Kalakshar US

Apple is updating its Security Bounty program this November to offer some of the highest rewards in the industry. It has doubled its top award from $1 million to $2 million for the discovery of “exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks” and which requires no user interaction. But the maximum possible payout can exceed $5 million dollars for the discovery of more critical vulnerabilities, such as bugs in beta software and Lockdown Mode bypasses. Lockdown Mode is an upgraded security architecture in the Safari browser. 

In addition, the company is rewarding the discovery of exploit chains with one-click user interaction with up to $1 million instead of just $250,000. The reward for attacks requiring physical proximity to devices can now also go up to $1 million, up from $250,000, while the maximum reward for attacks requiring physical access to locked devices has been doubled to $500,000. Finally, researchers “who demonstrate chaining WebContent code execution with a sandbox escape can receive up to $300,000.” Apple told Wired that it has awarded over $35 million to more than 800 security researchers since it introduced and expanded the program over the past few years. Apparently, top-dollar payouts are very rare, but Apple has made multiple $500,000 payouts. 

The company said in its announcement that the only system-level iOS attacks it has observed in the wild came from mercenary spyware, which are historically associated with state actors and typically used to target specific individuals. It said its new security features like Lockdown Mode and Memory Integrity Enforcement, which combats memory corruption vulnerabilities, can make mercenary attacks more difficult to pull off. However, bad actors will continue evolving their techniques, and Apple is hoping that updating its bounty program with bigger payouts can “encourage highly advanced research on [its] most critical attack surfaces despite the increased difficulty.”

This article originally appeared on Engadget at https://www.engadget.com/big-tech/apple-doubles-its-biggest-bug-bounty-reward-to-2-million-102844667.html?src=rss 

The Programmed Data Processor-1 (PDP-1) is perhaps most recognizable as the home of Spacewar!, one of the world’s first video games, but as the video above proves, it also works as an enormous and very slow iPod, too.

In the video, Boards of Canada’s “Olson” is playing off of paper tape that’s carefully fed and programmed into the PDP-1 by engineer and Computer History Museum docent Peter Samson. It’s the final product of Joe Lynch’s PDP-1.music project, an attempt to translate the short and atmospheric song into something the PDP-1 can reproduce. 

As Lynch writes on GitHub, the “Harmony Compiler” used to translate “Olson” to paper tape was actually created by Samson to play audio through four of computer’s lightbulbs while he was a student at MIT in the 1960s. He used it to recreate classical music, but it’ll work with ’90s electronic music in a pinch, too.

“While these bulbs were originally intended to provide program status information to the computer operator,” Lynch writes, “Peter repurposed four of these light bulbs into four square wave generators (or four 1-bit DACs, put another way), by turning the bulbs on and off at audio frequencies.” The signal from each bulb is then downmixed into stereo audio channels, transcribed via an emulator and merged into a single file that has to be manually punched into the paper tape that’s fed into the PDP-1.

It’s a laborious process for playing even the simplest of songs, but it’s worth it to hear Boards of Canada’s already nostalgic music from an even older classic computer.

This article originally appeared on Engadget at https://www.engadget.com/audio/someone-programmed-a-65-year-old-computer-to-play-boards-of-canadas-olson-220857441.html?src=rss 

Artificial intelligence companies have been working at breakneck speeds to develop the best and most powerful tools, but that rapid development hasn’t always been coupled with clear understandings of AI’s limitations or weaknesses. Today, Anthropic released a report on how attackers can influence the development of a large language model.

The study centered on a type of attack called poisoning, where an LLM is pretrained on malicious content intended to make it learn dangerous or unwanted behaviors. The key finding from this study is that a bad actor doesn’t need to control a percentage of the pretraining materials to get the LLM to be poisoned. Instead, the researchers found that a small and fairly constant number of malicious documents can poison an LLM, regardless of the size of the model or its training materials. The study was able to successfully backdoor LLMs based on using only 250 malicious documents in the pretraining data set, a much smaller number than expected for models ranging from 600 million to 13 billion parameters. 

“We’re sharing these findings to show that data-poisoning attacks might be more practical than believed, and to encourage further research on data poisoning and potential defenses against it,” the company said. Anthropic collaborated with the UK AI Security Institute and the Alan Turing Institute on the research.

This article originally appeared on Engadget at https://www.engadget.com/researchers-find-just-250-malicious-documents-can-leave-llms-vulnerable-to-backdoors-191112960.html?src=rss 

Monarch Money is one of our favorite budgeting apps and, fittingly enough, there’s a way for newcomers to save money on a subscription right now. If you use the code WELCOME at checkout, you can get an annual plan for 30 percent off. It typically costs $100, but you can get 12 months of access for $70 with this code.

There are some key caveats here. The discount is only for new users, and it can’t be combined with other offers. The code only works when you sign up through the web. You can’t redeem it through the Monarch mobile app.

We feel that Monarch has a steeper learning curve than some other budget trackers and that certain aspects of the app are slightly more complex than they probably need to be. But it offers a great deal of customization and granularity, which outweighs our misgivings.

On the main dashboard, you’ll see your net worth along with your latest transactions, spending versus the previous month, your income so far for the month and details about upcoming bills, your investments and goals you’ve set. There’s also a link to a month-in-review page, which offers an in-depth overview of what’s been happening with your money that month. You’ll also be able to take a peek at how your net worth has changed over time.

Monarch can connect to your bank and track Apple Card, Apple Cash and Savings accounts. It can pull in your transactions and balance history automatically and detect your recurring expenses and income. The app can even keep your car valuation up to date. While it might take a little work to set up Monarch (and you might have to tweak things here and there), it’s a detailed budgeting app that can help you keep better track of your income, expenditure and net worth.

This article originally appeared on Engadget at https://www.engadget.com/deals/one-of-our-favorite-budgeting-apps-has-30-percent-off-annual-plans-right-now-174011690.html?src=rss 

Sora, OpenAI’s app and social network for AI-generated videos, has been downloaded over one million times, according to Sora head Bill Peebles. The app reached one million downloads in less than five days, Peebles says, “even faster than ChatGPT did.” That’s despite OpenAI only making the app available in North America, and its decision to require users to have an invite to actually use it.

Like TikTok, Sora offers an endless vertical feed of videos, only Sora’s videos are AI-generated rather than uploaded by users. Creating a 10-second video of your own is as simple as writing a prompt to OpenAI’s Sora 2 model in the app. And through the Sora’s Cameo feature, you can even create videos of yourself and anyone else who’s agreed to share their likeness to the service.

The limited guardrails OpenAI has put on Sora has already led to a rash of videos featuring OpenAI’s Sam Altman and content that clearly infringes on copyright. The fact that Sora can so readily create videos of recognizable characters like Pikachu raises questions about what OpenAI’s model was trained on, and has unsurprisingly prompted pushback from the larger entertainment industry.

In response, the company has updated Sora to give users more control over what videos their likeness can appear in. OpenAI plans to offer similar controls to rights holders, giving them “the ability to specify how their characters can be used (including not at all),” according to Altman. It’s not clear why these controls weren’t available when Sora launched, but both seem like good changes.

Because of Sora’s invite system, it’s difficult to say if the over one million downloads the app has received translates to as many users. It’s not unusual for someone to download an app and never use it. Whatever the case, OpenAI’s bet on AI-generated videos seems like it might be a winning one, provided the company finds a way to actually make more money than it looses generating videos for Sora.

This article originally appeared on Engadget at https://www.engadget.com/ai/openais-tiktok-of-ai-slop-hit-one-million-downloads-faster-than-chatgpt-181216271.html?src=rss