Tootfinder

#Verpasstodon
Einige der zuletzt hier besonders häufig geteilten #News:
Jetzt updaten! Erneut Zeroday-Lücke in Google Chrome, Exploit verfügbar

0day SMS/Image per Android e iOS in vendita. Scopriamo il mondo di questi preziosi e rari exploit
https://poliverso.org/display/0477a01e-3ca364e4-839919f0fd10d532
0day SMS/Image per Android e iOS in vendita. Scopriamo il mondo di questi preziosi e r…

Fucking google, you're killing me. I can't keep up a pace of *3* chromium releases (and associated debian security advisories) in a week.

Internet Wetter:
Langsam wird es stürmich.
https://www.heise.de/news/Linux-Kernel-Neuer-Exploit-verschafft-Root-Privilegien-9682586.html?wt_mc=sm…

The xz backdoor storm isn't over yet and the next storm seems coming up: #LocalPrivilegeEscalation in the #Linux #kernel 5.15 to 6.5 (at least):

GitHub - YuriiCrimson/ExploitGSM: Exploit for 6.4 - 6.5 kernels
Exploit for 6.4 - 6.5 kernels. Contribute to YuriiCrimson/ExploitGSM development by creating an account on GitHub.

Microsoft has fixed a zero-day exploit that was being used to circumvent Microsoft Defender SmartScreen, particularly targeting financial market traders. https://reddit.com/r/cybersecurity/comments/1aqlka4/

Spectre v2 colpisce Linux: il nuovo exploit che mette in crisi i processori Intel
https://poliverso.org/display/0477a01e-c5c3bbc5-8ef36cc825be55a4
Spectre v2 colpisce Linux: il nuovo exploit che mette in crisi i processori Intel Gli specialisti del …

LLM Agents can Autonomously Exploit One-day Vulnerabilities
Richard Fang, Rohan Bindu, Akul Gupta, Daniel Kang
https://arxiv.org/abs/2404.08144 https://

Complete complementarity relations in tree level QED processes
Massimo Blasone, Silvio De Siena, Gaetano Lambiase, Cristina Matrella, Bruno Micciola
https://arxiv.org/abs/2402.09195

Complete complementarity relations in tree level QED processes
We exploit complete complementarity relations to fully characterize various aspects of quantumness in a Bhabha scattering process $(e^-e^+ \rightarrow e^-e^+)$ at tree level. For illustrative purposes, we consider three different situations: in the first one the initial electron A and positron B are described by a factorized state; in the second one, the incoming particles are described by local superpositions and the total state is factorized; finally, we consider the more general initial stat…

Soft Prompt Threats: Attacking Safety Alignment and Unlearning in Open-Source LLMs through the Embedding Space
Leo Schwinn, David Dobre, Sophie Xhonneux, Gauthier Gidel, Stephan Gunnemann
https://arxiv.org/abs/2402.09063

Soft Prompt Threats: Attacking Safety Alignment and Unlearning in Open-Source LLMs through the Embedding Space
Current research in adversarial robustness of LLMs focuses on discrete input manipulations in the natural language space, which can be directly transferred to closed-source models. However, this approach neglects the steady progression of open-source models. As open-source models advance in capability, ensuring their safety also becomes increasingly imperative. Yet, attacks tailored to open-source LLMs that exploit full model access remain largely unexplored. We address this research gap and pr…

Fucking google, you're killing me. I can't keep up a pace of *3* chromium releases (and associated debian security advisories) in a week.

Deep Limit Order Book Forecasting
Antonio Briola, Silvia Bartolucci, Tomaso Aste
https://arxiv.org/abs/2403.09267 https://arxiv.org/p…

Deep Limit Order Book Forecasting
We exploit cutting-edge deep learning methodologies to explore the predictability of high-frequency Limit Order Book mid-price changes for a heterogeneous set of stocks traded on the NASDAQ exchange. In so doing, we release `LOBFrame', an open-source code base, to efficiently process large-scale Limit Order Book data and quantitatively assess state-of-the-art deep learning models' forecasting capabilities. Our results are twofold. We demonstrate that the stocks' microstructural characteristics …

OmniBOR: A System for Automatic, Verifiable Artifact Resolution across Software Supply Chains
Bharathi Seshadri, Yongkui Han, Chris Olson, David Pollak, Vojislav Tomasevic
https://arxiv.org/abs/2402.08980

OmniBOR: A System for Automatic, Verifiable Artifact Resolution across Software Supply Chains
Software supply chain attacks, which exploit the build process or artifacts used in the process of building a software product, are increasingly of concern. To combat these attacks, one must be able to check that every artifact that a software product depends on does not contain vulnerabilities. In this paper, we introduce OmniBOR, (Universal Bill of Receipts) a minimalistic scheme for build tools to create an artifact dependency graph which can be used to track every software artifact incorpor…

Efficient Interactive LLM Serving with Proxy Model-based Sequence Length Prediction
Haoran Qiu, Weichao Mao, Archit Patke, Shengkun Cui, Saurabh Jha, Chen Wang, Hubertus Franke, Zbigniew T. Kalbarczyk, Tamer Ba\c{s}ar, Ravishankar K. Iyer
https://arxiv.org/abs/2404.08509

Efficient Interactive LLM Serving with Proxy Model-based Sequence Length Prediction
Large language models (LLMs) have been driving a new wave of interactive AI applications across numerous domains. However, efficiently serving LLM inference requests is challenging due to their unpredictable execution times originating from the autoregressive nature of generative models. Existing LLM serving systems exploit first-come-first-serve (FCFS) scheduling, suffering from head-of-line blocking issues. To address the non-deterministic nature of LLMs and enable efficient interactive LLM s…

This is how civilization ends, not with a bang, but with the whimpers of end-of-life devices no longer supported by the manufacturer. 😅
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
https://arstechnica.com/security/2024/04/hackers-actively-exploit-critical-remote-takeover-vulnerabilities-in-d-link-devices/

