A remarkable new species of Paraparatrechina Donisthorpe
https://zookeys.pensoft.net/article/114168/ [zookeys.pensoft.net]
2024-06-03 19:30
tags:
biology
paper
science
A new ant species, Paraparatrechina neela sp. nov., with a captivating metallic-blue color is described based on the worker caste from the East Siang district of Arunachal Pradesh, northeastern India. This discovery signifies the first new species of Paraparatrechina in 121 years, since the description of the sole previously known species, P. aseta (Forel, 1902), in the Indian subcontinent.
source: HN
GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production
https://arxiv.org/abs/2311.09394v2 [arxiv.org]
2024-04-19 20:11
tags:
c
development
fuzzing
malloc
paper
pdf
programming
systems
Despite the recent advances in pre-production bug detection, heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++, across all major software ecosystems. Memory-safe languages solve this problem when they are used, but the existing code bases consisting of billions of lines of C and C++ continue to grow, and we need additional bug detection mechanisms.
This paper describes a family of tools that detect these two classes of memory-safety bugs, while running in production, at near-zero overhead. These tools combine page-granular guarded allocation and low-rate sampling. In other words, we added an “if” statement to a 36-year-old idea and made it work at scale.
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
https://pwning.tech/nftables/ [pwning.tech]
2024-03-26 23:33
tags:
best
cpu
exploit
linux
malloc
paper
programming
security
systems
In this blogpost I present several novel techniques I used to exploit a 0-day double-free bug in hardened Linux kernels (i.e. KernelCTF mitigation instances) with 93%-99% success rate. The underlying bug is input sanitization failure of netfilter verdicts. Hence, the requirements for the exploit are that nf_tables is enabled and unprivileged user namespaces are enabled. The exploit is data-only and performs an kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses.
Also: https://github.com/Notselwyn/CVE-2024-1086
source: HN
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/conference/usenixsecurity22/presentation/genkin [www.usenix.org]
2024-01-18 17:35
tags:
audio
crypto
gaming
hardware
paper
security
sidechannel
We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
Thus, we show, it is possible to conduct physical side-channel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require neither physical proximity (which could be mitigated by distance and shielding), nor the ability to run code on the target or configure its hardware. Consequently, we argue, physical side channels on PCs can no longer be excluded from remote-attack threat models.
We analyze the computation-dependent leakage captured by internal microphones, and empirically demonstrate its efficacy for attacks. In one scenario, an attacker steals the secret ECDSA signing keys of the counterparty in a voice call. In another, the attacker detects what web page their counterparty is loading. In the third scenario, a player in the Counter-Strike online multiplayer game can detect a hidden opponent waiting in ambush, by analyzing how the 3D rendering done by the opponent’s computer induces faint but detectable signals into the opponent’s audio feed.
paper: https://faculty.cc.gatech.edu/~genkin/papers/lendear.pdf
Turnover of mammal sex chromosomes in the Sry-deficient Amami spiny rat is due to male-specific upregulation of Sox9
https://www.pnas.org/doi/10.1073/pnas.2211574119 [www.pnas.org]
2023-09-03 23:56
tags:
biology
paper
We here report our discovery of a male-specific duplication of an enhancer of Sox9 in the Amami spiny rat Tokudaia osimensis, in which males and females have only a single X chromosome (XO/XO) and the Y chromosome and Sry are completely lost. We performed a comprehensive survey to detect sex-specific genomic regions in the spiny rat. Sex-related genomic differences were limited to a male-specific duplication of a 17-kb unit located 430 kb upstream of Sox9 on an autosome.
The Internet Worm Program: An Analysis
https://spaf.cerias.purdue.edu/tech-reps/823.pdf [spaf.cerias.purdue.edu]
2023-08-25 16:24
tags:
c
dupe
exploit
paper
pdf
programming
security
unix
This report gives a detailed description of the components of the worm program—data and functions. It is based on study of two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. Almost no source code is given in the paper because of current concerns about the state of the ‘‘immune system’’ of Internet hosts, but the description should be detailed enough to allow the reader to understand the behavior of the program.
And some modern commentary: https://infosec.exchange/@hovav/110950949212380779
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
https://wrv.github.io/h26forge.pdf [wrv.github.io]
2023-03-28 18:51
tags:
exploit
format
fuzzing
paper
pdf
security
turtles
video
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden security risk. Decoding video in practice means interacting with dedicated hardware accelerators and the proprietary, privileged software components used to drive them. The video decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed—a dangerous combination.
