一、美国军政要闻
1 美网络司令部“网络整合中心”落成
Inside the new, state-of-the-art U.S. cyberwarfare bunker美国国家安全局(NSA)和网络司令部(USCYBERCOM)的领导上周为网络整合中心(Integrated Cyber Center,简称 ICC)落成剪彩,负责整合美国及盟国网络行动的联合作战中心正式竣工。网络整合中心(ICC)是美国联邦政府为美国间谍和网络战士打击外国网络威胁配备的新物理基础设施,该中心位于美国马里兰州米德堡。ICC 将更好地同步和协调 NSA、网络司令部、美国其它政府机构及其盟国伙伴之间的网络行动,以消除分歧。 [cyberscoop, 2018年 5月8日]
The command post for any future U.S.-backed cyberwar is now officially open. Last week, NSA and U.S. Cyber Command leaders posed together and smiled for pictures during a ribbon-cutting ceremony to celebrate the completion of a new, state-of-the-art spy bunker named the “Integrated Cyber Center,” or ICC. Bland in name alone, the groundbreaking facility located inside Fort Meade in Maryland represents the latest step taken by the federal government to equip U.S. spies and a growing force of “cyberwarriors” with the physical infrastructure necessary to combat foreign threats online. [cyberscoop, 5/8/2018]
2 美网络司令部升级,日裔陆军上将任新司令
Pentagon's Cyber Command gets upgraded status, new leader
美国网络司令部当地时间2018年5月4日正式升级成为独立的联合司令部,日裔陆军上将保罗•中曾根(Paul Nakasone,又译作保罗•纳卡森)就任新司令,美国将越来越重视数字战,以应对俄罗斯等国带来的安全威胁。美国国防部副部长帕特里克•沙纳汉表示,“网络司令部升级为联合司令部”代表美国承认网络这个新的作战领域已经成熟。 [reuters,2018年5月4日]
The Pentagon’s cyber warfare unit received an elevated status and a new commander on Friday, signaling the growing importance of digital combat as the United States grapples with sophisticated hacking by Russia and other actors. Paul Nakasone took over leadership of U.S. Cyber Command. The change is “an acknowledgement that this new warfighting domain has come of age,” Deputy Defense Secretary Patrick Shanahan said. [reuters, 5/4/2018]
二、前沿技术
1 Facebook秘密进行卫星网络计划
Facebook May Have Secret Plans to Build a Satellite-Based Internet社交网络巨头Facebook可能很快就会加入SpaceX和OneWeb的行列,通过轨道上的卫星为地球提供互联网服务。美国联邦通信委员会(FCC) 中披露了一家名为PointView Tech LLC的隐形公司,它正投入数百万美元研发实验卫星。PointView似乎只存在于纸面上。事实上,这家小公司似乎是Facebook的新子公司。PointView估计,其电子频带(E-band)系统的传输速度将达到每秒10千兆。该公司在申请文件中称: “PointView的目的是了解使用电子频带系统是否可被用于为缺少或没有网络服务的地区提供固定和移动宽带接入服务。” [IEEE Spectrum,2018年5月2日]
A filing with the Federal Communications Commission (FCC) last week revealed details of a multi-million dollar experimental satellite from a stealthy company called PointView Tech LLC. PointView appears to exist only on paper. In fact, the tiny company seems to be a new subsidiary of Facebook. The company estimates its E-band system will deliver up to 10 gigabits per second. “PointView is aiming to understand whether a... system using E-band spectrum can be used for the provision of fixed and mobile broadband access in unserved and underserved areas,” it wrote in the FCC application. [IEEE Spectrum, 5/2/2018]
2 AI网络武器化,威力有多大
How powerful is AI network在刚刚结束的 Build 2018 开发者大会上,微软宣布了 Visual Studio 的一项新功能 —— Visual Studio IntelliCode 。微软称 IntelliCode 是一套 AI 辅助功能,可通过上下文智能感知,代码样式的推理和执行等功能提高开发人员的工作效率。IntelliCode 通过使用经过数千个公共代码库培训的机器学习模型生成建议,而且会随着你编写代码的增长,从而变得更加准确。它会根据上下文给出编程建议,而不是简单根据字母排序推荐 API 。 [MSDN, 2018年5月7日]
Microsoft Build 2018 released a new feature on Visual Studio, Visual Studio IntelliCode. IntelliCode is a set of AI-assisted capabilities that improve developer productivity with features like contextual IntelliSense, inference and enforcement for code styles, and focused reviews for your pull requests (PRs.) IntelliCode generates recommendations by using a machine-learning model that is trained on thousands of public codebases. It will be growing and improving the model over time so the recommendations will get better as we progress. [MSDN, 5/7/2018]
三、产业动态
1 RSA2018安全大会热议物联网设备安全
IOT Security Concerns Peaking-with no end in sight随着联网设备逐渐走进人们的数字生活,物联网(IoT)安全也就成了2018 RSA安全大会的热门话题。赛门铁克产品管理资深总监约翰·库克表示,如今的大量物联网设备的制造商更像是“淘金热”,每个人都想快速捞金。IDC 市场研究公司表示,物联网智能家居设备市场相当诱人,将成为第四大行业,预计的消费者物联网支出2018年将达到620亿美元(约合人民币3900亿元)。尽管如此,大多数设备的设计并未考虑安全性。[threatpost, 2018年4月19日]
