Why You Should Care About Last Friday's Internet Outages?

On Friday, you probably noticed that you couldn't get to some of your favorite websites, like Twitter and Amazon. It was the result of an attack on Dyn, a DNS provider that helps direct Internet traffic. DNS is like a digital phonebook: when you try to get to amazon.com, your computer checks with a DNS provider like Dyn to find out exactly where on the Internet to go to find it. Attackers flooded Dyn with more Internet traffic than its servers could handle, which left ordinary Internet users unable to reach their favorite sites.

But beyond not being able to stream Spotify for a day, why should we care about these attacks? Because while this attack was just an inconvenience for most people, the next one could be worse. Imagine not being able to use your credit card because a store can't connect to the card provider or your bank not being able to send an electronic bill payment because the network is down. The consequences of attacks like this can be much more than just an annoyance.

What we can do to stop them

The attack against Dyn was a DDoS, or distributed denial of service attack. This means that numerous devices—Dyn reports tens of millions—attempted to connect to Dyn's servers at once, leaving legitimate traffic unable to get through. Such attacks are hard to stop because they come from so many places at once, and as more connected devices come online there are only more devices hackers can hijack for DDoS attacks.

That's right: your connected printer, home camera, thermostat, coffee pot, refrigerator, slow cooker and even your computer could be part of the problem. Any device that's connected to the Internet could be hacked and used in such an attack—which is exactly what happened with the Dyn attack on Friday.

While we typically take care to keep our computers secure, we often don't think that our refrigerator may need its password changed or a security patch installed. However, keeping our "Internet of Things" devices secure is just as important as keeping our computers secure—because if we don't, the next DDoS could be worse.

But like our computers, keeping other devices on your home network secure often just requires just a bit of effort. Here's what you can do to make sure your devices are secure:

   Can you connect to your device from anywhere via the Internet? If so, this is a feature you want to turn off unless it's necessary for the device to function. Being on the Internet means it's vulnerable to attack.

·       Change the default password. If any device on your network has a default password, change it to a stronger password.

·      Apply any patches. You probably do this to your computer (and if you don't, you should!), but there may be security patches for your other connected gadgets. Check with the manufacturer to see if any patches are available and how to apply them.

     Don't just connect a new gadget to your network. Be sure to read the manual, change the password, apply any patches and turn off risky features first.

        Does your home router or modem have a firewall? Though you may not be aware of it, your home is connected to the internet through a modem from your Internet provider, which may or may not have strong security features (a firewall) to prevent hackers from getting into your home network. Investigate whether there's a firewall you can turn on or add.

FBI Can Now Search Almost Any Computer.

Federal agents now have even greater scope for spying on computers belonging to regular citizens, thanks to a controversial amendment that passed into law as of Dec. 1, 2016.

The long-standing Rule 41 governs how the FBI can search and seize property thought to be involved with crime. Its most recent amendment expands the search remit to include remote access of computers whose locations have been "concealed through technological means.”

In other words, the FBI can obtain a warrant to hack any device whose IP address is masked. This can include computers using a virtual proxy network (VPN), a common internet tool used to maintain privacy on public Wi-Fi networks, to watch Netflix (and other geo-restricted media) from another country, to improve streaming speeds or simply to remain anonymous online. Similarly vulnerable under the updated rule are computers running the Tor browser, which users use for privacy and security or to browse the Deep Web for reasons including visiting illegal sites and accessing secured communications for political dissidents and whistle-blowers.

The amendment also makes it legal to search computers that have been “damaged without authorization” — that is, subjected to malware such as hijacking into botnets used to launch distributed denial of service (DDoS) attacks. Considering that 16 million American households experienced serious virus problems in the past two years, that’s a lot of computers that the FBI could legally hack.

“This unprecedented increase in government hacking authority gives the government ability to more easily infiltrate, monitor, copy data from, inject malware into and otherwise damage computers, including victims of a crime, remotely,” said Nate Cardozo, senior staff attorney at the Electronic Frontier Foundation (EFF).

Dragnet for online crime

Until now, the FBI had to specify particular users it wanted a search warrant for. In the case of illegal sites, such as those on the Deep Web where traffic is heavily anonymized, this often proved difficult. Agents could also search computers only in the region where a warrant was granted, often an ineffective tactic because involved computers could be located anywhere in the world.

Under the new Rule 41, any computer with a hidden IP address or location can be included in the scope of a search warrant. Warrants can be granted in any jurisdiction and used to search multiple location-masking computers anywhere.

“This is about the FBI having the power to search any visitors to sites where they know or suspect illegal activity is going on,” says Chester Wisniewski, principal research scientist at cybersecurity firm Sophos.

In theory, the new rule helps the government ferret out faceless perpetrators of massive cybercrimes. Examples of these crimes include child pornography or drug trading rings and the botnet DDoS attack that recently took down Spotify, Twitter and Amazon.

But some of the FBI’s methodology for tracking suspected criminals online could endanger innocent users’ systems.