Strategizing against Q-learners: A Control-theoretical Approach
Yuksel Arslantas, Ege Yuceel, Muhammed O. Sayin
https://arxiv.org/abs/2403.08906 https://…

Strategizing against Q-learners: A Control-theoretical Approach
In this paper, we explore the susceptibility of the Q-learning algorithm (a classical and widely used reinforcement learning method) to strategic manipulation of sophisticated opponents in games. We quantify how much a strategically sophisticated agent can exploit a naive Q-learner if she knows the opponent's Q-learning algorithm. To this end, we formulate the strategic actor's problem as a Markov decision process (with a continuum state space encompassing all possible Q-values) as if the Q-lea…

"iMessage abschalten": Warnung vor angeblichem Exploit verunsichert Nutzer
Ein bekanntes Krypto-Wallet warnt iOS-Nutzer vor einem "hochriskanten Zero-Day-Exploit für iMessage". Der angebliche Exploit könnte aber ein Scam sein.

VM-UNET-V2 Rethinking Vision Mamba UNet for Medical Image Segmentation
Mingya Zhang, Yue Yu, Limei Gu, Tingsheng Lin, Xianping Tao
https://arxiv.org/abs/2403.09157

VM-UNET-V2 Rethinking Vision Mamba UNet for Medical Image Segmentation
In the field of medical image segmentation, models based on both CNN and Transformer have been thoroughly investigated. However, CNNs have limited modeling capabilities for long-range dependencies, making it challenging to exploit the semantic information within images fully. On the other hand, the quadratic computational complexity poses a challenge for Transformers. Recently, State Space Models (SSMs), such as Mamba, have been recognized as a promising method. They not only demonstrate superi…

Exploit Education :: Andrew Griffiths' Exploit Education https://exploit.education/

This https://arxiv.org/abs/2401.16183 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…

Scalable Reinforcement Learning for Linear-Quadratic Control of Networks
Distributed optimal control is known to be challenging and can become intractable even for linear-quadratic regulator problems. In this work, we study a special class of such problems where distributed state feedback controllers can give near-optimal performance. More specifically, we consider networked linear-quadratic controllers with decoupled costs and spatially exponentially decaying dynamics. We aim to exploit the structure in the problem to design a scalable reinforcement learning algori…

Resource-aware Deployment of Dynamic DNNs over Multi-tiered Interconnected Systems
Chetna Singhal, Yashuo Wu, Francesco Malandrino, Marco Levorato, Carla Fabiana Chiasserini
https://arxiv.org/abs/2404.08060

Resource-aware Deployment of Dynamic DNNs over Multi-tiered Interconnected Systems
The increasing pervasiveness of intelligent mobile applications requires to exploit the full range of resources offered by the mobile-edge-cloud network for the execution of inference tasks. However, due to the heterogeneity of such multi-tiered networks, it is essential to make the applications' demand amenable to the available resources while minimizing energy consumption. Modern dynamic deep neural networks (DNN) achieve this goal by designing multi-branched architectures where early exits e…

Up and Down Quark Structure of the Proton
D0 Collaboration
https://arxiv.org/abs/2403.09331 https://arxiv.org/pdf/2403.09331

Up and Down Quark Structure of the Proton
We measure proton structure parameters sensitive primarily to valence quarks using 8.6 fb$^{-1}$ of data collected by the D0 detector in $\sqrt{s}=1.96$ TeV $p\bar{p}$ collisions at the Fermilab Tevatron. We exploit the property of the forward-backward asymmetry in dilepton events to be factorized in to distinct structure parameters and electroweak quark-level asymmetries. Contributions to the asymmetry from $s$, $c$ and $b$ quarks, as well as from $u$ and $d$ quarks, are suppressed allowing va…

Euclid preparation. XLII. A unified catalogue-level reanalysis of weak lensing by galaxy clusters in five imaging surveys
Euclid Collaboration, M. Sereno, S. Farrens, L. Ingoglia, G. F. Lesci, L. Baumont, G. Covone, C. Giocoli, F. Marulli, S. Miranda La Hera, M. Vannier, A. Biviano, S. Maurogordato, L. Moscardini, N. Aghanim, S. Andreon, N. Auricchio, M. Baldi, S. Bardelli, F. Bellagamba, C. Bodendorf, D. Bonino, E. Branchini, M. Brescia, J. Brinchmann, S. Camera, V. Capobianco, C. Car…

Euclid preparation. XLII. A unified catalogue-level reanalysis of weak lensing by galaxy clusters in five imaging surveys
Precise and accurate mass calibration is required to exploit galaxy clusters as astrophysical and cosmological probes in the Euclid era. Systematic errors in lensing signals by galaxy clusters can be empirically estimated by comparing different surveys with independent and uncorrelated systematics. To assess the robustness of the lensing results to systematic errors, we carried out end-to-end tests across different data sets. We performed a unified analysis at the catalogue level by leveraging …

"At the very least we now have a clearly defined avenue for getting code that matters for Linux only merged into OpenSSH upstream: just get some nation state actor to use it as a vehicle for an exploit, and bam, there's your window of opportunity to get something merged!" – Lennart
https://lwn.net/Articles/968130/

Unceasing warfare gives rise to its own social conditions which have been similar in all epochs. People enter a permanent state of alertness to ward off attacks. You seethe absolute rule of the autocrat. All new things become dangerous frontier districts - new planets, new economic areas to exploit, new ideas or new devices, visitors - everything suspect. Feudalism takes firm hold, sometimes disguised as a politbureau or similar structure, but always present. 1/2

Seneca stablecoin hacker returns stolen funds after $6.4M exploit
https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit

Researchers warn that a high-risk vulnerability under attack in remote access tool ConnectWise ScreenConnect is "trivial and embarrassingly easy" to exploit (Carly Page/TechCrunch)
https://techcrunch.com/2024/02/21/rese