With the massive influx of connected devices into our digital lives, it’s no surprise that IoT security was on the forefront of the 2018 RSA Conference this year. “A lot of the manufacturing behind IoT devices today feels like the Gold Rush… everyone wants to get there in a hurry,” said John Cook, senior director of product management at Symantec. IoT smart home devices make up a particularly lucrative market, with consumer IoT spending set to reach $62 billion in 2018, making it the fourth largest industry segment, according to market research firm IDC. However many of these devices are built with little to no security in mind. [threatpost, 4/19/2018]
2 全球最大的DDoS市场被关闭,欧洲DDoS攻击下降60%
DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown
DDoS防护公司Link11表示,随着全球最大的DDoS市场WebStresser被关闭,整个欧洲DDoS攻击下降了60%。该服务于4月24日正式被关闭,在欧洲刑警组织协调下的多个执法机构扣押了服务器,逮捕了犯罪嫌疑人,并关闭了网站WebStresser.org。通过这个网站,任何用户都可以注册使用,在线支付租用防护装置和攻击节点,可发起对其他网站的DDoS攻击。 [bleepingcomputer, 2018年5月2日]
Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. The service was taken down last week, on April 24, when several law enforcement agencies across Europe, under Europol coordination, seized servers, arrested suspects, and shut down the website WebStresser.org, a popular portal where Internet users would go to register, pay for accounts, and launch DDoS attacks against other websites. [bleepingcomputer, 5/2/2018]
四、硅谷群英
1 Google I/O大会:谷歌研究院(Google Research)变成谷歌人工智能(Google AI)
Google I/O: Google Research becomes Google AI
谷歌已经将整个谷歌研究院(Google Research)部门重新命名为谷歌人工智能(Google AI),该公司正在积极发展新兴的人工智能领域。谷歌是在本周的Google I/O开发者大会之前宣布这一调整的,此举表明谷歌对于人工智能有多么重视,它包含了诸如计算机视觉、深度学习和语音识别等技术。 [Forbes, 2018年5月8日]
Google has rebranded the whole of its Google Research division to Google AI as the company aggressively pursues developments in the burgeoning field of artificial intelligence. The change, announced ahead of its Google I/O developers conference this week, shows just how serious Google is when it comes to AI, which encompasses technologies such as computer vision, deep learning, and speech recognition. [Forbes, 5/8/2018]
2 Facebook已成立专门的人工智能道德团队
Facebook Reportedly Has A Dedicated AI Ethics Team
Facebook拥有一支专注于人工智能开发伦理的 “特殊” 团队。人工智能将在未来几十年对世界产生深远影响,Facebook希望监管机构和公众知道他们现在正在采取措施确保人工智能的安全性和道德发展。Facebook目前在其平台上使用人工智能,例如利用人工智能识别照片中的人脸,检测可能有自杀倾向的人,并删除低俗的内容。 [Forbes, 2018年5月10日]
Facebook has a "special" team of people looking at the ethics of artificial intelligence (AI) development. AI is set to have a profound impact on the world in the coming decades and technology giants want regulators and the public to know they are taking steps now to ensure it is developed safely and ethically. Facebook currently uses AI across its platform. For example, it uses it to recognize people's faces in photos, to detect people who may be at risk of suicide, and to remove abusive posts. [Forbes, 5/10/2018]
五、硅谷之声
Fitbit 公司的安全资深总监马克· 鲍恩指出 IoT设备的问题是,物联网设备有太多组件,包括处理器、云与Web服务、设备与应用程序,这导致很难兼顾所有这些组件的安全问题。系统的每部分都至关重要,漏洞可能就存在于应用程序、平台、设备、传感器和云中。许多设备制造商升级物联网设备安全性的第一个步骤是了解设备的使用方式,并利用对设备的了解创建威胁模型。鲍恩指出,设备制造商有必要创建威胁模型以考虑保护设备的所有情形。
There are so many components around IoT devices – including processors, cloud and web services, devices and apps, that manufacturers struggle to juggle these various aspects when it comes to security, said said Marc Bown, senior director of security at Fitbit. “Each part of the system is important,” he stressed, as vulnerabilities can lie in apps and platforms, devices, sensors and the cloud. The first step that many device manufacturers can take to upgrade security in their IoT devices is understanding how the device will be used, and using that understanding while creating threat modeling, he said. “Doing some threat modeling is really important,” Bown said. “Manufacturers need to think of all the situations where devices can protect themselves in, and fully understand the context.”
,