We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files. Using H26FORGE, we uncover insecurity in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS, memory corruption bugs in Firefox and VLC for Windows, and video accelerator and application processor kernel memory bugs in multiple Android devices.
https://github.com/h26forge/h26forge
A fork() in the road
https://www.microsoft.com/en-us/research/uploads/prod/2019/04/fork-hotos19.pdf [www.microsoft.com]
2023-03-25 04:02
tags:
malloc
paper
pdf
programming
systems
unix
The received wisdom suggests that Unix’s unusual combination of fork() and exec() for process creation was an inspired design. In this paper, we argue that fork was a clever hack for machines and programs of the 1970s that has long outlived its usefulness and is now a liability. We catalog the ways in which fork is a terrible abstraction for the modern programmer to use, describe how it compromises OS implementations, and propose alternatives.
source: L
Animal personalities can trip up science, but there’s a solution
https://arstechnica.com/science/2023/03/animal-personalities-can-trip-up-science-but-theres-a-solution/ [arstechnica.com]
2023-03-13 04:03
tags:
ideas
paper
science
Scientists are increasingly realizing that animals, like people, are individuals. They have distinct tendencies, habits and life experiences that may affect how they perform in an experiment. That means, some researchers argue, that much published research on animal behavior may be biased. Studies claiming to show something about a species as a whole—that green sea turtles migrate a certain distance, say, or how chaffinches respond to the song of a rival—may say more about individual animals that were captured or housed in a certain way, or that share certain genetic features. That’s a problem for researchers who seek to understand how animals sense their environments, gain new knowledge and live their lives.
source: ars
Why Did the Bee Eat the Chicken? Symbiont Gain, Loss, and Retention in the Vulture Bee Microbiome
https://journals.asm.org/doi/10.1128/mBio.02317-21 [journals.asm.org]
2023-01-20 22:19
tags:
biology
paper
Bees are wasps that switched to a vegetarian lifestyle, and the vast majority of bees feed on pollen and nectar. Some stingless bee species, however, also collect carrion, and a few have fully reverted to a necrophagous lifestyle, relying on carrion for protein and forgoing flower visitation altogether. These “vulture” bees belong to the corbiculate apid clade, which is known for its ancient association with a small group of core microbiome phylotypes. Here, we investigate the vulture bee microbiome, along with closely related facultatively necrophagous and obligately pollinivorous species, to understand how these diets interact with microbiome structure.
Recap: https://news.ucr.edu/articles/2021/11/23/when-bees-get-taste-dead-things
source: jwz
Hertzbleed Attack
https://www.hertzbleed.com/ [www.hertzbleed.com]
2022-06-16 18:36
tags:
cpu
crypto
exploit
paper
security
sidechannel
Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency (and therefore take a different wall time) when computing, for example, 2022 + 23823 compared to 2022 + 24436.
source: HN
Lend Me Your Ear: Passive Remote Physical Side Channels on PCs
https://www.usenix.org/system/files/sec22summer_genkin.pdf [www.usenix.org]
2022-05-06 00:55
tags:
crypto
exploit
opsec
paper
pdf
security
sidechannel
systems
We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
We analyze the computation-dependent leakage captured by internal microphones, and empirically demonstrate its efficacy for attacks. In one scenario, an attacker steals the secret ECDSA signing keys of the counterparty in a voice call. In another, the attacker detects what web page their counterparty is loading. In the third scenario, a player in the Counter-Strike online multiplayer game can detect a hidden opponent waiting in ambush, by analyzing how the 3D rendering done by the opponent’s computer induces faint but detectable signals into the opponent’s audio feed.
High Fidelity Image Generation Using Diffusion Models
https://ai.googleblog.com/2021/07/high-fidelity-image-generation-using.html [ai.googleblog.com]
2021-09-13 20:31
tags:
ai
graphics
paper
Alternatively, diffusion models, originally proposed in 2015, have seen a recent revival in interest due to their training stability and their promising sample quality results on image and audio generation. Thus, they offer potentially favorable trade-offs compared to other types of deep generative models. Diffusion models work by corrupting the training data by progressively adding Gaussian noise, slowly wiping out details in the data until it becomes pure noise, and then training a neural network to reverse this corruption process. Running this reversed corruption process synthesizes data from pure noise by gradually denoising it until a clean sample is produced. This synthesis procedure can be interpreted as an optimization algorithm that follows the gradient of the data density to produce likely samples.
Cells Form Into ‘Xenobots’ on Their Own
https://www.quantamagazine.org/cells-form-into-xenobots-on-their-own-20210331/ [www.quantamagazine.org]
2021-04-02 18:58
tags:
biology
paper
science
tech
Embryonic cells can self-assemble into new living forms that don’t resemble the bodies they usually generate, challenging old ideas of what defines an organism.
source: HN
Infinite Nature: Perpetual View Generation of Natural Scenes from a Single Image
https://infinite-nature.github.io/ [infinite-nature.github.io]
2021-03-20 18:13
tags:
ai
graphics
paper
video
We introduce the problem of perpetual view generation—long-range generation of novel views corresponding to an arbitrarily long camera trajectory given a single image. This is a challenging problem that goes far beyond the capabilities of current view synthesis methods, which work for a limited range of viewpoints and quickly degenerate when presented with a large camera motion. Methods designed for video generation also have limited ability to produce long video sequences and are often agnostic to scene geometry. We take a hybrid approach that integrates both geometry and image synthesis in an iterative render, refine, and repeat framework, allowing for long-range generation that cover large distances after hundreds of frames. Our approach can be trained from a set of monocular video sequences without any manual annotation. We propose a dataset of aerial footage of natural coastal scenes, and compare our method with recent view synthesis and conditional video generation baselines, showing that it can generate plausible scenes for much longer time horizons over large camera trajectories compared to existing methods.