Researchers warn high-risk ConnectWise flaw under attack is 'embarrassingly easy' to exploit | TechCrunch
“I can’t sugarcoat it — this shit is bad," warned one cybersecurity firm, as thousands of servers remain vulnerable to remote hacks

The "creator economy" is a shiny veneer hiding an ugly truth:
it has nothing to do with empowering creators.
It's exploiting them for maximum profit.
Tech has sold us a fairy tale that dedicating yourself to your creative passion can be a viable career path in the modern world.
But they conveniently leave out the part where they ruthlessly exploit those creators to line their pockets.
Take Spotify, for example. They love to tout how they "sup…

It’s an exploiter economy. Not a creator economy. — Joan Westenberg
The creator economy is a shiny veneer hiding an ugly truth: it has nothing to do with empowering creators. It's exploiting them for maximum profit. Tech has sold us a fairy tale that dedicating yourself to your creative passion can be a viable career path in the modern world. But they conveniently

@… Enjoy: https://github.com/amlweems/xzbot

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot

Information Leakage through Physical Layer Supply Voltage Coupling Vulnerability
Sahan Sanjaya, Aruna Jayasena, Prabhat Mishra
https://arxiv.org/abs/2403.08132

Information Leakage through Physical Layer Supply Voltage Coupling Vulnerability
Side-channel attacks exploit variations in non-functional behaviors to expose sensitive information across security boundaries. Existing methods leverage side-channels based on power consumption, electromagnetic radiation, silicon substrate coupling, and channels created by malicious implants. Power-based side-channel attacks are widely known for extracting information from data processed within a device while assuming that an attacker has physical access or the ability to modify the device. In…

This https://arxiv.org/abs/2112.09743 has been replaced.
link: https://scholar.google.com/scholar?q=a

Dimension reduction, exact recovery, and error estimates for sparse reconstruction in phase space
An important theme in modern inverse problems is the reconstruction of time-dependent data from only finitely many measurements. To obtain satisfactory reconstruction results in this setting it is essential to strongly exploit temporal consistency between the different measurement times. The strongest consistency can be achieved by reconstructing data directly in phase space, the space of positions and velocities. However, this space is usually too high-dimensional for feasible computations. We…

The past is not some mythical wonder moment to get all nostalgic about. The past is slavery, the servitude of woman, colonization, mass murder, rape and pillaging of peaceful Indigenous and other good peoples, the assault on the natural world out of pure selfishness and a penchant to exploit and destroy.
Leave it all behind.
Progress is the opposite of all these evils.
Want a progressive future.
Be politically progressive.
It's the only way forward to a …

Hmm, who could that be then Govey? Tory chums?
“overturn, exploit or undermine the UK’s system of liberal democracy to confer advantages or disadvantages on specific groups”
Revealed: legal fears over Michael Gove’s new definition of ‘extremism’ | Politics | The Guardian

This https://arxiv.org/abs/2212.04954 has been replaced.
link: https://scholar.google.com/scholar?q=a

Associated production of a $W$ boson and massive bottom quarks at next-to-next-to-leading order in QCD
We present the first calculation for the hadroproduction of a $W$ boson in association with a massive bottom ($b$) quark-antiquark pair at next-to-next-to-leading order (NNLO) in QCD perturbation theory. We exploit the hierarchy between the $b$ quark mass and the characteristic energy scale of the process to obtain a reliable analytic expression for the two-loop virtual amplitude with three massive legs, starting from the corresponding result available for massless bottom quarks. The use of mas…

It would be so fucking cool if an untethered exploit came out to iPad and they just casually released Asahi Linux for it…

LIST: Learning to Index Spatio-Textual Data for Embedding based Spatial Keyword Queries
Ziqi Yin, Shanshan Feng, Shang Liu, Gao Cong, Yew Soon Ong, Bin Cui
https://arxiv.org/abs/2403.07331

LIST: Learning to Index Spatio-Textual Data for Embedding based Spatial Keyword Queries
With the proliferation of spatio-textual data, Top-k KNN spatial keyword queries (TkQs), which return a list of objects based on a ranking function that evaluates both spatial and textual relevance, have found many real-life applications. Existing geo-textual indexes for TkQs use traditional retrieval models like BM25 to compute text relevance and usually exploit a simple linear function to compute spatial relevance, but its effectiveness is limited. To improve effectiveness, several deep learn…

Analysis of Intelligent Reflecting Surface-Enhanced Mobility Through a Line-of-Sight State Transition Model
Hongtao Zhang, Haoyan Wei
https://arxiv.org/abs/2403.07337

Analysis of Intelligent Reflecting Surface-Enhanced Mobility Through a Line-of-Sight State Transition Model
Rapid signal fluctuations due to blockage effects cause excessive handovers (HOs) and degrade mobility performance. By reconfiguring line-of-sight (LoS) Links through passive reflections, intelligent reflective surface (IRS) has the potential to address this issue. Due to the lack of introducing blocking effects, existing HO analyses cannot capture excessive HOs or exploit enhancements via IRSs. This paper proposes an LoS state transition model enabling analysis of mobility enhancement achieved…

In the wake of the xz exploit, I quipped, “Free software, eh, fine, whatever. What does •sustainable• software look like?”
I haven’t heard anybody give a more thoughtful or more useful answer to that question than @… in this blog post, which has not one but •two• crucial insights:

The free software commons
Free and open source software has become a modern commons, but now it's vulnerable. Freedom isn't sufficient to secure it for the future.