“Precisely because law enforcement doesn't know where the computer is, it has to use malware to uncover the real address of the computer they're looking for," said Gabe Rottman, deputy director of the Freedom, Security and Technology project at the Center for Democracy and Technology. "In doing so, law enforcement casts a very wide net, accessing computers that have nothing to do with the underlying investigation.”

For example, in 2013, the FBI obtained warrants to hack the dark web TorMail accounts of 300 users allegedly linked to child pornography crimes, but the malware activated before users logged in, suggesting that it infected any computer that visited the login page.

“We should be concerned. This is more invasive than even wiretapping, and it’s inconsistent with the basic American value that the government shouldn’t be looking into your affairs unless it has some evidence you’ve done something wrong,” Rottman said.

What you can do

For those who want to protect themselves and their files from this form of recently legalized hacking, the usual cyber security principles apply, Wisniewski said. Use strong encryption for email and files. Always download updates to your operating system, browsers and apps. Use a password manager or strong passwords, and keep a good antivirus program updated. These measures lower the risk that your system has a vulnerability that misfired criminal-targeting malware could exploit.

“The scary thing is that the malware law enforcement will be using is potentially more powerful because the government has an incentive to hoard the most valuable zero days [unknown vulnerabilities in users’ software to attack],” Rottman said.

Because the new Rule 41 came into effect with no opposition to the proposal made by the Supreme Court earlier this year, it’s possible that Congress can reform or even remove the rule change in the future. “There need to be strong guidelines to keep this new power in check, lest it result in increased privacy intrusions,” said Cardozo.

The CDT has suggested reforms such as limiting the type of information that can be gathered and requiring more detail before warrants are granted.

While civil liberties groups including the EFF and CDT have been vocal about the dangers of the change, members of the public can also make their voices heard through online petitions or directly contacting their local representatives. “Average users can absolutely still engage," Rottman said. "We haven’t had a national conversation on how to control government hacking to protect privacy and civil liberties.”

One Billion Yahoo Accounts Hacked: Should You Panic???

In September, Yahoo announced what was at the time thought to be the biggest data theft ever, with 500 million accounts breached. It turns out that was just the tip of the iceberg: we've just learned that another 1 billion Yahoo accounts were compromised in an earlier—likely unrelated—attack in August 2013. While hackers didn't get any financial information, they did acquire logins, encrypted passwords, birth dates, secret questions and answers, and other personal data.

And while we know—or should know—not to reuse passwords across multiple sites, the other data is concerning. Security questions and answers, which typically use basic factual information to verify your identity, is especially concerning because we often do use those details across multiple accounts. (And we're learning that to stay secure, we shouldn't answer those questions truthfully.)

Yahoo is making affected users change their passwords and, in some cases, update their security questions, but you should do more—even if your account, wasn't among those hacked. Here are the steps Yahoo users should take immediately:

Change your password.

If you've ever used your Yahoo password as the password to login to any other sites or services, change those account passwords.

If you used the same answers to secret questions on other sites, you need to change those answers. If you aren't sure what secret questions and answers you've used, it's a good time to go through and update the answers everywhere.

For extra security, turn on two-factor authentication for your Yahoo account.

If you don't have a Yahoo account, there's no reason to be complacent. More breaches will happen, and you can take steps to protect yourself now. This is what we recommend for all Internet users:

Never share passwords between accounts. If you have accounts using the same passwords, change them now, before a security breach at one site means all of your passwords are compromised.

Follow our tips for creating a strong password.

Use a password manager to help make the process of managing multiple passwords simple. Don't write your passwords down and definitely don't keep them on a Post-it note stuck to your monitor.

Use two-factor authentication for sites that support it. This requires you to enter your username, password and an additional code (typically texted to your phone) in order to sign in—and it means that even if hackers get your password, they can't get into your account. Check this list of services that support two-factor authentication to find out if your frequently-used sites are on the list.

Lie when answering secret questions. (This is information you can also keep track of using a password manager.)

Delete accounts you don't use anymore. While this may or may not keep you safe from a new hacking attack if any of your data is kept on file, there's no need to keep personal data stored on a service you don't use anymore.

Now, get to changing those passwords, everyone!

Microsoft's cloud-computing work started in earnest in 2006, the same year Amazon launched Amazon Web Services.

Microsoft did have a model for what would work.

In 2008, Server & Tools chief Muglia and Andy Jassy, the leader of Amazon Web Services (AWS), struck a deal.

Nadella took over Server & Tools in 2011 with a mandate to push harder on cloud computing, colleagues say.

It didn't matter whether customers were ready for web-based tools, the thinking went. The industry was going that direction, and Microsoft could try to lead or risk getting left behind.

"Very quickly, the world changed," said Khalidi, who leads Azure's networking teams today.

Nadella placed Scott Guthrie, a career Microsoft engineering manager, in charge of the Azure team.

One of Guthrie's first moves was to gather Azure's leaders at an off-campus retreat for an experiment: He asked them to try to build an application using their own cloud service.

It didn't go well. Some features didn't work, and some managers failed to complete the online sign-up process to use Azure. "We didn't have everything quite right," Guthrie said.