https://arxiv.org/abs/2012.09855
https://github.com/google-research/google-research/tree/master/infinite_nature
source: HN
What are the most important statistical ideas of the past 50 years?
http://www.stat.columbia.edu/~gelman/research/unpublished/stat50.pdf [www.stat.columbia.edu]
2021-03-12 03:30
tags:
ideas
math
paper
pdf
science
We argue that the most important statistical ideas of the past half century are: counterfactual causal inference, bootstrapping and simulation-based inference, overparameterized models and regularization, multilevel models, generic computation algorithms, adaptive decision analysis, robust inference, and exploratory data analysis. We discuss common features of these ideas, how they relate to modern computing and big data, and how they might be developed and extended in future decades. The goal of this article is to provoke thought and discussion regarding the larger themes of research in statistics and data science.
source: danluu
Multimodal Neurons in Artificial Neural Networks
https://openai.com/blog/multimodal-neurons/ [openai.com]
2021-03-10 03:07
tags:
ai
compsci
graphics
paper
We’ve discovered neurons in CLIP that respond to the same concept whether presented literally, symbolically, or conceptually. This may explain CLIP’s accuracy in classifying surprising visual renditions of concepts, and is also an important step toward understanding the associations and biases that CLIP and similar models learn.
The good, and the bad...
By exploiting the model’s ability to read text robustly, we find that even photographs of hand-written text can often fool the model.
https://distill.pub/2021/multimodal-neurons/
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
https://arxiv.org/abs/2103.03443 [arxiv.org]
2021-03-08 18:36
tags:
cpu
exploit
paper
security
sidechannel
We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this channel. First, little is known about the ring interconnect’s functioning and architecture. Second, information that can be learned by an attacker through ring contention is noisy by nature and has coarse spatial granularity. To address the first challenge, we perform a thorough reverse engineering of the sophisticated protocols that handle communication on the ring interconnect. With this knowledge, we build a cross-core covert channel over the ring interconnect with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core channel not relying on shared memory. To address the second challenge, we leverage the fine-grained temporal patterns of ring contention to infer a victim program’s secrets. We demonstrate our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.
source: HN
Decades-Long Quest Reveals Details of the Proton’s Inner Antimatter
https://www.quantamagazine.org/protons-antimatter-revealed-by-decades-old-experiment-20210224/ [www.quantamagazine.org]
2021-02-25 01:36
tags:
article
paper
physics
science
Twenty years ago, physicists set out to investigate a mysterious asymmetry in the proton’s interior. Their results, published today, show how antimatter helps stabilize every atom’s core.
We learn in school that a proton is a bundle of three elementary particles called quarks — two “up” quarks and a “down” quark, whose electric charges (+2/3 and −1/3, respectively) combine to give the proton its charge of +1. But that simplistic picture glosses over a far stranger, as-yet-unresolved story.
In reality, the proton’s interior swirls with a fluctuating number of six kinds of quarks, their oppositely charged antimatter counterparts (antiquarks), and “gluon” particles that bind the others together, morph into them and readily multiply. Somehow, the roiling maelstrom winds up perfectly stable and superficially simple — mimicking, in certain respects, a trio of quarks.
paper: https://www.nature.com/articles/s41586-021-03282-z
source: HN
Tales of Favicons and Caches: Persistent Tracking in Modern Browsers
https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf [www.cs.uic.edu]
2021-01-16 02:40
tags:
browser
opsec
paper
pdf
security
turtles
web
The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less tracking. Nonetheless, the complexity and feature-rich nature of modern browsers often lead to the deployment of seemingly innocuous functionality that can be readily abused by adversaries. In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: favicons. In more detail, a website can track users across browsing sessions by storing a tracking identifier as a set of entries in the browser’s dedicated favicon cache, where each entry corresponds to a specific subdomain. In subsequent user visits the website can reconstruct the identifier by observing which favicons are requested by the browser while the user is automatically and rapidly redirected through a series of subdomains. More importantly, the caching of favicons in modern browsers exhibits several unique characteristics that render this tracking vector particularly powerful, as it is persistent (not affected by users clearing their browser data), non-destructive (reconstructing the identifier in subsequent visits does not alter the existing combination of cached entries), and even crosses the isolation of the incognito mode. We experimentally evaluate several aspects of our attack, and present a series of optimization techniques that render our attack practical. We find that combining our favicon-based tracking technique with immutable browser-fingerprinting attributes that do not change over time allows a website to reconstruct a 32-bit tracking identifier in 2 seconds. Furthermore, our attack works in all major browsers that use a favicon cache, including Chrome and Safari. Due to the severity of our attack we propose changes to browsers’ favicon caching behavior that can prevent this form of tracking, and have disclosed our findings to browser vendors who are currently exploring appropriate mitigation strategies.
source: grugq