This https://arxiv.org/abs/2401.16183 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…

Scalable Reinforcement Learning for Linear-Quadratic Control of Networks
Distributed optimal control is known to be challenging and can become intractable even for linear-quadratic regulator problems. In this work, we study a special class of such problems where distributed state feedback controllers can give near-optimal performance. More specifically, we consider networked linear-quadratic controllers with decoupled costs and spatially exponentially decaying dynamics. We aim to exploit the structure in the problem to design a scalable reinforcement learning algori…

Euclid preparation. XLII. A unified catalogue-level reanalysis of weak lensing by galaxy clusters in five imaging surveys
Euclid Collaboration, M. Sereno, S. Farrens, L. Ingoglia, G. F. Lesci, L. Baumont, G. Covone, C. Giocoli, F. Marulli, S. Miranda La Hera, M. Vannier, A. Biviano, S. Maurogordato, L. Moscardini, N. Aghanim, S. Andreon, N. Auricchio, M. Baldi, S. Bardelli, F. Bellagamba, C. Bodendorf, D. Bonino, E. Branchini, M. Brescia, J. Brinchmann, S. Camera, V. Capobianco, C. Car…

Euclid preparation. XLII. A unified catalogue-level reanalysis of weak lensing by galaxy clusters in five imaging surveys
Precise and accurate mass calibration is required to exploit galaxy clusters as astrophysical and cosmological probes in the Euclid era. Systematic errors in lensing signals by galaxy clusters can be empirically estimated by comparing different surveys with independent and uncorrelated systematics. To assess the robustness of the lensing results to systematic errors, we carried out end-to-end tests across different data sets. We performed a unified analysis at the catalogue level by leveraging …

There's been a ton of conversation about the xz exploit, but the real reason this kind of thing could even happen is because of *human* vulnerability, not a technology vulnerability. So we have to take a deep look at how we truly support the people who make open source happen. Here's the real, substantive investment @… has been providing:

What can you actually do to reduce the threat of hacks like xz?
With the recent xz hack in the news, it's crucial to support maintainers of open source projects. Fastly has been doing just that with our open source program, Fast Forward.

Combination of measurements of the top quark mass from data collected by the ATLAS and CMS experiments at $\sqrt{s}=7$ and 8 TeV
CMS, ATLAS Collaborations
https://arxiv.org/abs/2402.08713

Combination of measurements of the top quark mass from data collected by the ATLAS and CMS experiments at $\sqrt{s}=7$ and 8 TeV
A combination of fifteen top quark mass measurements performed by the ATLAS and CMS experiments at the LHC is presented. The data sets used correspond to an integrated luminosity of up to 5 and 20$^{-1}$ of proton-proton collisions at center-of-mass energies of 7 and 8 TeV, respectively. The combination includes measurements in top quark pair events that exploit both the semileptonic and hadronic decays of the top quark, and a measurement using events enriched in single top quark production via…

SiLVR: Scalable Lidar-Visual Reconstruction with Neural Radiance Fields for Robotic Inspection
Yifu Tao, Yash Bhalgat, Lanke Frank Tarimo Fu, Matias Mattamala, Nived Chebrolu, Maurice Fallon
https://arxiv.org/abs/2403.06877

SiLVR: Scalable Lidar-Visual Reconstruction with Neural Radiance Fields for Robotic Inspection
We present a neural-field-based large-scale reconstruction system that fuses lidar and vision data to generate high-quality reconstructions that are geometrically accurate and capture photo-realistic textures. This system adapts the state-of-the-art neural radiance field (NeRF) representation to also incorporate lidar data which adds strong geometric constraints on the depth and surface normals. We exploit the trajectory from a real-time lidar SLAM system to bootstrap a Structure-from-Motion (S…

Somebody is building a low-latency pipeline from #security advisory to attack by means of #AI right now, I'm sure.
https://w…

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories
While some other LLMs appear to flat-out suck

Inferring Change Points in High-Dimensional Linear Regression via Approximate Message Passing
Gabriel Arpino, Xiaoqi Liu, Ramji Venkataramanan
https://arxiv.org/abs/2404.07864

Inferring Change Points in High-Dimensional Linear Regression via Approximate Message Passing
We consider the problem of localizing change points in high-dimensional linear regression. We propose an Approximate Message Passing (AMP) algorithm for estimating both the signals and the change point locations. Assuming Gaussian covariates, we give an exact asymptotic characterization of its estimation performance in the limit where the number of samples grows proportionally to the signal dimension. Our algorithm can be tailored to exploit any prior information on the signal, noise, and chang…

Shortcuts-Lücke: Zero-Day-Exploit konnte Apples Systemsicherheit aushebeln
Apples TCC-Verfahren soll eigentlich verhindern, dass böswillige Apps ausgeführt werden. Mittels Shortcuts war das doch möglich. Die Lücke ist gestopft.

it's kinda funny (in the "not really" sort of way) when people act upset about companies like Nintendo etc "hurt their own fans".
like, yeah, they are to a large extent a #copyright company, with some game making and hardware design attached.
the point of copyright is to exploit your consumers. and governments use a lot of money and force to maintain this explo…

"#Market traders engage with one another at a designated time & place, abiding by shared rules; #capitalists exploit their unrivalled control over time & space in order to impose their rules on everyone else. Buyers & sellers on eBay are participating in a market; eBay Inc. is participat…

William Davies · Antimarket: Capitalism Decarbonised
When it’s capitalism that’s the problem, and not markets, the only alternative is post-capitalism. But the central...

