some specifications of its
Enlarge / Tesla shared some specifications of its “Latest Generation” prototype Optimus robot.

Tesla

Shortly afterward, Musk handed over the stage to Tesla engineers that gave jargon-heavy overviews about developing the power systems, actuators, and joint mechanisms that would make Optimus possible, replete with fancy graphs but with few concrete specifics about how they would apply to a shipping product. “We are carrying over most of our design experience from the car to the robot,” said one engineer, while another engineer said they drew much of their inspiration from human biology, especially in joint design.

Earlier in the demonstration, Musk said that they were having the event to “convince some of the most talented people in the world to come to Tesla and help bring this to fruition.” Musk also emphasized the public nature of Tesla several times, mentioning that if the public doesn’t like what Tesla is doing they could purchase stock and vote against it. “If I go crazy, you can fire me,” he said.

[This is a developing story and will be updated as new information comes in.]

Continue Reading

Biz & IT

High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

Published

on

Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.

The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers’ servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.

Webshells, backdoors, and fake sites

“After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim’s system,” the researchers wrote in a post published on Wednesday. “The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system.”

On Thursday evening, Microsoft confirmed that the vulnerabilities were new and said it was scrambling to develop and release a patch. The new vulnerabilities are: CVE-2022-41040, a server-side request forgery vulnerability, and CVE-2022-41082, which allows remote code execution when PowerShell is accessible to the attacker.

“​​At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” members of the Microsoft Security Response Center team wrote. “In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.” Team members stressed that successful attacks require valid credentials for at least one email user on the server.

The vulnerability affects on-premises Exchange servers and, strictly speaking, not Microsoft’s hosted Exchange service. The huge caveat is that many organizations using Microsoft’s cloud offering choose an option that uses a mix of on-premises and cloud hardware. These hybrid environments are as vulnerable as standalone on-premises ones.

Searches on Shodan indicate there are currently more than 200,000 on-premises Exchange servers exposed to the Internet and more than 1,000 hybrid configurations.

Wednesday’s GTSC post said the attackers are exploiting the zero-day to infect servers with webshells, a text interface that allows them to issue commands. These webshells contain simplified Chinese characters, leading the researchers to speculate the hackers are fluent in Chinese. Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including several advanced persistent threat groups known to be backed by the People’s Republic of China.

GTSC went on to say that the malware the threat actors eventually install emulates Microsoft’s Exchange Web Service. It also makes a connection to the IP address 137[.]184[.]67[.]33, which is hardcoded in the binary. Independent researcher Kevin Beaumont said the address hosts a fake website with only a single user with one minute of login time and has been active only since August.

Kevin Beaumont

The malware then sends and receives data that’s encrypted with an RC4 encryption key that’s generated at runtime. Beaumont went on to say that the backdoor malware appears to be novel, meaning this is the first time it has been used in the wild.

People running on-premises Exchange servers should take immediate action. Specifically, they should apply a blocking rule that prevents servers from accepting known attack patterns. The rule can be applied by going to “IIS Manager -> Default Web Site -> URL Rewrite -> Actions.” For the time being, Microsoft also recommends people block HTTP port 5985 and HTTPS port 5986, which attackers need to exploit CVE-2022-41082.

Microsoft’s advisory contains a host of other suggestions for detecting infections and preventing exploits until a patch is available.

Continue Reading

Biz & IT

Bruce Willis sells deepfake rights to his likeness for commercial use

Published

on

Enlarge / Deepfake Bruce Willis as he appeared in a 2021 commercial for Russian mobile company MegaFon.

MegaFon

Bruce Willis has sold the “digital twin” rights to his likeness for commercial video production use, according to a report by The Telegraph. This move allows the Hollywood actor to digitally appear in future commercials and possibly even films, and he has already appeared in a Russian commercial using the technology.

Willis, who has been diagnosed with a language disorder called aphasia, announced that he would be “stepping away” from acting earlier this year. Instead, he will license his digital rights through a company called Deepcake. The company is based in Tbilisi, Georgia, and is doing business in America while being registered as a corporation in Delaware.

In 2021, a deepfake Bruce Willis appeared in a Russian cell phone commercial for MegaFon.

Deepcake obtained Willis’ likeness by training a deep learning neural network model on his appearances in blockbuster action films from the 1990s. With his facial appearance known, the model can then apply Willis’ head to another actor with a similar build in a process commonly called a deepfake. Deepfakes have become popular in recent years on TikTok, with unauthorized deepfakes of Tom Cruise and Keanu Reeves gathering large followings.

In a statement on Deepcake’s website, Bruce Willis reportedly said:

I liked the precision of my character. It’s a great opportunity for me to go back in time. The neural network was trained on [the] content of Die Hard and Fifth Element, so my character is similar to the images of that time.

With the advent of the modern technology, I could communicate, work, and participate in filming, even being on another continent. It’s a brand new and interesting experience for me, and I [am] grateful to our team.

According to Deepcake’s website, the firm aims to disrupt the traditional casting process by undercutting it in price, saying that its method “allows us to succeed in tasks minus travel expenses, expensive filming days, insurance, and other costs. You pay for endorsement contract with the celeb’s agent, and a fee for Deepcake’s services. This is game-changingly low.”

While the Telegraph report claims that Willis is “the first Hollywood star to sell his rights to allow a ‘digital twin’ of himself to be created for use on screen,” Ars Technica could not verify that claim outside of the context of a first license with the firm Deepcake. Evidence suggests that a similar licensing precedent exists—in Hollywood, deepfakes have already been used in several Star Wars films and TV shows, for example.

Looking deeper, the concept of having a “digital twin” isn’t new to Willis, either. In 1998, he starred in a PlayStation video game called Apocalypse that involved digitizing his face and capturing the motion of his body as he acted out scenes. Still, it’s notable to see an aging actor sidelined by illness who is willing to volunteer a digital double to work for him. James Earl Jones did so recently with his voice for Darth Vader. It’s possible we’ll see much more of this as deepfake technology improves.

Continue Reading

Trending