Connect with us


Sensitive data leaks from servers running Salesforce software.



According to mail published Friday by KrebsOnSecurity.

According to Brian Krebs, at least five separate sites run by the state of Vermont allowed access to sensitive data to anyone. Among those affected was the state unemployment assistance program in connection with the pandemic. It disclosed the applicants’ full names, social security numbers, addresses, phone numbers, email addresses, and bank account numbers. Like other organizations that provide public access to personal data, Vermont used Salesforce Community, a cloud-based software product designed to make it easy for organizations to quickly create websites.

Another affected Salesforce customer was Huntington Bank of Columbus, Ohio. He recently acquired TCF Bank, which used Salesforce Community to process commercial loans. Available data fields included names, addresses, social security numbers, job titles, federal IDs, IP addresses, average monthly wages, and loan amounts.

Both the state of Vermont and Huntington Bank became aware of the leak when the cancer contacted them for comment. In both cases, clients quickly closed public access to confidential information.

Salesforce community websites can be configured to require authentication so that a limited number of authorized people can access sensitive data and internal resources. Sites can also be configured so that anyone can gain unauthenticated access to view public information. Administrators sometimes inadvertently allow unauthenticated visitors to access areas of the website that are reserved for authorized employees only.

Salesforce told Krebs that it is providing clear instructions for customers to set up a Salesforce community to provide data access for unauthenticated guests. The company pointed to the resources Here, HereAnd Here.

Several people have refuted this claim. One of them is Vermont Information Security Director Scott Carby. He told Krebs that his team was “disappointed by the liberal nature of the platform”. Another critic is Doug Merrett, who first attempted to raise awareness two years ago about the ease of misconfiguring the Salesforce community. On Friday, he elaborated on the problem in a post titled Salesforce Communities Security Issue.

“The problem was that you could hack the URL to see the standard Salesforce pages — Account, Contact, User, etc.,” Merrett wrote. “This wouldn’t actually be a problem, except that the admin didn’t expect you to see the standard pages as they didn’t add objects related to the Aura community navigation and therefore didn’t create the appropriate page layouts to hide the margins that they don’t want the user to see.”

In Salesforce parlance, Aura refers to reusable user interface components that can be applied to selected parts of a web page, from a single line of text to an entire application.

Krebs said he learned about the leaks from security researcher Charan Akiri, who identified hundreds of organizations with misconfigured Salesforce sites. Akiri said that of the many companies and government organizations he reported, only five ended up fixing the problems. None of them were in the public sector.

One cancer organization notified was the government of Washington, D.C., which uses Salesforce Community for at least five DC Health public websites and leaked sensitive information. The county’s interim director of information security told Krebs that she had reviewed the findings of an outside consultant brought in to investigate. The third party, the CIO told Krebs, said the sites were not susceptible to data loss.

Cancer then provided a document with a healthcare worker’s social security number, which he downloaded from DC Health when he interviewed the director of information security. The chief information security officer then admitted that his team had overlooked some configuration settings.


AI search engines are more likely to get it wrong when they answer fluently.



Bing Chat generates responses based on information from the Internet


Researchers have found that if you think AI-powered search engines like Microsoft’s Bing Chat are providing you with useful answers, they’re probably wrong.

“In these modern systems, accuracy is inversely proportional to perceived utility,” says Nelson Liu at Stanford University. “Things that look better end up getting worse.”

Microsoft is just one of many companies offering AI-powered search tools that return results in digestible paragraphs that cite other websites rather than…

Continue Reading


Video Friday: Reflex Grasping – IEEE Spectrum



Video Friday is a weekly selection of amazing robotics videos collected by your friends on IEEE Spectrum robotics. We also publish a weekly calendar of upcoming robotics events for the next few months. Please send us your events for inclusion.

Robotics Summit and Exhibition: May 10-11, 2023 BOSTON
IKRA 2023: May 29 – June 2, 2023, LONDON.
Energy Summit on Drones and Robotics: June 10-12, 2023, HOUSTON
RoboCup 2023: July 4-10, 2023, BORDEAUX, FRANCE
RSS 2023: July 10-14, 2023, DAEGU, SOUTH KOREA.
IEEE ROMAN 2023: August 28-31, 2023 BUSAN, SOUTH KOREA
CLAVAR 2023: October 2-4, 2023, FLORIANOPOLIS, BRAZIL.
Humanoids 2023: December 12-14, 2023 Austin, TX

Enjoy today’s videos!

In an effort to make robots more agile, human-like, MIT engineers have developed a gripper that grips reflexively. Instead of starting from scratch after a failed attempt, the team’s robot instantly adapts to a reflex roll, palm, or grip on an object to better hold it.