Japan score just 30 seconds into the match. That looked like a video game exploit.
#USWNT :uswnt: #SheBelievesCup

You've probably seen it elsewhere already, but: xz-utils 5.6.0 and 5.6.1 release tarballs contain an elaborate exploit that injects a backdoor into SSH. #Gentoo systems shouldn't be affected since our OpenSSH doesn't link to liblzma — apparently the exploit targets distributions that patch OpenSSH to link with libsystemd, which in turn may link to liblzma. However, it's not clear if the exploits doesn't do anything else, so we've masked the new versions.
lzip is not affected.
https://www.openwall.com/lists/oss-security/2024/03/29/4

A vulnerability closed in 2022 has been in active use since 2019 and is still ongoing. 5 years, wow!
Please f*cking update your systems at least every two years (actually, much more often!)!!!
https://arstechnica.com/security/2024/…

Researchers: when given 15 CVE descriptions, GPT-4 autonomously exploited 87% of the vulnerabilities, compared to 0% for every other model tested (Thomas Claburn/The Register)
https://www.theregister.com/2024/04/17/gpt4_can_exploit_real_vulnerabilitie…

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories
While some other LLMs appear to flat-out suck

This https://arxiv.org/abs/2402.18921 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_mat…

Semi-Supervised U-statistics
Semi-supervised datasets are ubiquitous across diverse domains where obtaining fully labeled data is costly or time-consuming. The prevalence of such datasets has consistently driven the demand for new tools and methods that exploit the potential of unlabeled data. Responding to this demand, we introduce semi-supervised U-statistics enhanced by the abundance of unlabeled data, and investigate their statistical properties. We show that the proposed approach is asymptotically Normal and exhibits …

Simulating Quantum Circuits by Model Counting
Jingyi Mei, Marcello Bonsangue, Alfons Laarman
https://arxiv.org/abs/2403.07197 https://

Simulating Quantum Circuits by Model Counting
Quantum circuit compilation comprises many computationally hard reasoning tasks that nonetheless lie inside #$\mathbf{P}$ and its decision counterpart in $\mathbf{PP}$. The classical simulation of general quantum circuits is a core example. We show for the first time that a strong simulation of universal quantum circuits can be efficiently tackled through weighted model counting by providing a linear encoding of Clifford+T circuits. To achieve this, we exploit the stabilizer formalism by Knill,…

Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE https://thedfirreport.com/2024/03/04/threat-brief-wordpress-exploit-leads-to-godzilla-web-shell-discovery-new-cve/

This https://arxiv.org/abs/2207.07318 has been replaced.
link: https://scholar.google.com/scholar?q=a

Flexible global forecast combinations
Forecast combination -- the aggregation of individual forecasts from multiple experts or models -- is a proven approach to economic forecasting. To date, research on economic forecasting has concentrated on local combination methods, which handle separate but related forecasting tasks in isolation. Yet, it has been known for over two decades in the machine learning community that global methods, which exploit task-relatedness, can improve on local methods that ignore it. Motivated by the possib…

Google aumenta di 10 volte le ricompense per gli exploit su APP Android
https://poliverso.org/display/0477a01e-a53aa094-782374da5e996df6
Google aumenta di 10 volte le ricompense per gli exploit su APP Android Google sta decuplicando

Combination of measurements of the top quark mass from data collected by the ATLAS and CMS experiments at $\sqrt{s}=7$ and 8 TeV
CMS, ATLAS Collaborations
https://arxiv.org/abs/2402.08713

Combination of measurements of the top quark mass from data collected by the ATLAS and CMS experiments at $\sqrt{s}=7$ and 8 TeV
A combination of fifteen top quark mass measurements performed by the ATLAS and CMS experiments at the LHC is presented. The data sets used correspond to an integrated luminosity of up to 5 and 20$^{-1}$ of proton-proton collisions at center-of-mass energies of 7 and 8 TeV, respectively. The combination includes measurements in top quark pair events that exploit both the semileptonic and hadronic decays of the top quark, and a measurement using events enriched in single top quark production via…

@… same here. @… pointed out that some of this traffic is bots looking for a specific websites to exploit them but yesterday most of the keywords were not on the lists. Like variation of “fashion model <name>”

Full Version: (De/Re)-Composition of Data-Parallel Computations via Multi-Dimensional Homomorphisms
Ari Rasch
https://arxiv.org/abs/2405.05118 https://

Full Version: (De/Re)-Composition of Data-Parallel Computations via Multi-Dimensional Homomorphisms
We formally introduce a systematic (de/re)-composition approach, based on the algebraic formalism of "Multi-Dimensional Homomorphisms (MDHs)". Our approach is designed as general enough to be applicable to a wide range of data-parallel computations and for various kinds of target parallel architectures. To efficiently target the deep and complex memory and core hierarchies of contemporary architectures, we exploit our introduced (de/re)-composition approach for a correct-by-construction, parame…

Perfectly Secure Key Agreement Over a Full Duplex Wireless Channel
Gerhard Wunder, Axel Flinth, Daniel Becker, Benedikt Gro{\ss}
https://arxiv.org/abs/2404.06952

Perfectly Secure Key Agreement Over a Full Duplex Wireless Channel
Secret key generation (SKG) between authenticated devices is a pivotal task for secure communications. Diffie-Hellman (DH) is de-facto standard but not post-quantum secure. In this paper, we shall invent and analyze a new security primitive that is specifically designed for WPAN. For WPAN, wireless channel-based SKG has been proposed but was not widely deployed due to its critical dependence on the channel's entropy which is uncontrollable. We formulate a different approach: We still exploit ch…

This https://arxiv.org/abs/2404.01887 has been replaced.
link: https://scholar.google.com/scholar?q=a

3D scene generation from scene graphs and self-attention
Synthesizing realistic and diverse indoor 3D scene layouts in a controllable fashion opens up applications in simulated navigation and virtual reality. As concise and robust representations of a scene, scene graphs have proven to be well-suited as the semantic control on the generated layout. We present a variant of the conditional variational autoencoder (cVAE) model to synthesize 3D scenes from scene graphs and floor plans. We exploit the properties of self-attention layers to capture high-le…

Evolving Loss Functions for Specific Image Augmentation Techniques
Brandon Morgan, Dean Hougen
https://arxiv.org/abs/2404.06633 https://

Evolving Loss Functions for Specific Image Augmentation Techniques
Previous work in Neural Loss Function Search (NLFS) has shown a lack of correlation between smaller surrogate functions and large convolutional neural networks with massive regularization. We expand upon this research by revealing another disparity that exists, correlation between different types of image augmentation techniques. We show that different loss functions can perform well on certain image augmentation techniques, while performing poorly on others. We exploit this disparity by perfor…

This article is a perfect summary on why interviewing the stochastic terrorists that create violence against marginalized groups (in this case trans people) centers the aggressors and not the victims and the injustice. Taylor Lorenz got played by LibsOfTikTok and should have known better.
"Furthermore, and in particular: If you are going to use a trans person’s violent death as a narcissistic exercise, and exploit the suffering of a real trans person to raise your own cis profile …

I Don’t Care About Your Brand
Nex Benedict, Taylor Lorenz, and why trans trauma is not your goldmine.