The team rewrote Azure, with a focus on ease of use and the sort of tools Amazon was having success with. It also had to unlearn lessons from decades spent selling out-of-the-box software.

In the old world, how a product performed was a customer-service issue, walled off from engineers working on adding new features.

In the world of live web services, customer service became part of the engineering work.

Nadella instituted weekly meetings in which senior leaders spent hours delving into how customers used Microsoft services, as measured by about 3,000 metrics.

Azure relaunched in 2013 with a set of infrastructure services that performed many of the same functions as Amazon's AWS.

A month after Nadella replaced Ballmer as CEO in 2014, he signed off on a cosmetic, but hugely symbolic change. "Windows Azure" was renamed "Microsoft Azure."

Windows had been the center of Microsoft's universe for decades. Products had to play well with the operating system or else they wouldn't last long.

Dropping " Windows" was strategic, a reminder to potential customers that Azure could run more than Windows. It was also symbolic of the cultural shift Nadella was trying to engineer as Microsoft, formerly hostile to software built outside its walls, had decided to play nice with Azure.

Amazon wants shoppers to just walk out of its stores and let an AI figure out what they owe for what they took..

To figure out who to charge, and how much, Amazon will identify shoppers by scanning QR codes on their phones as they walk in, and use sensors and computer vision technology to determine which items they take.

That might seem creepy, but it's not much more intrusive than the closed-circuit TV monitoring many stores already have in place to deter shoplifters, or the Bluetooth beacons others use to pitch up-to-the-minute offers to visitors. Whether Amazon's system is sharp-eyed enough to distinguish between a jar of strawberry jelly and a jar of raspberry in the same way that a clerk with a regular barcode reader can distinguish between codes 051500001639 and 051500022030 remains to be seen.

For now, only Amazon staff can shop at the 180-square-meter Go store, but early next year it will be ready to sell ready-made snacks and staples such as bread and milk to anyone.

Payment is automatically deducted from the associated credit card when a shopper leaves the store, and the receipt is sent to the app.

Will Artificial Intelligence Be the Next Einstein???

SAN FRANCISCO – Forget the Terminator. The next robot on the horizon may be wearing a lab coat.

Artificial intelligence (AI) is already helping scientists form testable hypotheses that enable experts to run real experiments, and the technology may soon be poised to help businesses make decisions, one scientist says.

However, that doesn't mean the machines will be taking over from humans entirely. Instead, humans and machines have complementary skill sets, so AI could help researchers with the work they already do, Laura Haas, a computer scientist and director of the IBM Research Accelerated Discovery Lab in San Jose, California, said at the Future Technologies Conference.

Though many people fear a future where our robot overlords surpass humans in almost every capacity, in reality, machines have long outpaced mere mortals at many tasks, such as doing incredibly fast mathematical computations. But this dominance is nowhere clearer than in the realm of Big Data"Global scientific output doubles every nine years.

 90 percent of the data in the world today has been created in the last two years alone.
2.5 exabytes of data are created every day.”

Algorithm & Research:How the brain recognizes faces

MIT researchers and their colleagues have developed a new computational model of the human brain's face-recognition mechanism that seems to capture aspects of human neurology that previous models have missed.

The researchers designed a machine-learning system that implemented their model, and they trained it to recognize particular faces by feeding it a battery of sample images. They found that the trained system included an intermediate processing step that represented a face's degree of rotation—say, 45 degrees from center—but not the direction—left or right.

This property wasn't built into the system; it emerged spontaneously from the training process. But it duplicates an experimentally observed feature of the primate face-processing mechanism. The researchers consider this an indication that their system and the brain are doing something similar.

"This is not a proof that we understand what's going on," says Tomaso Poggio, a professor of brain and cognitive sciences at MIT and director of the Center for Brains, Minds, and Machines (CBMM), a multi-institution research consortium funded by the National Science Foundation and headquartered at MIT. "Models are kind of cartoons of reality, especially in biology. So I would be surprised if things turn out to be this simple. But I think it's strong evidence that we are on the right track."

Indeed, the researchers' new paper includes a mathematical proof that the particular type of machine-learning system they use, which was intended to offer what Poggio calls a "biologically plausible" model of the nervous system, will inevitably yield intermediary representations that are indifferent to angle of rotation.

Poggio, who is also a primary investigator at MIT's McGovern Institute for Brain Research, is the senior author on a paper describing the new work, which appeared today in the journal Computational Biology. 

He's joined on the paper by several other members of both the CBMM and the McGovern Institute: first author Joel Leibo, a researcher at Google DeepMind, who earned his PhD in brain and cognitive sciences from MIT with Poggio as his advisor; Qianli Liao, an MIT graduate student in electrical engineering and computer science; Fabio Anselmi, a postdoc in the IIT@MIT Laboratory for Computational and Statistical Learning, a joint venture of MIT and the Italian Institute of Technology; and Winrich Freiwald, an associate professor at the Rockefeller University.

2.5 Exabyte of data are created every day.”