[ MIT ]

Roboticists at the Max Planck Institute for Intelligent Systems in Stuttgart have developed a jellyfish-inspired underwater robot with which they hope to one day scavenge waste from the ocean floor. The near-silent prototype can hold objects under its body without physical contact, allowing safe interaction in delicate environments such as coral reefs. Jellyfish-Bot could be an important tool for environmental restoration.

[ Max Planck Institute ]

We are excited to share our latest collaboration on humanoid robot behavior with Draco 3. We look forward to the day when these robots can help us at home and at work with boring and time-consuming tasks!


This research focuses on the development of a new hybrid gripper that allows versatile gripping and ejection operations with a single drive. The grip contains a unique locking mechanism that actuates two passive rigid fingers to lengthen/release the connected elastic band. This arrangement provides the dual function of adapting to objects with different geometries, different surface contact force characteristics, and storing energy in the form of an elastic potential. The locking mechanism of the present invention can rapidly switch from quick release to gradual release of stored elastic potential, allowing for more acceleration of the object during throw and no acceleration upon placement. Thus, the object can be placed in the right place even farther than the reachable working space of the manipulator.

[ Paper ]

Thank you Nagamanikandan!

Animals (or at least many animals) are soft for a reason – it helps manage safe contact with the environment. Let’s make all robots soft!

[ Paper ]

Thanks, Fam!

This short video shows a drive by Ed Habtoor of the University of Washington modeled after the vertebrae of seabirds and snakes.

[ UW ]

Thank you Sara!

This video presents the results of an offline survey and visual inspection of a ballast tank inside a floating floating vessel. In particular, the RMF, a collision-resistant aerial robot implementing multi-modal SLAM and path planning functions, is placed inside the ship’s ballast and performs an autonomous inspection of 3 tank compartments without any prior knowledge of the environment other than a rough estimate of the geometric midpoint of each compartment. Such information is readily available and does not require access to hard-to-find CAD ship models. The mission is completed in less than 4 minutes and provides both a geometric mapping of these compartments and a visual inspection of them with certain clearance guarantees.

[ ARL ]

A team from Los Alamos National Laboratory recently visited the Haughton impact crater on Devon Island, Canada. This is the largest uninhabited island in the world. Nina Lanza and her team tested autonomous drones in a cold, Martian-like environment.

[ LANL ]

Well, when urban delivery drones can do this, maybe I will pay more attention to them.


Founded in 2014, Verity delivers fully autonomous indoor drone systems you can trust in environments where failure is impossible. Based in Zurich, Switzerland with global operations, Verity is used to complete thousands of fully offline inventory counts every day in warehouses around the world.

[ Verity ]

In this video you will learn about the ACFR Maritime Group and some of the research projects they are currently working on.

[ ACFR ]

I’m including this video because tea growing is great.


In this video, we demonstrate a Husky-based robot equipped with a Franka Research 3 robotic arm. Franka Emika’s Franka Research 3 is a world-class, force-sensing reference robotic system that provides researchers with easy-to-use robot features as well as low-level access to control capabilities. and robot training. The robot is also equipped with Clearpath’s IndoorNav Autonomy software, which provides reliable point-to-point autonomous navigation for mobile robots.

[ Clearpath ]

This talk is from the Tartan Planning series by Sebastian Scherer on the topic “Informative Path Planning, Exploration and Intention Forecasting”.

[ Air Lab ]

This HAI workshop at Stanford is hosted by Ussama Khatib on the theme “From Romeo and Juliet to OceanOnek; Deep sea robotic reconnaissance.

[ Stanford HAI ]

Continue Reading


Could Montana’s efforts block TikTok statewide?



The Republican Party-controlled Montana House of Representatives voted last week to ban TikTok statewide effective January 2024, becoming the first state to take such action against the Chinese app as its future in the US remains uncertain.

Last month, US House lawmakers on both sides questioned TikTok CEO Show Zi Chu about the company’s ties to China and the security of its user data in the US. And there is growing momentum for national action against TikTok.

This week alone, 17 Republicans in the US Congress wrote a letter Senate Committee on Rules and Administration and the House Administrative Panel asking for rules to prevent lawmakers from using the platform to communicate with voters, calling TikTok a “de facto spy app.” Political report.

TikTok is owned by China’s ByteDance and may be forced to hand over user data to the government under Chinese law, US lawmakers have warned. Critics of TikTok also argue that the platform could be used to promote and influence American public opinion on issues such as a potential conflict between China and Taiwan.

The company is incredibly popular in the US, with a registered US user base of over 150 million, and any attempts to ban it are likely to face legal and political backlash. It’s unclear if there will be a Montana bill that has yet to be signed into law by the governor. Greg Gianforte (right) – enforceable and how the state will control it. But if it goes into effect, it could serve as a key example of what could happen next across the country.