This https://arxiv.org/abs/2304.11698 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_mat…

Hydrodynamic limits for kinetic equations preserving mass, momentum and energy: a spectral and unified approach in the presence of a spectral gap
Triggered by the fact that, in the hydrodynamic limit, several different kinetic equations of physical interest all lead to the same Navier-Stokes-Fourier system, we develop in the paper an abstract framework which allows to explain this phenomenon. The method we develop can be seen as a significant improvement of known approaches for which we fully exploit some structural assumptions on the linear and nonlinear collision operators as well as a good knowledge of the Cauchy theory for the limiti…

DeFi platform Hedgey Finance hit by $44 million exploit
https://cointelegraph.com/news/hedgey-protocol-44-million-exploit

This https://arxiv.org/abs/2309.04265 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…

Asymmetric Clean Segments-Guided Self-Supervised Learning for Robust Speaker Verification
Contrastive self-supervised learning (CSL) for speaker verification (SV) has drawn increasing interest recently due to its ability to exploit unlabeled data. Performing data augmentation on raw waveforms, such as adding noise or reverberation, plays a pivotal role in achieving promising results in SV. Data augmentation, however, demands meticulous calibration to ensure intact speaker-specific information, which is difficult to achieve without speaker labels. To address this issue, we introduce …

SiLVR: Scalable Lidar-Visual Reconstruction with Neural Radiance Fields for Robotic Inspection
Yifu Tao, Yash Bhalgat, Lanke Frank Tarimo Fu, Matias Mattamala, Nived Chebrolu, Maurice Fallon
https://arxiv.org/abs/2403.06877

SiLVR: Scalable Lidar-Visual Reconstruction with Neural Radiance Fields for Robotic Inspection
We present a neural-field-based large-scale reconstruction system that fuses lidar and vision data to generate high-quality reconstructions that are geometrically accurate and capture photo-realistic textures. This system adapts the state-of-the-art neural radiance field (NeRF) representation to also incorporate lidar data which adds strong geometric constraints on the depth and surface normals. We exploit the trajectory from a real-time lidar SLAM system to bootstrap a Structure-from-Motion (S…

This https://arxiv.org/abs/2102.10647 has been replaced.
link: https://scholar.google.com/scholar?q=a

The quadratic minimum spanning tree problem: lower bounds via extended formulations
The quadratic minimum spanning tree problem (QMSTP) is the problem of finding a spanning tree of a graph such that the total interaction cost between pairs of edges in the tree is minimized. We first show that most of the bounding approaches for the QMSTP are closely related. Then, we exploit an extended formulation for the minimum spanning tree problem to derive a sequence of relaxations for the QMSTP with increasing complexity. The resulting relaxations differ from the relaxations in the lite…

Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE https://thedfirreport.com/2024/03/04/threat-brief-wordpress-exploit-leads-to-godzilla-web-shell-discovery-new-cve/

Somebody is building a low-latency pipeline from #security advisory to attack by means of #AI right now, I'm sure.
https://w…

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories
While some other LLMs appear to flat-out suck

Artificial intelligence and illusions of understanding in scientific research | Nature
https://www.nature.com/articles/s41586-024-07146-0

Artificial intelligence and illusions of understanding in scientific research | Nature
Scientists are enthusiastically imagining ways in which artificial intelligence (AI) tools might improve research. Why are AI tools so attractive and what are the risks of implementing them across the research pipeline? Here we develop a taxonomy of scientists’ visions for AI, observing that their appeal comes from promises to improve productivity and objectivity by overcoming human shortcomings. But proposed AI solutions can also exploit our cognitive limitations, making us vulnerable to ill…

Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing
Mohamadreza Rostami, Marco Chilese, Shaza Zeitouni, Rahul Kande, Jeyavijayan Rajendran, Ahmad-Reza Sadeghi
https://arxiv.org/abs/2404.06856

Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing
Modern computing systems heavily rely on hardware as the root of trust. However, their increasing complexity has given rise to security-critical vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware vulnerability detection methods, such as random regression and formal verification, have limitations. Random regression, while scalable, is slow in exploring hardware, and formal verification techniques are often concerned with manual effort and state explosions. Hardware fuzzi…

You've probably seen it elsewhere already, but: xz-utils 5.6.0 and 5.6.1 release tarballs contain an elaborate exploit that injects a backdoor into SSH. #Gentoo systems shouldn't be affected since our OpenSSH doesn't link to liblzma — apparently the exploit targets distributions that patch OpenSSH to link with libsystemd, which in turn may link to liblzma. However, it's not clear if the exploits doesn't do anything else, so we've masked the new versions.
lzip is not affected.
https://www.openwall.com/lists/oss-security/2024/03/29/4

This https://arxiv.org/abs/2307.11734 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_hepp…

Signatures of vacuum birefringence in low-power flying focus pulses
Vacuum birefringence produces a differential phase between orthogonally polarized components of a weak electromagnetic probe in the presence of a strong electromagnetic field. Despite representing a hallmark prediction of quantum electrodynamics, vacuum birefringence remains untested in pure light configurations due to the extremely large electromagnetic fields required for a detectable phase difference. Here, we exploit the programmable focal velocity and extended focal range of a flying focus…

