Skip to main content

Posts

Showing posts from December, 2016

Cure53 XSSMas Hacking Challenge 2016 Underway

Cure53 XSSMas Challenge, initiated in 2013, is a recurring hacking event, where those challenged have to solve a complex security puzzle in order to win money and fame, attempting to hack a web site in any means necessary.

'Any means', does not preclude rules of engagement. For example the 2015 challenge required hacking without user interaction, i.e setting a XSS trap and waiting for it to be activated as in the case of blind XSS.

So as not to spoil your fun with this year's challenge, which has been posted today, here we'll look back to last year's challenge required hackers to begin with index.php and progressively break through index3.php in order to obtain the price.
What was actually required is nicely summed up in:
Find a way to bypass the XSS filters of all browsers by realizing, the string

Project Wycheproof Reveals Bugs In Popular Crypto Libraries

Google has released Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. Having developed over 80 test cases more than 40 security bugs have been uncovered.

In order to have good cryptography two ingredients require to be in place. The first is the strength of the cipher primitive itself. This is a property that  classifies it as suitable or not to build an application on. For example in the TLS protocol, documented in "SSL and TLS Deployment Best Practices-Use Secure Cipher Suites" not all ciphers are recommended for use. In that list for example, we find some obsolete cryptographic primitives that are not secure and must be avoided:

full article on i-programmer

OpenAI Universe - New Way of Training AIs

Until now, the way a neural network worked, was to supply it with millions of pre-classified data, in the so called supervised learning scheme, which resulted in neural networks only learning what we've instructed them to do.

But there's also another technique, that of reinforcement learning where you let the AI  discover by itself what it's supposed to do, without prior knowledge of its surroundings or any other data fed to it.
Microsoft was one of the first to employ this technique in a gaming environment, in trying to make a Minecraft character climb a virtual hill in the so called AIX Minecraft Project. In there, you let the algorithm explore the Minecraft world it was dropped in, let it freely move and interact with its surroundings, and force it to learn by rewarding it when it does something right so that it understands the goal of the game, the goal that it should be aiming for. Of course for us humans it's easy to see that we must climb that …

IBM Watson and Project Intu for Embodied Cognition

Watson raises the bar to the quest of achieving autonomous general AI, in yet  another advancement that this time looks like having an emphatic impact on the industry as a whole.
The new buzzwords that Watson introduces are embodied cognition and behaviors, which act as self-contained components but work together on transforming the transaction that takes place between the human operator and the machine, be it a device, robot, or anything else capable of carrying an intelligent software agent, into a state of conversation or deeper interaction .

full article on i-programmer

What Universities Can Learn from Udacity’s ‘Gig Economy’ Service

Two weeks ago, Udacity launched a program to connect graduates from its programs with short-term work from potential employers. Called Blitz, the service lets companies propose a project, and then Udacity provides a cost estimate and puts together a team of alumni engineers to complete it. Once the project is finished, companies have the option to hire “Blitzers” full-time. 
The offering is one way to help Udacity deliver on its job-placement promises. The company offers a money-back guarantee to students who complete its nanodegree programs—bundles of classes in app and web development and engineering. Students are ensured a job within six months of graduating or Udacity will refund their tuition. (The company defines “job” as full- or part-time and freelance work.)
full article on EdSurge.com