Montana’s ban will become law 10 days after it is passed on April 14 unless Gianforte blocks it. He has not announced his plans yet, though signed the law a ban on TikTok on government devices last year.

TikTok has criticized Montana’s latest bill as an attempt to “censor the American voice” and said the state does not have a “workable plan” for a ban.

“We will continue to fight for TikTok users and creators in Montana, whose livelihoods and First Amendment rights are at risk due to this flagrant abuse of government authority,” the company said in a statement.

Montana Attorney General Austin Knudsen, whose office wrote the bill, told The New York Times he expects the ban to be challenged in court and hopes the Supreme Court will ultimately decide his fate.

“I think this is the next frontier in First Amendment jurisprudence that should probably come from the U.S. Supreme Court,” Knudsen said.

While it’s hard to predict what the Supreme Court’s conservative overwhelming majority will do, prohibitionists will face an “uphill battle” over the strong protections offered by the First Amendment, said Caitlin Chin, a fellow at the Center for Strategic and International Studies. .

What does Montana’s ban do?

V check states that TikTok cannot operate in Montana. It also imposes a fine on TikTok and mobile app stores such as the Apple App Store if they allow users to download or access the platform.

The bill accuses TikTok of allowing the posting and even distribution of “dangerous content that encourages minors to engage in dangerous activities,” such as encouraging people to cook chicken at NyQuil. The bill states that TikTok “threatens the health and safety of Montana residents.”

Montana law also warns that the app can be used to spy on and locate journalists and politicians who could be targeted by the Chinese Communist Party.

The law will only be repealed if TikTok is sold to another company that is not registered in a country declared an enemy by the US.

China has previously expressed objection to the idea of ​​a TikTok forced sale. A spokesman for China’s Commerce Ministry told reporters last month that the move “would cause serious harm to investors from several countries, including China.”

How did the tiktokers react?

Montana resident Shona White Bear, who used TikTok to promote her leather moccasin business. touted by the company as an example of how it benefits small businessesexpressed shock at the statewide prohibition law.

She said U.S.-owned platforms like Facebook could also be misused, and the TikTok spinoff shows that Montana lawmakers are not well informed on the issue.

“If a generation that doesn’t understand the app votes for this, I don’t know if they should be making such important decisions,” Polar Bear. said CBS News affiliate KTVQ.

TikTok has urged its users to write to the governor to express their opposition to the ban and use the #MTLovesTikTok hashtag to educate their followers on what’s going on in the state.

“I think they are trying to convey the message that if TikTok is banned tomorrow, it will not be the Chinese government that will suffer, but TikTok users,” Chin said.

What are the technological problems of law enforcement?

One of the first versions of the bill provided for a fine for ISPs that allowed people to download and access TikTok. But lawmakers changed the text after an AT&T spokesman said while ISPs can grant users access to the Internet, they cannot control their activities.

The final version of the bill places the responsibility for enforcing the rule on mobile app stores.

But TechNet, a group that includes top tech companies like Apple and Google, has warned that enforcement of the Montana-only ban could be a challenge.

Knudsen disputed this argument. during an interview with Yahoo Finance Livestating that companies have been able to work out enforcement of sports and betting apps based on different state rules.

“This is the technology that exists,” Knudsen said. “There is a methodology. I understand that Apple and Google may not like this because they get a lot of Chinese money from TikTok. But that doesn’t change the fact that that’s how we’re going to enforce that rule.”

Another major problem with the bill’s enforcement is that users can easily bypass the state ban by using a virtual private network or VPN to change their IP address to make it look like they’re in a different location.

State Representative Cathy Sullivan (D) amended this would replace the ban with a rule preventing all social media companies from sharing U.S. user data with foreign adversaries, but that didn’t work.

Chin noted that even if TikTok is banned, many users will still post TikTok videos on other social media platforms such as Instagram and Youtube, which is another problem with the app being completely removed from the state.

What is the significance of this nationwide ban?

Chin said the Biden administration will likely monitor developments in Montana and the reactions of citizens and voters as it considers its own moves.

Former President Donald Trump launched his efforts to effectively ban TikTok through an executive order in Aug 2020 and again in January 2021. But push failed in courtPresident Joe Biden reply orders in 2021.

The White House avoids assessing TikTok by referring questions to the US Committee on Foreign Investment, which reviews foreign deals involving US companies on national security grounds. The committee reportedly called on TikTok’s Chinese owners to either sell their stake in the company or risk a nationwide ban.

“I do think what’s happening in Montana could definitely portend what could happen across the country if Congress or the Biden administration tries to push for a broader TikTok ban,” Chin said.

Continue Reading


Copyright © 2023 Millennial One Media.