GO4Align: Group Optimization for Multi-Task Alignment
Jiayi Shen, Cheems Wang, Zehao Xiao, Nanne Van Noord, Marcel Worring
https://arxiv.org/abs/2404.06486

GO4Align: Group Optimization for Multi-Task Alignment
This paper proposes \textit{GO4Align}, a multi-task optimization approach that tackles task imbalance by explicitly aligning the optimization across tasks. To achieve this, we design an adaptive group risk minimization strategy, compromising two crucial techniques in implementation: (i) dynamical group assignment, which clusters similar tasks based on task interactions; (ii) risk-guided group indicators, which exploit consistent task correlations with risk information from previous iterations. …

How significant is Russia’s apparent interception of military talks on Ukraine?
The main benefit to Moscow is to try to publicly exploit the leaks against the German chancellor, who will nevertheless continue to come under western and Ukrainian pressure to donate the Taurus missiles, not least because in the leaked call the German experts say they believe 10-20 might be able to blow up the Kerch Bridge.
“The UK was the first country to provide long-range precision strike missile…

Full Version: (De/Re)-Composition of Data-Parallel Computations via Multi-Dimensional Homomorphisms
Ari Rasch
https://arxiv.org/abs/2405.05118 https://

Full Version: (De/Re)-Composition of Data-Parallel Computations via Multi-Dimensional Homomorphisms
We formally introduce a systematic (de/re)-composition approach, based on the algebraic formalism of "Multi-Dimensional Homomorphisms (MDHs)". Our approach is designed as general enough to be applicable to a wide range of data-parallel computations and for various kinds of target parallel architectures. To efficiently target the deep and complex memory and core hierarchies of contemporary architectures, we exploit our introduced (de/re)-composition approach for a correct-by-construction, parame…

Experience and Analysis of Scalable High-Fidelity Computational Fluid Dynamics on Modular Supercomputing Architectures
Martin Karp, Estela Suarez, Jan H. Meinke, M{\aa}ns I. Andersson, Philipp Schlatter, Stefano Markidis, Niclas Jansson
https://arxiv.org/abs/2405.05640

Experience and Analysis of Scalable High-Fidelity Computational Fluid Dynamics on Modular Supercomputing Architectures
The never-ending computational demand from simulations of turbulence makes computational fluid dynamics (CFD) a prime application use case for current and future exascale systems. High-order finite element methods, such as the spectral element method, have been gaining traction as they offer high performance on both multicore CPUs and modern GPU-based accelerators. In this work, we assess how high-fidelity CFD using the spectral element method can exploit the modular supercomputing architecture…

This https://arxiv.org/abs/2402.16415 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csIT_…

Achievable Rate Optimization for Stacked Intelligent Metasurface-Assisted Holographic MIMO Communications
Stacked intelligent metasurfaces (SIM) is a revolutionary technology, which can outperform its single-layer counterparts by performing advanced signal processing relying on wave propagation. In this work, we exploit SIM to enable transmit precoding and receiver combining in holographic multiple-input multiple-output (HMIMO) communications, and we study the achievable rate by formulating a joint optimization problem of the SIM phase shifts at both sides of the transceiver and the covariance matr…

Google engineers hacked a Sony PlayStation Portal to run games locally via a PPSSPP emulator in a "software based" exploit; the Portal can only stream PS5 games (Tom Warren/The Verge)
https://www.theverge.com/2024/2/20/24078024/s…

Sony’s PlayStation Portal hacked to run emulated PSP games
The PlayStation Portal has been hacked to run emulator software, just months after its release. Two Google engineers have discovered an exploit.

Honestly, the worst effect of the xz/sshd exploit is the evaporation of trust in #OpenSource.
There's this new prolific contributor. I haven't looked in great detail, but they're seemingly doing great work. All pull requests are nicely annotated as to ease review. Really, everything you could wish for. But what if it's a bad actor trying to quickly build trust?
Then this contributor kindly pings assignee a week after filing the PR. Well, nothing wrong with that. It makes sense. But then, what if it's a bad actor trying to pressure maintainers?
Or perhaps it's just a great, well-organized #Gentoo contributor.

Redefining Information Retrieval of Structured Database via Large Language Models
Mingzhu Wang, Yuzhe Zhang, Qihang Zhao, Juanyi Yang, Hong Zhang
https://arxiv.org/abs/2405.05508 …

Redefining Information Retrieval of Structured Database via Large Language Models
Retrieval augmentation is critical when Language Models (LMs) exploit non-parametric knowledge related to the query through external knowledge bases before reasoning. The retrieved information is incorporated into LMs as context alongside the query, enhancing the reliability of responses towards factual questions. Prior researches in retrieval augmentation typically follow a retriever-generator paradigm. In this context, traditional retrievers encounter challenges in precisely and seamlessly ex…

This https://arxiv.org/abs/2404.06202 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCV_…

Automated National Urban Map Extraction
Developing countries usually lack the proper governance means to generate and regularly update a national rooftop map. Using traditional photogrammetry and surveying methods to produce a building map at the federal level is costly and time consuming. Using earth observation and deep learning methods, we can bridge this gap and propose an automated pipeline to fetch such national urban maps. This paper aims to exploit the power of fully convolutional neural networks for multi-class buildings' in…

This https://arxiv.org/abs/2304.07269 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_mat…

Learning-Assisted Optimization for Transmission Switching
The design of new strategies that exploit methods from Machine Learning to facilitate the resolution of challenging and large-scale mathematical optimization problems has recently become an avenue of prolific and promising research. In this paper, we propose a novel learning procedure to assist in the solution of a well-known computationally difficult optimization problem in power systems: The Direct Current Optimal Transmission Switching (DC-OTS) problem. The DC-OTS problem consists in finding…

Exploiting CPU Clock Modulation for Covert Communication Channel
Shariful Alam, Jidong Xiao, Nasir U. Eisty
https://arxiv.org/abs/2404.05823 https://

Exploiting CPU Clock Modulation for Covert Communication Channel
Covert channel attacks represent a significant threat to system security, leveraging shared resources to clandestinely transmit information from highly secure systems, thereby violating the system's security policies. These attacks exploit shared resources as communication channels, necessitating resource partitioning and isolation techniques as countermeasures. However, mitigating attacks exploiting modern processors' hardware features to leak information is challenging because successful atta…

Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild https://buer.haus/2024/02/23/go-go-xss-gadgets-chaining-a-dom-clobbering-exploit-in-the-wild/

Don't miss today's Metacurity for the most critical infosec developments you should know, including
--FCC fines telco giants $200 million for sharing customers' location data without Consent
--UnitedHealth breach began with Citrix flaw exploit,
--Telegram yanks and then restores Ukraine security agency access,
--TikTok ban could extend CapCut video editor,
--Canadian lawmakers in an uproar over Chinese hacker targeting,
--Google blocked 2.28 million Android apps last year,
--Apple leaves EU Safari users exposed to web tracking,
--much more
https://www.metacurity.com/p/fcc-fines-telco-giants-200-million-sharing-customers-location-data-without-consent

POMDP-Guided Active Force-Based Search for Robotic Insertion
Chen Wang, Haoxiang Luo, Kun Zhang, Hua Chen, Jia Pan, Wei Zhang
https://arxiv.org/abs/2404.03943

POMDP-Guided Active Force-Based Search for Robotic Insertion
In robotic insertion tasks where the uncertainty exceeds the allowable tolerance, a good search strategy is essential for successful insertion and significantly influences efficiency. The commonly used blind search method is time-consuming and does not exploit the rich contact information. In this paper, we propose a novel search strategy that actively utilizes the information contained in the contact configuration and shows high efficiency. In particular, we formulate this problem as a Partial…

This https://arxiv.org/abs/2404.12818 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…

Aggregator of Electric Vehicles Bidding in Nordic FCR-D Markets: A Chance-Constrained Program
Recently, two new innovative regulations in the Nordic ancillary service markets, the P90 rule and LER classification, were introduced to make the market more attractive for flexible stochastic resources. The regulations respectively relax market requirements related to the security and volume of flexible capacity from such resources. However, this incentivizes aggregators to exploit the rules when bidding flexible capacity. Considering the Nordic ancillary service Frequency Containment Reserve…

This https://arxiv.org/abs/2312.05992 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_hepp…

Probing the Interactions of Axion-Like Particles with Electroweak Bosons and the Higgs Boson in the High Energy Regime at LHC
We study the interactions of Axion-Like Particles (ALPs) with the Standard Model particles, aiming to probe their phenomenology via non-resonant searches at the LHC. These interactions are mediated by higher dimensional effective operators within two possible frameworks of linearly and non-linearly realised electroweak symmetry breaking. We consider the ALPs to be light enough to be produced on-shell and exploit their derivative couplings with the SM Higgs boson and the gauge bosons. We will us…

Don't miss today's Metacurity for the most critical infosec developments you should know, including
--FCC fines telco giants $200 million for sharing customers' location data without Consent
--UnitedHealth breach began with Citrix flaw exploit,
--Telegram yanks and then restores Ukraine security agency access,
--TikTok ban could extend CapCut video editor,
--Canadian lawmakers in an uproar over Chinese hacker targeting,
--Google blocked 2.28 million Android apps last year,
--Apple leaves EU Safari users exposed to web tracking,
--much more
https://www.metacurity.com/p/fcc-fines-telco-giants-200-million-sharing-customers-location-data-without-consent

Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren
https://arxiv.org/abs/2405.04825

Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
Ownership verification is currently the most critical and widely adopted post-hoc method to safeguard model copyright. In general, model owners exploit it to identify whether a given suspicious third-party model is stolen from them by examining whether it has particular properties `inherited' from their released models. Currently, backdoor-based model watermarks are the primary and cutting-edge methods to implant such properties in the released models. However, backdoor-based methods have two f…

CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive, IOCs, and Exploit https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive/

CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive, IOCs, and Exploit https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive/

Safeguarding Voice Privacy: Harnessing Near-Ultrasonic Interference To Protect Against Unauthorized Audio Recording
Forrest McKee, David Noever
https://arxiv.org/abs/2404.04769

Safeguarding Voice Privacy: Harnessing Near-Ultrasonic Interference To Protect Against Unauthorized Audio Recording
The widespread adoption of voice-activated systems has modified routine human-machine interaction but has also introduced new vulnerabilities. This paper investigates the susceptibility of automatic speech recognition (ASR) algorithms in these systems to interference from near-ultrasonic noise. Building upon prior research that demonstrated the ability of near-ultrasonic frequencies (16 kHz - 22 kHz) to exploit the inherent properties of microelectromechanical systems (MEMS) microphones, our st…

Check out today's Metacurity for the major infosec developments you should know, including
--Biden to sign executive order limiting sales of Americans' sensitive data to China, other adversaries
--Global law enforcement partners warn Russians are hacking Ubiquiti EdgeRouters,
--Pharma giant Cencora hit by cyber incident,
--OpenAI claims NYT 'hacked' its products,
--Ransomware newcomer claims hack of Epic Games,
--LockBit gives Fulton County new deadline,
-- Feds warn of ALPHV attacks on healthcare,
--More groups exploit ScreenConnect flaws,
--much more
https://www.metacurity.com/p/biden-sign-executive-order-limiting-sales-americans-sensitive-data-china-adversaries

Code injection or backdoor: A new look at Ivanti's CVE-2021-44529 https://www.labs.greynoise.io/grimoire/2024-02-what-is-this-old-ivanti-exploit/